Privacy Policy

Last Updated: December 2025

Overview

Recursive Systems Labs ("we," "us") operates ruha.io and develops EMA (Electronic Mental Health Application), a clinical support system for mental health practitioners.

We design EMA to support clinical work without surveillance, analytics on clinical content, or secondary data use.

This Privacy Policy describes how information is handled on ruha.io and within EMA.

Information We Collect

Public Website (ruha.io)

• Basic server logs (IP address, request time, user agent) for security and reliability
• No tracking cookies
• No advertising or analytics scripts

EMA Application

EMA processes information entered by clinicians and clients solely to support clinical workflows. This may include:

• Client demographic information
• Intake forms and clinical documentation
• Scheduling and communication metadata
• Authentication and security logs

Phone Numbers

We collect mobile phone numbers only when voluntarily provided by users for the purpose of account security and appointment notifications. Phone numbers are not used for marketing and are not shared with third parties except as required to deliver SMS messages through our telecommunications provider.

How Information Is Used

Information is used only to:

• Provide EMA's clinical functionality
• Maintain system security and integrity
• Meet legal and compliance obligations

We do not:

• Analyze clinical content for behavioral metrics
• Sell or license data
• Use data for advertising
• Train machine learning or AI models on clinical data
• Generate productivity scores or performance analytics

Telehealth & Communications

• Telehealth sessions are not recorded or transcribed by default
• Messages are delivered only as intended by the clinician
• No session content is monitored or analyzed

SMS Communications

If you provide a mobile phone number, EMA may send you SMS messages related to account security (such as one-time passcodes) and appointment notifications. SMS messages are strictly transactional and operational in nature.

We do not send marketing messages via SMS. Message frequency varies. Message and data rates may apply.

SMS messages are delivered via a telecommunications service provider. Phone numbers and message metadata are shared only with this provider for the sole purpose of message delivery and compliance with carrier requirements.

You may opt out of SMS messages at any time by replying STOP. You may request help by replying HELP.

No Sale of Personal Information

EMA does not sell, rent, or share personal information, including phone numbers, for marketing or advertising purposes.

Data Access & Control

Clinicians retain control over their data.

• Data export options are available
• Self-hosting options may be provided
• Access is role-based and audited

Legal & Compliance

EMA is designed to support HIPAA-aligned workflows. Where applicable, Business Associate Agreements (BAAs) are available.

Data Retention

We retain information only for as long as necessary to fulfill the purposes described in this policy, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods are determined based on the nature of the data and applicable requirements, including HIPAA minimum necessary standards and healthcare record retention laws.

SMS message content is not stored beyond delivery confirmation and audit logging requirements. Phone numbers are retained only while an active account relationship exists or as required by law.

Changes

This policy may be updated as EMA evolves. Changes will be reflected on this page.

Contact

For questions about this Privacy Policy or our SMS practices, contact us at [email protected].