Ginger.io is a Covered Entity that follows the HIPAA and GDPR Data Minimization and Privacy By Design principles to collect a limited set of member data required for delivering care. This includes the member's name, email address, and a unique access token. Minimal device-related details are collected from the mobile apps for service delivery, security monitoring, and intrusion detection purposes, including IP Address, device type (iPhone vs. Android), and Operating System versions.
Ginger.io collects the chat transcript data between the coaches and the members to provide the history and context to the coaches to deliver behavioral coaching to the members. For the cases where the member is required to be elevated to the clinical care levels of therapy and/or psychiatry, additional clinical data is collected from the members as required for the standard clinical procedures.