🔔 The short version: Vasl collects the minimum data necessary to provide emotional health support. We never sell your data. We never show AI-generated signals to members. Raw conversation text is never stored. You can delete your data at any time.
Vasl Health, Inc. (“Vasl,” “we,” “us,” or “our”) is an emotional health technology company headquartered in Los Angeles, California. We operate a digital emotional health platform that serves individuals, partner organizations (including universities, YMCAs, and community-based organizations), licensed therapists, and certified coaches.
For purposes of HIPAA, Vasl functions as a Business Associate to partner organizations that are Covered Entities. We also act as a Covered Entity in certain direct-care relationships where we employ or supervise licensed clinical staff.
Contact us at: privacy@gotovasl.com
This Privacy Policy applies to:
If you are under 18, additional protections apply. See Section 12 (Children & Minors).
Partner organizations may share your name and email address with us to provision your account. They do not have access to your individual session content, assessment results, or any AI-generated signals about you.
We do not use your information for advertising, sell it to third parties, or use it to train AI models without your explicit written consent.
🧠 Critical to understand: Our AI Language Analysis Platform (VLAP) analyzes text you share on the platform to help clinical staff identify when someone may need support. Members never see AI scores, flags, or signals about themselves. The AI is a tool for clinicians, not for you.
VLAP processes text from peer group posts, mood journal entries, and coach chat messages. It is trained to recognize culturally-specific distress signals — language patterns that may indicate psychological distress, isolation, or crisis — particularly in BIPOC, LGBTQIA+, and underserved youth communities.
Only structured output is retained: a risk tier (low, moderate, high, or crisis), a list of signal codes that fired, and SHAP attribution spans (short text fragments, maximum 5 words, used to explain the AI output to clinicians). No complete sentences or paragraphs of your writing are stored by the AI system.
Every high-risk or crisis-tier AI flag requires review by a licensed clinician within 24 hours (high-risk) or 90 minutes (crisis). No AI flag alone results in any action being taken. A human always decides what happens next.
AI analysis requires your active consent, which you provide during onboarding. You may withdraw this consent at any time. If you do, all AI-generated data about you is deleted within 24 hours, and your text is no longer analyzed. This does not affect your access to peer groups, coaching, or therapy.
Your assigned therapist and coach have access to your assessment results, session notes, and AI-generated clinical signals relevant to your care. This is necessary to provide you with appropriate support.
We use trusted third-party vendors to operate the platform. These vendors are bound by Business Associate Agreements (BAAs) or Data Processing Agreements and are only permitted to process your data as directed by us:
We may disclose your information if required by law, court order, or to comply with mandatory reporting obligations under state mental health laws (e.g., duty to warn, duty to report). We will notify you of such disclosures to the extent permitted by law.
If a clinician determines that you are in imminent danger of harming yourself or others, we may share necessary information with emergency services. This is a clinical decision made by a licensed human professional, not an automated AI action.
Your partner organization (e.g., your university or YMCA) receives only aggregate, anonymized population-level reports. They never see your individual records, conversation content, session notes, or AI signals.
We retain different types of data for different periods based on clinical necessity and legal requirements:
You may request deletion of your account and personal data at any time (see Section 9). Clinical records may be subject to minimum retention requirements under state law even after you request deletion; we will inform you if this applies.
You have the right to request a copy of the personal information we hold about you. Submit requests to privacy@gotovasl.com. We will respond within 30 days.
You may update your profile information at any time through the app. To correct clinical records, contact your assigned therapist or email us.
You may request deletion of your account and associated personal data. Clinical records may be subject to minimum retention requirements under state law. We will inform you of any records we are legally required to retain.
You may withdraw consent for AI analysis at any time through Privacy Settings in the app. All AI-generated data about you will be deleted within 24 hours. Your access to the platform is not affected.
You may request a machine-readable copy of your personal data. We will provide this within 30 days of your request.
California residents have additional rights under the California Consumer Privacy Act, including the right to know, the right to delete, and the right to opt out of sale. We do not sell personal information. To exercise your rights, contact privacy@gotovasl.com.
Email privacy@gotovasl.com with the subject line “Privacy Request” and your request type. We will verify your identity before processing the request.
We implement industry-standard security measures appropriate for a HIPAA-regulated healthcare platform:
No system is perfectly secure. In the event of a data breach affecting your information, we will notify you as required by HIPAA (within 60 days of discovery) and applicable state breach notification laws.
Vasl is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA). Your health information constitutes Protected Health Information (PHI) under HIPAA and is handled accordingly.
Your HIPAA rights include:
To exercise these rights, contact our Privacy Officer at privacy@gotovasl.com.
You have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA rights have been violated. We will not retaliate against you for filing a complaint.
HHS OCR complaint portal: hhs.gov/hipaa/filing-a-complaint
🔔 Vasl serves teenagers (ages 13+) through partner organizations. If you are under 18, special protections apply to your data.
Vasl does not directly enroll children under 13. Members aged 13–17 are enrolled through partner organizations (schools, YMCAs, community programs) which have obtained appropriate parental or institutional consent as required by law, including COPPA and FERPA where applicable.
For members under 18:
If you believe a child has been enrolled without appropriate consent, contact privacy@gotovasl.com immediately.
We use a minimal set of cookies necessary to operate the platform:
We do not use advertising cookies, tracking pixels, or third-party analytics that share your data with advertisers. We do not use Google Analytics on pages where you are logged in to the platform.
You may disable cookies in your browser settings. Disabling session cookies will prevent you from logging in.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
Your continued use of Vasl after the effective date of the revised policy constitutes your acceptance of the changes. If you do not agree, you may close your account before the effective date.
Vasl Health Privacy Office
Email: privacy@gotovasl.com
Response time: within 5 business days for general inquiries; within 30 days for formal privacy requests
For urgent safety concerns: safety@gotovasl.com
For HIPAA-specific complaints: hipaa@gotovasl.com