1. Introduction
Important clarification
Witness is a coaching platform. We provide reflection, guidance, and support—not therapy or healthcare services. While we follow HIPAA-minded security practices, our service may not be considered a “covered entity” under HIPAA regulations. However, we voluntarily adopt strict privacy and security measures to protect your sensitive information.
This notice describes how we approach privacy and security for the information you share on Witness, including audio and video submissions. For full details on collection, use, and sharing, see our Privacy Policy.
2. Security Practices
We apply the following safeguards to protect submissions and account data:
Encryption
All recordings and personal data are encrypted in transit (TLS 1.3) and at rest (AES-256). Your files are never accessible in unencrypted form.
Access controls
Only the coach assigned to your submission can access your recordings. Access is logged and audited. Administrative staff cannot view your recordings.
Retention & deletion
Recordings are automatically deleted 90 days after feedback delivery. You can request immediate deletion at any time.
Coach agreements
All coaches on our platform sign confidentiality agreements and agree to handle your information with appropriate care.
3. Your Rights
You have the right to:
- Access: Request a copy of the information we have about you
- Amendment: Request corrections to inaccurate information
- Deletion: Request deletion of your recordings and personal data
- Restriction: Request that we limit how we use your information
- Portability: Receive your data in a commonly used format
- Disclosure accounting: Request a record of who has accessed your information
To exercise these rights, contact us using the information in Section 6 or through your account settings where available.
4. How We Protect Your Information
- Multi-factor authentication for accounts where enabled
- Regular security assessments and penetration testing
- Secure data centers with physical access controls
- Employee training on privacy and security practices
- Incident response procedures for potential breaches
5. Breach Notification
In the unlikely event of a data breach that affects your information, we will notify you within 72 hours via email and provide information about what happened and steps you can take.
6. Contact
For questions about your privacy rights or to exercise any of your rights:
Witness
Email: hello@witness.care
Phone: 801-999-8131
You can also reach us through our contact page. For terms governing use of the Service, see our Terms of Service.