Your Privacy Matters

Privacy Policy

InterpretReflect is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

Last updated: February 20, 2026

Privacy at a Glance

Your data is yours

Export or delete anytime

We never sell your data

No third-party data sales, ever

Encrypted at rest & in transit

AES-256 encryption standard

HIPAA-aligned practices

Healthcare-grade data handling

1. Information We Collect

Account Information

• Email address and name (for account creation)
• Professional credentials (RID number, certifications)
• Work settings and experience level
• Billing information (processed securely via Stripe)

Usage Data

• Assignment preparation and debrief notes
• Conversations with Elya (our AI assistant)
• CEU workshop progress and completions
• Wellness check-ins and reflections

Technical Data

• Device type and browser information
• IP address (for security purposes)
• Session data and access logs

2. How We Use Your Information

•Service Delivery: To provide AI-powered prep and debrief assistance, CEU tracking, and wellness monitoring
•Personalization: To tailor Elya's responses to your experience level and work settings
•CEU Compliance: To track and report continuing education credits to RID
•Communication: To send service updates, security alerts, and (with consent) educational content
•Improvement: To enhance our AI models and service quality (using anonymized, aggregated data only)

3. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We only share data with:

•Supabase: Our database and authentication provider (SOC 2 Type II certified)
•Anthropic (Claude): Primary AI provider for Elya conversations (no personal data stored by Anthropic)
•OpenAI: Backup AI provider used when the primary service is temporarily unavailable (same data handling standards apply)
•Stripe: For secure payment processing (PCI DSS Level 1 certified)
•RID: CEU completion data (only with your explicit authorization)
•Your Agency: Limited data sharing based on your privacy preferences (you control what's shared)
•Encharge: Email communications and onboarding sequences (email address and engagement events)
•Resend: Transactional email delivery (email address and notification content)
•Sentry: Error monitoring and application performance (anonymized error context, no personal content)
•Google Analytics & Meta Pixel: Website usage analytics (only with your cookie consent; no personal data shared)

4. Google Calendar Integration

InterpretReflect offers optional Google Calendar integration to help you import your interpreting assignments. This section explains how we handle your Google Calendar data.

What We Access

• Calendar events: We read your calendar events to display them for import selection
• Event details: Title, date, time, location, and description of events you choose to import
• We only access calendars you explicitly authorize

How We Use This Data

• To display your calendar events so you can select which ones to import as assignments
• To create assignment records in InterpretReflect based on the events you select
• We do not modify, delete, or create events in your Google Calendar
• We do not share your calendar data with any third parties

Data Storage & Retention

• Calendar authentication tokens are stored securely and encrypted
• Imported assignment data is stored as part of your InterpretReflect account
• We do not cache or store your full calendar data beyond the import session
• You can disconnect your Google Calendar at any time in Settings → Integrations

Revoking Access

You can revoke InterpretReflect's access to your Google Calendar at any time:

• In InterpretReflect: Go to Settings → Integrations → Disconnect Google Calendar
• In Google: Visit Google Account Permissions and remove InterpretReflect

Google API Services User Data Policy: InterpretReflect's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Encrypted database backups

Access Controls

• Row-level security (RLS) policies
• Role-based access control
• Multi-factor authentication available

Infrastructure

• SOC 2 Type II certified hosting
• Regular security audits
• Automated vulnerability scanning

Monitoring

• 24/7 security monitoring
• Incident response procedures
• Audit logging for compliance

6. Your Rights & Choices

Access Your Data

View and download all data we have about you

Correct Your Data

Update or correct inaccurate information

Delete Your Data

Request complete deletion of your account and data

Export Your Data

Download your data in a portable format

Control Sharing

Manage what data is shared with your agency

To exercise these rights, visit your account settings or contact us at info@buildingbridgeslearning.com

7. Data Retention

We retain your data for as long as your account is active, plus:

•CEU Records: 6 years (per RID compliance requirements)
•Financial Records: 7 years (tax compliance)
•Security Logs: 90 days
•Conversation History: Until you delete it or close your account

After account deletion, we remove personal data within 30 days, except where retention is legally required.

8. HIPAA & Healthcare Data

While InterpretReflect is not a covered entity under HIPAA, we recognize that interpreters often work in healthcare settings. We implement HIPAA-aligned practices:

•We do not require or store Protected Health Information (PHI) about consumers
•Assignment notes are stored with healthcare-grade encryption
•We can execute Business Associate Agreements (BAAs) with covered entities upon request
•Our AI (Elya) is designed to support reflection without requiring PHI disclosure

For BAA inquiries, contact info@buildingbridgeslearning.com

9. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: info@buildingbridgeslearning.com

Address: HuVia Technologies, LLC

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and/or a prominent notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

Privacy Policy

InterpretReflect is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

Last updated: February 20, 2026

Privacy at a Glance

Your data is yours

Export or delete anytime

We never sell your data

No third-party data sales, ever

Encrypted at rest & in transit

AES-256 encryption standard

HIPAA-aligned practices

Healthcare-grade data handling

1. Information We Collect

Account Information

• Email address and name (for account creation)
• Professional credentials (RID number, certifications)
• Work settings and experience level
• Billing information (processed securely via Stripe)

Usage Data

• Assignment preparation and debrief notes
• Conversations with Elya (our AI assistant)
• CEU workshop progress and completions
• Wellness check-ins and reflections

Technical Data

• Device type and browser information
• IP address (for security purposes)
• Session data and access logs

2. How We Use Your Information

•Service Delivery: To provide AI-powered prep and debrief assistance, CEU tracking, and wellness monitoring
•Personalization: To tailor Elya's responses to your experience level and work settings
•CEU Compliance: To track and report continuing education credits to RID
•Communication: To send service updates, security alerts, and (with consent) educational content
•Improvement: To enhance our AI models and service quality (using anonymized, aggregated data only)

3. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We only share data with:

•Supabase: Our database and authentication provider (SOC 2 Type II certified)
•Anthropic (Claude): Primary AI provider for Elya conversations (no personal data stored by Anthropic)
•OpenAI: Backup AI provider used when the primary service is temporarily unavailable (same data handling standards apply)
•Stripe: For secure payment processing (PCI DSS Level 1 certified)
•RID: CEU completion data (only with your explicit authorization)
•Your Agency: Limited data sharing based on your privacy preferences (you control what's shared)
•Encharge: Email communications and onboarding sequences (email address and engagement events)
•Resend: Transactional email delivery (email address and notification content)
•Sentry: Error monitoring and application performance (anonymized error context, no personal content)
•Google Analytics & Meta Pixel: Website usage analytics (only with your cookie consent; no personal data shared)

4. Google Calendar Integration

InterpretReflect offers optional Google Calendar integration to help you import your interpreting assignments. This section explains how we handle your Google Calendar data.

What We Access

• Calendar events: We read your calendar events to display them for import selection
• Event details: Title, date, time, location, and description of events you choose to import
• We only access calendars you explicitly authorize

How We Use This Data

• To display your calendar events so you can select which ones to import as assignments
• To create assignment records in InterpretReflect based on the events you select
• We do not modify, delete, or create events in your Google Calendar
• We do not share your calendar data with any third parties

Data Storage & Retention

• Calendar authentication tokens are stored securely and encrypted
• Imported assignment data is stored as part of your InterpretReflect account
• We do not cache or store your full calendar data beyond the import session
• You can disconnect your Google Calendar at any time in Settings → Integrations

Revoking Access

You can revoke InterpretReflect's access to your Google Calendar at any time:

• In InterpretReflect: Go to Settings → Integrations → Disconnect Google Calendar
• In Google: Visit Google Account Permissions and remove InterpretReflect

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Encrypted database backups

Access Controls

• Row-level security (RLS) policies
• Role-based access control
• Multi-factor authentication available

Infrastructure

• SOC 2 Type II certified hosting
• Regular security audits
• Automated vulnerability scanning

Monitoring

• 24/7 security monitoring
• Incident response procedures
• Audit logging for compliance

6. Your Rights & Choices

Access Your Data

View and download all data we have about you

Correct Your Data

Update or correct inaccurate information

Delete Your Data

Request complete deletion of your account and data

Export Your Data

Download your data in a portable format

Control Sharing

Manage what data is shared with your agency

To exercise these rights, visit your account settings or contact us at info@buildingbridgeslearning.com

7. Data Retention

We retain your data for as long as your account is active, plus:

•CEU Records: 6 years (per RID compliance requirements)
•Financial Records: 7 years (tax compliance)
•Security Logs: 90 days
•Conversation History: Until you delete it or close your account

After account deletion, we remove personal data within 30 days, except where retention is legally required.

8. HIPAA & Healthcare Data

While InterpretReflect is not a covered entity under HIPAA, we recognize that interpreters often work in healthcare settings. We implement HIPAA-aligned practices:

•We do not require or store Protected Health Information (PHI) about consumers
•Assignment notes are stored with healthcare-grade encryption
•We can execute Business Associate Agreements (BAAs) with covered entities upon request
•Our AI (Elya) is designed to support reflection without requiring PHI disclosure

For BAA inquiries, contact info@buildingbridgeslearning.com

9. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: info@buildingbridgeslearning.com

Address: HuVia Technologies, LLC

Privacy Policy

Privacy at a Glance

1. Information We Collect

Account Information

Usage Data

Technical Data

2. How We Use Your Information

3. Data Sharing & Third Parties

4. Google Calendar Integration

What We Access

How We Use This Data

Data Storage & Retention

Revoking Access

5. Data Security

Encryption

Access Controls

Infrastructure

Monitoring

6. Your Rights & Choices

7. Data Retention

8. HIPAA & Healthcare Data

9. Contact Us

10. Changes to This Policy

Related Documents

Privacy Policy

Privacy at a Glance

1. Information We Collect

Account Information

Usage Data

Technical Data

2. How We Use Your Information

3. Data Sharing & Third Parties

4. Google Calendar Integration

What We Access

How We Use This Data

Data Storage & Retention

Revoking Access

5. Data Security

Encryption

Access Controls

Infrastructure

Monitoring

6. Your Rights & Choices

7. Data Retention

8. HIPAA & Healthcare Data

9. Contact Us

10. Changes to This Policy

Related Documents