Privacy & Security
What are ThroughLine’s values regarding privacy and security?
ThroughLine’s goal is to connect people to meaningful help. To access this support, people need to feel safe and secure. Furthermore, the confidentiality and anonymity of mental health and crisis services are a main reason people contact them.
Our privacy and security measures reflect our commitment to supporting users. We aim for people in distress and our partners to feel confident and comfortable in using our products.
What is ThroughLine’s Privacy Policy?
You can review our Privacy Policy here.
Can end users access ThroughLine’s privacy policy?
Please see below for how users can access ThroughLine's privacy policy across our 3 products.
Web app | Our Privacy Policy is hyperlinked on all pages of ThroughLine's web app product. |
|---|---|
Widget | We recommend you link to our Privacy Policy in a clause in your website or app’s privacy policy |
API | As end users do not directly interact with ThroughLine via the API, a privacy notice is not required. |
What user data does ThroughLine collect?
The table below details the default user data collected across ThroughLine’s product suite.
Web app | ✅ Anonymous behavioral analytics of end users collected via third-party vendors, with consent. 🚫 No end-user personally identifiable information collected |
|---|---|
Widget | 🚫 No end-user data collected by ThroughLine ✅ End user events passed to customer data analytics tool if required. ThroughLine will not have access to this data. |
API | 🚫 No end-user data collected by ThroughLine ✅ Login credentials of the Developer to access the ThroughLine API. |
Does ThroughLine collect personally identifiable information of its customers' end users?
No. In all of ThroughLine's products provided to customers, no features expressly collect personally identifiable information. This also means you will not receive any personally identifiable information of end users from ThroughLine, as it will not exist.
Our feedback features, which are triggered by suggesting changes to a listing, navigating to a helpline website, or contacting a helpline, provide some options for users to write anonymous free text feedback. This information is currently only used for internal product development purposes and can be switched off to ensure no users can choose to communicate personal information.
Outside of our customer integrations, we only collect the personally identifiable information of end users if they are expressly contacting ThroughLine for an inquiry, such as through our website contact form, in which case we collect a user's email address.
Does ThroughLine serve a cookie notice?
To comply with GDPR and other legislation, users must consent before analytics are tracked by ThroughLine. ThroughLine uses the built-in Google Consent Management tools within Google Tag Manager to manage this, with a cookie notice provided by CookieYes.
The banner supports the following key legislation globally: GDPR (EU & UK), LGPD (Brazil), PIPEDA (Canada), Law 25 (Quebec), POPIA (South Africa), nFADP (Switzerland), Privacy Act (Australia), PDPL (Saudi Arabia), PDPL (Argentina), PDPL (Andorra), DPA (Faroe Island).
Customers can have the option to implement a strict requirement that consent is granted before analytics data is collected. If implemented, it will also significantly affect the volume and accuracy of user analytics provided by ThroughLine.
What data does ThroughLine collect via cookies?
In the web app, cookies are utilized by third-party vendors, Google Analytics and HotJar, to track anonymous user interactions with the product such as clicks, mouse movements, time on the page, and basic device information.
We also use cookies to identify individual visitors and enable targeted roll-out of features to users based on the page they are currently visiting or the subdomain where they are viewing content. These cookies do not correspond to any user ID in the web application and do not store any personally identifiable information.
A full cookie list is available on request.
Does ThroughLine collect any personal information when a user contacts a helpline?
No. When a user contacts a helpline they are interacting with a phone number, SMS number, WhatsApp number, or website provided by the helpline. ThroughLine does not have any ability to collect personal information about the user when they take action to contact a helpline, or any ability to collect information about the conversation they have had. ThroughLine anonymously tracks actions to contact a helpline to inform our ranking algorithm, improve our product, and provide anonymous analytical reporting to our partners.
What end-user data is displayed on the Impact Dashboard?
The user impact dashboard is only available for the web app. It includes the number of users, sessions, helpline contacts, country distribution, engagement metrics (rate, time), access patterns, and most-used helplines/topics. No personally identifiable information is collected so no such information will be shared. A demo dashboard is available on request.
How does ThroughLine comply with local legislative privacy requirements?
We aim to comply with legislative requirements in the jurisdictions where we serve users. With a global user base, ThroughLine has taken a conservative approach to the information it collects from users to comply with legislation globally. This includes leading legislation such as the GDPR, which much of the subsequent legislation is modeled on.
To this end, we serve a cookie banner and privacy policy to users informing them of what data we collect and how we use it, their rights to access that information, and our commitment to data security.
In line with our values and goal to connect people with meaningful help, we only collect anonymous behavioral analytics of end users via third-party vendors. We do not collect any end-user personally identifiable information through any of our customer integrations.
Is it possible to turn off behavioral analytics?
Yes. If required, we can turn off all behavioral analytics to ensure that even anonymous and non-identifiable information is not collected.
How does ThroughLine keep the information it collects secure?
While ThroughLine does not collect personally identifiable information of users in our product integrations, we take seriously our information security. This includes:
- All employees and contractors sign a nondisclosure or confidentiality agreement before accessing any ThroughLine information.
- Access by employees and contractors to any ThroughLine information requires unique credentials.
- All ThroughLine employees and contractors are required to use multi-factor authentication for all software systems where it is available and can be enforced.
We are happy to respond to security questionnaires upon request.
How does ThroughLine define anonymous and confidential?
Anonymous | Users may willingly, but are not required to, disclose personal information at their discretion, provided that such information is kept confidential. Online chats that require an email address or phone number to access the service qualify, as long as they are confidential. |
|---|---|
Confidential | Information provided by the user may be used:
|
These definitions essentially mean that conversations are held in confidence, except if there’s an immediate safety risk such as suspicion that a child may be at risk of harm, or a user or someone else faces serious harm, either self-inflicted or from others.
Many services keep a record of each conversation and information such as phone number, mobile service provider, IP address, or internet service provider that the user used to contact them.
The service might then share this information with emergency responders (police, ambulance/medical services) who will use it to try and provide support. In many countries, services are obligated by law to advise authorities if there is an acute risk to life, and often services will have these privacy policies on their website. It’s also common for users to be asked to confirm that they understand these policies before getting support.