My Elara
Get Started

Privacy Policy

How we handle your information.

Last updated: April 17, 2026 · Effective: April 17, 2026

Draft document

This is a scaffolded policy intended to be finalized by qualified legal counsel before publication. Language here is a starting point, not a final legal commitment. References to [Operator Legal Name] must be replaced with the actual operating entity once determined. Nothing on this page should be relied upon as legal advice.

This Privacy Policy explains how [Operator Legal Name](“we”, “us”, “our”), the operator of the My Elara platform (the “Service”), collects, uses, discloses, and protects information. We take the privacy of clinicians, practices, and clients seriously and have designed My Elara to meet HIPAA and other applicable privacy and security standards.

1. Who we are

My Elara is operated by [Operator Legal Name], founded by Miguel Salinas. For questions about this policy, contact us at privacy@myelara.ai.

2. Information we collect

From clinicians and practice administrators

  • Account information (name, email, practice name, license details)
  • Billing and payment information (processed by our payment provider)
  • Content you create on the platform (notes, templates, assessments)
  • Usage data (features accessed, timestamps, device and browser info)

From clients

  • Account information provided during invitation acceptance
  • Content you create (journal entries, homework responses, assessment responses)
  • Communications with your clinician through the platform
  • Usage data

We do not sell, rent, or trade personal information to third parties. We do not use client journal entries, messages, or other protected health information (PHI) to train or improve any AI model.

3. How we use information

  • To provide and maintain the Service
  • To enable communication between clinicians and their clients
  • To generate personalized insights, reminders, and recommendations within the Service
  • To process billing and manage subscriptions
  • To improve the Service, using aggregated and de-identified data only
  • To comply with legal obligations and respond to lawful requests

4. HIPAA & Protected Health Information

When a practice or clinician uses My Elara, we act as a Business Associate under HIPAA. We enter into a Business Associate Agreement (BAA) with each practice. PHI is:

  • Encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Logged on every access via immutable audit logs
  • Tenant-isolated so practices never see other practices' data
  • Retained only as long as necessary for the purpose it was collected

5. Sharing and disclosure

We share information only in these circumstances:

  • With your clinician (for clients) or your practice (for clinicians), within the Service
  • With subprocessors who support our infrastructure (hosting, email, payments), each bound by contract
  • When required by law, court order, or to protect safety
  • With your explicit consent

6. Your rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Withdraw consent or object to processing

To exercise these rights, email privacy@myelara.ai. We will respond within 30 days.

7. Data retention

We retain PHI and clinical records for the duration required by applicable law and by the terms of each practice's BAA. When an account is closed, we delete or de-identify personal information within a reasonable period unless retention is required by law.

8. Security

We follow industry-standard security practices, including encryption, access controls, audit logging, and regular security assessments. No system is perfectly secure; report suspected vulnerabilities to security@myelara.ai.

9. Children

My Elara is intended for adult clients. Minor clients may use the Service only when a parent or legal guardian has consented and the clinician has confirmed compliance with applicable laws.

10. Changes to this policy

We may update this policy to reflect changes in the Service or applicable law. We will notify account holders of material changes by email and update the “Last updated” date at the top of this page.

11. Contact

[Operator Legal Name]
privacy@myelara.ai

Back to home