Privacy Policy

Updated April 28, 2023

At torchlight.care (the "Site”), EnCompass Education Solutions, Inc., dba Torchlight, a Lifespeak company, and operator of the Site ("Torchlight", and also referred to in these terms as "we", "us", "our", or similar terms) understands that sharing your personal information online requires a great deal of trust. We take online privacy extremely seriously, and we strive to ensure the security and confidentiality of your personal information on the Site as detailed in this Privacy Policy. This Privacy Policy discusses, among other things, how data obtained during your visit to the Site may be collected and used. By visiting and using the Site, you affirm that you are of sufficient legal age to create and are fully able and competent to form a binding contract and that you agree to be bound by the terms of this Privacy Policy. This Privacy Policy is incorporated into and subject to the Terms of Service governing the use of this Site. We recommend that you read this Privacy Policy carefully. If you do not accept the terms of this Privacy Policy, you are directed to discontinue accessing or otherwise using the Site or any materials obtained from it. If you are dissatisfied with the Site, your only recourse is to disconnect from the Site and to refrain from visiting the Site in the future.

This Privacy Policy applies to the Site only. Since the Site contains links to other websites ("External Links") not protected under this Privacy Policy, once you click on an External Link, whether through an advertisement, content link, or any other means, you will no longer be on this Site and will no longer be protected under this Privacy Policy. Torchlight is not responsible for the privacy practices of the other sites to which we link, so we encourage you to carefully read and fully understand the privacy terms of every website you visit through an External Link contained on the Site.

If you use the Site without registering, the only information we will collect will be Non-Personal Information (as defined below) such as through the use of Cookies and/or Advertising Trackers (as such terms are defined below). If you choose to register with the Site, we require you to submit some basic personal information, and you are responsible for ensuring the accuracy of the identifiable information you submit to Torchlight. Inaccurate information will affect the information you receive when using the Site as well as our ability to contact you as described in this Privacy Policy. If, for instance, your email address is not current, we may be completely unable to contact you.

We reserve the right to make non-material changes to this Privacy Policy that do affect your Personally Identifiable Information (as defined below), in which case Torchlight is under no obligation to notify you of such changes. We will inform you if we make a significant change to this Privacy Policy (i.e., a change that expands the permissible uses or disclosures of Personally Identifiable Information) by either sending a notice to the email address you provided to us or by placing a prominent notice on the Site. Your continued use of the Site following the provision of such notice will indicate your acceptance of these changes.

Torchlight has designed the Site to comply with applicable data protection standards such as SOC2 Type II, HIPAA, CCPA, GDPR, and PIPEDA. Privacy laws vary from country to country and may differ depending on your location. Torchlight has data centers in both the United States and Canada. Your organization will decide where your data is located, i.e., the United States, Canada, or both. In most cases, your data is stored in the same country where your corporate headquarters is located.

Collection of Non-Personal Information

Even if you do not register with the Site to become a member, we reserve the right to collect non-personally identifiable information about you ("Non-Personal Information"), which Non-Personal Information may be obtained by the use of Cookies and Advertising Trackers (as defined below) when you use the Site. Such Non-Personal Information generally is collected for all users, but does not personally identify you by name.

a. Cookies.

When you use the Site, we may use "Cookies", small packets of information and anonymous identification numbers that a website’s computer stores on your computer, in any one or more of the following ways: (1) to dynamically generate the content we display for you; (2) to monitor how many users open our emails; (3) to monitor how many users explore which pages of the Site; (4) to monitor how many users click on which advertisements and to dynamically generate advertisements that are most relevant to you; (5) to facilitate the login process; (6) to aid with navigation of the site; and (7) to serve as session timers. You can always choose not to receive a Cookie file by enabling your web browser to reject Cookies or to prompt you before accepting a Cookie. Please note that if you refuse to accept Cookies from the Site, you may be unable to access many of the features or specific tools offered on the Site, even though you generally still should be able to use the Site effectively and productively. In short, Cookies help us to deliver the content to you that is most relevant to your queries. We do not connect Non-Personal Information from Cookies to Personally Identifiable Information without your permission, and we do not use Cookies to collect or store personal information about you.

b. Advertising Trackers.

The information collected by Advertising Trackers can be used in any one or more of the following ways: (1) to allow us to determine accurately how many people are using the Site, as well as selected sponsors' and advertisers' websites, (2) to determine how many people open our emails, and (3) to determine the purposes for which these actions are being taken. Our Advertising Trackers are not used to track your activity outside of the Site’s domain or the domains of our sponsors and/or advertisers.

c. Computer and Connection and Log Files.

We also reserve the right to determine what type of computer and web browser you are using, what website referred you to the Site, and what your connection speed is. This information is collected purely to enhance your experience on the Site. In addition, Torchlight may use IP addresses to analyze trends, administer the Site, track users’ behaviors and gather broad demographic information for aggregate use. We do not link your IP address to other Personally Identifiable Information about you.

d. reCAPTCHA

We use the invisible reCAPTCHA service provided by Google Inc. (Google) to protect your submissions via support requests on this site. This plugin uses Cookies to confirm you are a person in order to prevent certain website functions from being abused by spam bots (Support Request Form). This plugin query includes the sending of the IP address and other data required by Google for the Google reCAPTCHA service, including cookies, mouse clicks, CSS information, date, browser language, browser information, and Javascript objects. For this purpose, your input will be communicated to and used by Google. Your IP address is transmitted to a Google server in the United States and is truncated and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address provided by reCAPTCHA from your browser will not be merged with any other data from Google. This data collection is subject to the data protection regulations of Google (Google Inc.). For more information about Google’s privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/. By using the Site, you consent to the reCAPTCHA service and the processing of data about you by Google in the manner and for the purposes set out above.

e. Google Analytics

We rely on Google Analytics, a web analysis service provided by Google Inc. (Google) for aggregated, anonymized website traffic analysis. Google Analytics uses cookies and the information generated by these cookies – e.g., time, place and frequency of your website visit, along with your IP address – is transferred to Google in the US and stored there. This information is used in order to evaluate usage of the website, to compile reports about website activity for internal purposes, and to render additional services associated with the usage of the website and the internet. Google asserts that it in no way associates your IP address with other Google data. You can prevent the installation of cookies by adjusting your browser’s settings; however, we wish to point out that, if you do this, you may not be able to fully make use of all functions of our website. Moreover, for the most popular browsers, Google offers a deactivation option that provides you with more control over which data is collected and processed by Google. If you should activate this option, no information regarding your website visit is transferred to Google Analytics. However, the activation of this option does not prevent information from being transferred to us or to any other web analysis services that we commission. For additional information regarding the deactivation option provided by Google as well as regarding the activation of this option, click on the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Personal Information

We may store any information you enter on the Site or provide or make available to us in any other way, whether by email, postal mail, phone, or any other means, including information that can personally identify you, such as your first and last name, telephone number, postal and email addresses, topics of interest, and any other information you may give us (collectively, "Personally Identifiable Information"). When you register as a member of the Site and/or when you update your member profile, we will have access to any Personally Identifiable Information or other information that you submit to us. We may use the information that you provide to respond to your questions, provide you the specific services you select or request, send you emails about the Site, and inform you of significant changes to this Privacy Policy. You can always decide not to provide information to us, but in order to register with the Site some information about you is required. At this time, we do NOT collect from registered members any financial information such as credit card information; if any External Link you visit asks you for such information, it is NOT affiliated with Torchlight or the Site, is not protected by this Privacy Policy, and is protected by the privacy policy of that website, if any, only.

a. Emails You Send to Torchlight

When you send us information by email, we may use that information to appropriately address your specific request or concerns, and may retain the content of your email messages together with your email address and our responses. For instance, if you send us a question regarding an educational program, childcare professional, therapist, or any other concern related to specialized educational or parenting or caregiving/caregiver resources, we may refer your question to an appropriate professional for a suitable answer, although we make no guarantee that we will do so. By emailing us, you are explicitly giving us permission to use your Personally Identifiable Information at our discretion to attempt to find a response to your inquiry. Additionally, this Privacy Policy does not apply to content, business information, ideas, concepts, or inventions that you send to Torchlight by email. If you want to keep any such information private or proprietary, do not send such information in an email to Torchlight.

How We Use Your Information

By providing us with such personal information, you expressly grant Torchlight and all other persons or entities involved in the operations of the Site the right to transmit, monitor, retrieve, store and use such information in connection with the operation of the Site. In particular, Torchlight may use other information about you (1) to provide you with the products, services or procedures that you request; (2) to communicate with you in general; (3) to respond to your questions and comments; (4) to measure interest in and improve our products, services, and the Site generally; (5) to notify you about special offers and products, services or procedures that may be of interest to you; (6) to otherwise customize your experience with the Site; (7) to enforce our Terms of Service; and (8) as otherwise described to you at the point of collection. In addition, we may ask you to confirm your personal information when you contact us, as this will allow us to protect your confidentiality by verifying your identity.

If you have accessed the Site through a portal provided by a partner, your use of the Site is subject to the terms and conditions of the license agreement between your employer or other third-party and the associated partner (the "Master License). In order to comply with the terms of the Master License and also to facilitate the registration and billing requirements of Torchlight and its partners, we may share Composite Data, Non-Personal Information and Personally Identifiable Information about you with the specific partner. In addition, if required under a Master License, we may share certain Composite Data with your employer or third-party provider. Except as permitted by this Privacy Policy or as specifically agreed to by you, no Personally Identifiable Information about you will be shared with your employer or other third-party provider.

Except as permitted by this Privacy Policy or as specifically agreed to by you (including in the Terms of Service), Torchlight will not disclose any information about you unless you specifically direct us to do so, either on the Site or otherwise. For certain community events, your name or image might be visible to other participants; these events are not recorded without permission, and you have the ability to change your name/photo in settings as well as keep your video set to off.

Torchlight also may share your information in the following situations:

a. Legal Compulsion: In response to legal proceedings, such as subpoenas, court orders, or search warrants; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us.

b. Investigations: When it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to defend or assert the rights, property, or safety of our organization, our customers, or others; and in connection with our Terms of Service. Should we be legally compelled to disclose your personal information to a third party, we will attempt to notify you about such an action unless doing so would violate the law or court order.

c. Corporate Transactions: In connection with a corporate transaction--including, without limitation, a merger, divestiture, or asset sale--or in the unlikely event of bankruptcy.

Torchlight does not sell any personal information or data at any time, to anyone, for any reason.

How You Can Access Your Information

You can access your personal information by logging into your account on the Site using the username and password you provided during the registration process. You also can review, correct, change, add, or update information on your account settings page at any time. To delete or to request an export of your personal information, contact us via email at support@torchlight.care, toll free at (844) 693-3477, or by submitting a Torchlight Support Request Form. As discussed above, you can choose not to provide us with certain information beyond the information required to register and establish a member account, although additional information may be needed to properly use certain features on the Site. Even if you registered as a member of the Site, you will still be given the opportunity to unsubscribe from commercial and transactional messages in any such email we send as required by applicable laws. If you have a complaint or problem, please contact us at support@torchlight.care. If you would like to remove your personal information entirely from the Site and our database, please contact us toll free at (844) 693-3477, submit a Torchlight Support Request Form, or email us at support@torchlight.care, accordingly.

After receiving your information access or removal request, we require you to verify your identity before providing or removing your information. After we have verified your identity, we will provide and/or remove your personal information within 30 days of your request. After deletion, you will no longer be actively associated with the Site. Nonetheless, it may be impossible for us to remove every instance of information associated with you from all of our records, including log files, history digests or public forums or message boards, though the information may exist for our internal purposes only and will not be shared with other parties. In addition, you understand that, even after removal, copies of content provided by you may remain viewable in cached and archived pages or if other users have copied or stored such content.

If you choose to have us share your information with a third-party organization, you will have to contact them directly in order to remove your information from their databases. We do not maintain control over the databases of such third-party organizations, and thus we cannot reasonably control the removal of your personal information from the databases of those organizations.

How We Protect Your Information

We want you to feel confident about using the Site, so we are deeply committed to protecting the information we collect from our users. While no website can guarantee complete security, we have implemented appropriate administrative, technical, and physical security procedures to help protect the personal information you provide to us. Only a small number of authorized employees are permitted to access your personal information, and these individuals may do so solely for business functions as outlined in this Privacy Policy, our Terms of Service, or as we deem reasonably appropriate. In addition, we employ firewalls and intrusion detection systems to help prevent unauthorized parties from gaining access to your information. User data is stored within a secure facility that cannot be accessed except by authorized personnel. Torchlight’s systems adhere to applicable industry and government standards.

We will never ask you for credit card information or any other financial data, although additional services that require a third party may require such data.

Please note that, there is always a risk that an unauthorized third party may gain access to your information by bypassing our security measures or by intercepting the transmission of your information over the Internet. For example, a spyware program that you may have inadvertently installed on your computer may be logging your keystrokes and sending the information to an unauthorized third party.

Health Insurance Portability and Accountability Act (HIPAA)

We are committed to protecting the privacy and security of our users’ data. As of January 1, 2021, Torchlight operates as a Business Associate in compliance with the Health Insurance Portability and Accountability Act of 1996. If you have accessed the Site through one of our partners with whom we have a Business Associate Agreement, including the CVS Point Solutions Management (PSM) platform, also referred to as Pharmacy Benefits Management (PBM) or Vendor Benefits Management (VBM), or are using the Site through the CVS partnership, Torchlight may collect, store, and transmit Protected Health Information (“PHI”), including demographic, insurance, and payment information. This information is used to verify eligibility with CVS during registration and to facilitate billing.

As mentioned above, you can access your personal information by logging into your account on the Site using the username and password you provided during the registration process. You have the right to inspect and obtain a copy of your Protected Health Information maintained by Torchlight. You may do so by completing a support request or by contacting us at support@torchlight.care. We will work with you to provide a copy of your Protected Health Information in a secure and timely manner. You may also request corrections to your health information through the same means.

Children’s Privacy (COPPA)

The Site does not cater to children under the age of 13, and we are deeply committed to protecting the privacy of children. Should a child whom we know to be under the age of 13 send personal information to us, we will use that information only to respond directly to that child to inform them that we must have parental consent before receiving their personal information. Neither Torchlight nor any of its affiliates nor services are designed or intended to attract children under the age of 13. In the unlikely event a person under the age of 13 requires the use of the Site, we encourage that child's parent or legal guardian to establish an account to be used by such parent or legal guardian on behalf of such minor, and it becomes that parent's or guardian’s responsibility to monitor the use of such an account. The parent or guardian is also responsible for maintaining the accuracy of any information so submitted. Furthermore, any information that Torchlight or any of our affiliates provide is directed at the parent or guardian, whom we hold responsible for interpreting and using that information. We take no responsibility for a child who knowingly falsifies their information in order to obtain information from us or from any of our Providers’ or other partners’ websites.

Torchlight does not sell any personal information or data at any time, to anyone, for any reason.

California Users Only: Your Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires businesses that collect personal information of California residents to make certain disclosures regarding how they collect, use, and disclose such information.

This section addresses those requirements. For a description of all of our data collection, use and disclosure practices, please read this Privacy Notice in its entirety.

California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:

  • The right to request a copy of personal information we collected or disclosed for a business purpose in the past 12 months;
  • The right to request deletion of personal information we collected, subject to certain exemptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation); and
  • The right to request that we disclose personal information we collect, use and disclose.

See below for more information about each of these requests.

  1. What personal information do you collect about me? If you make this request and we can verify the request comes from you, we will provide (to the extent possible and required by law):

    • The categories of personal information we have collected about you.
    • The categories of sources from which we collect your personal information.
    • The purpose for collecting this information.
    • The categories of third parties with whom we share personal information.
    • The specific information we have collected about you.
    • A list of categories of personal information that have been disclosed for business purposes.

    You may request this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information collected in the previous twelve months.

  2. Delete your personal information. You have the right to ask that we delete your personal information. Once we receive and verify your request, your information will be deleted as specified earlier in this notice. After removal, you will no longer be actively associated with the Site. Nonetheless, it may be impossible for us to remove every instance of information associated with you from all of our records, including log files, history digests or public forums or message boards, though the information may exist for our internal purposes only and will not be shared with other parties. In addition, you understand that, even after removal, copies of content provided by you may remain viewable in cached and archived pages or if other users have copied or stored such content. If you choose to have us share your information with a third-party Provider, you will have to contact them directly in order to remove your information from their databases. We do not maintain control over the databases of such third-party organizations, and thus we cannot reasonably control the removal of your personal information from the databases of those organizations.
  3. Stop selling your personal information. Torchlight does not sell any personal information or data at any time, to anyone, for any reason.

Torchlight will verify that the information you submit in the request matches our records before we fulfill the request along with verifying your identity. You may use an authorized agent to submit a consumer rights request on your behalf using the methods above, however, Torchlight will require the authorized agent to provide signed permission to submit the request on your behalf and may still contact you to confirm your identity and that this request was submitted with your permission. Torchlight does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal information. Please note that if you ask us to delete your data, it may impact your experience with us as some personal information is required for registration and some services require personal information to function.

To exercise your rights listed above, please contact us via email at support@torchlight.care, toll free at (844) 693-3477, or by submitting a Torchlight Support Request.

EEA and Switzerland Users Only: Your Privacy Rights

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland you have the following data protection rights:

  • The right to access, correct, update, or request deletion of your personal information;
  • The right to object to the processing of your personal information by asking us to restrict processing of your personal information or request portability of your personal information; and
  • The right to withdraw your consent at any time if we collected and processed your personal information with your consent
    • Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent

You can exercise the rights listed below by contacting us via email at support@torchlight.care, toll free at (844) 693-3477, or by submitting a Torchlight Support form. Once the request has been confirmed and your identity has been verified, we will respond to your request within 30 days. The 30-day period begins from the date that the required documents are received. You will be informed by Torchlight in writing if there will be any deviation from the 30-day timeframe due to other intervening events.

Canadian Users Only: Your Privacy Rights

The Personal Information Protection and Electronic Documents Act (PIPEDA) establishes rules to govern the collection, use, and disclosure of personal information in a manner that recognizes the right to privacy of individuals with respect to their personal information and the need of organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Torchlight is committed to protecting and respecting the personal information of its customers, employees, business partners, and all other entities it interacts with in accordance with PIPEDA. This policy will provide guidelines to ensure that Torchlight remains compliant with PIPEDA requirements.

PIPEDA Fair Information Principles and Torchlight Compliance

Torchlight follows PIPEDA’s 10 fair information principles as they relate to the collection, use, and disclosure of personal information, as well as to providing access to personal information. These principles give individuals control over how their personal information is handled in the private sector.

In addition to these principles, PIPEDA states that any collection, use, or disclosure of personal information must only be for purposes that a reasonable person would consider appropriate in the circumstances.

PIPEDA Principles and Torchlight Compliance

Principle 1 – Accountability

An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.

Torchlight has designated the following position responsible for PIPEDA compliance:

Program Manager: Information Security & Compliance Officer
Torchlight
25 Corporate Drive, Suite 100
Burlington, MA 01803
United States of America

Principle 2 – Identifying Purposes

The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.

The types of personal information collected by Torchlight is detailed within the Privacy Policy.

Principle 3 – Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information.

Consent is obtained through the creation of an account where the user is asked to agree to our Terms of Service and Privacy Policy. Consent is also gained through contractual agreement of the user’s employer.

Consent may be withdrawn by contacting us using our Support Request Form.

Principle 4 – Limiting Collection

The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.

Torchlight requires first name, last name, and a working email address to use the platform although other information may be encouraged to help target content.

Principle 5 – Limiting Use, Disclosure, and Retention

Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.

Torchlight has disclosed in the Privacy Policy the use of information collected which is kept as long as required to serve those purposes; Torchlight does not sell personal information.

Principle 6 – Accuracy

Personal information must be as accurate, complete, and up to date as possible in order to properly satisfy the purposes for which it is to be used.

Torchlight maintains the integrity of data submitted by users and remains untouched unless edited by the user. Optional profile information, for example, is editable by the user and is used to enhance the experience within the Torchlight platform.

Principle 7 – Safeguards

Personal information must be protected by appropriate security relative to the sensitivity of the information.

Torchlight employs technical and other safeguards backed by policy, procedure, and training to ensure personal information is protected. Encryption is used while information is in transit and while at rest.

Principle 8 – Openness

An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.

Torchlight’s Privacy Policy is made publicly and readily available on the website to inform users of how personal information is managed as well as how users can request to access or delete their information.

Principle 9 – Individual Access

Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Torchlight provides to users the Support Request Form. Policies and procedures are in place to satisfy any such request to comply. Responses are provided to verifiable requests within 30 days unless additional time is reasonably required (in which case notice is provided).

Principle 10 – Challenging Compliance

An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.

The Support Request Form is the preferred way for an individual to submit a challenge. Challenges are handled by the individual identified under Principle 1.

Changes to our Privacy Policy

Torchlight’s Privacy Policy undergoes regular review and places any updates on this web page.

How to Contact Us

If you have questions about this Privacy Policy or any other concerns related to the Site, please email us at support@torchlight.care.