Aproch Information Security & Confidentiality Policy

Last updated: June 2026

Purpose

Aproch is committed to protecting the confidentiality, integrity, availability, and security of information entrusted to the Platform.

This Information Security & Confidentiality Policy establishes the principles, safeguards, responsibilities, and procedures governing the protection of personal information, appointment data, communications, and platform systems.

This Policy applies to all Users, Clients, Professionals, employees, contractors, service providers, and other individuals who access or interact with Aproch systems or information.

A. Security Measures

1. Security Framework

Aproch shall implement reasonable administrative, technical, operational, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, destruction, misuse, or loss.

Security measures may be reviewed and updated periodically in response to evolving risks, threats, technologies, legal requirements, and business needs.

2. Access Controls

Access to information shall be restricted to authorized individuals who require such access for legitimate operational, clinical, support, compliance, or security purposes.

Aproch may implement:

  • Role-based access controls
  • Permission management systems
  • Account restrictions
  • Session management controls
  • Access monitoring procedures

Unauthorized access to information is strictly prohibited.

3. Authentication Controls

Aproch may implement authentication mechanisms designed to verify the identity of users and authorized personnel.

Such measures may include:

  • Password authentication
  • One-Time Passwords (OTPs)
  • Multi-Factor Authentication (MFA)
  • Device verification
  • Session validation procedures

Users may be required to complete authentication procedures before accessing certain services.

4. Password Standards

Users are responsible for maintaining secure passwords.

Users shall:

  • Create strong passwords
  • Avoid password sharing
  • Avoid password reuse across services
  • Update passwords when compromise is suspected

Aproch reserves the right to require password changes where security risks are identified.

5. Encryption Measures

Aproch may employ industry-standard encryption technologies to protect information during transmission and storage.

Encryption measures may include:

  • Secure communication protocols
  • Encrypted storage systems
  • Secure payment integrations
  • Protected backups

No security system can guarantee absolute protection; however, Aproch shall take reasonable measures to safeguard information.

6. Infrastructure Security

Aproch may implement infrastructure safeguards designed to protect systems and information from unauthorized access, disruption, misuse, or attack.

Security controls may include:

  • Server protections
  • Security monitoring
  • Vulnerability management
  • Access restrictions
  • Infrastructure hardening measures

7. Network Security

Aproch may maintain network security measures designed to identify, prevent, detect, and respond to security threats.

Such measures may include:

  • Traffic monitoring
  • Firewall protections
  • Intrusion detection systems
  • Threat intelligence tools
  • Security logging mechanisms

B. User Responsibilities

8. Password Protection

Users are solely responsible for safeguarding their login credentials.

Users shall not:

  • Share passwords
  • Share OTPs
  • Allow unauthorized access to accounts
  • Circumvent security controls

Any activity conducted through a User's account may be attributed to that User unless otherwise demonstrated.

9. Device Security

Users are responsible for securing devices used to access the Platform.

Users are encouraged to:

  • Install security updates
  • Use antivirus protection where appropriate
  • Secure devices with passwords or biometrics
  • Avoid accessing the Platform from untrusted devices or networks

Aproch shall not be responsible for security failures occurring on User-controlled devices.

10. Unauthorized Access Reporting

Users shall promptly notify Aproch if they become aware of:

  • Unauthorized account access
  • Credential compromise
  • Suspicious activity
  • Security vulnerabilities
  • Suspected breaches involving their information

Failure to promptly report security concerns may increase risk and limit Aproch's ability to respond effectively.

C. Confidentiality

11. Client Confidentiality

Aproch recognizes the sensitive nature of mental health information.

Client information shall be treated as confidential and may only be accessed, used, disclosed, or processed where reasonably necessary for:

  • Service delivery
  • Appointment management
  • Platform operations
  • Legal compliance
  • Safety-related obligations

12. Professional Confidentiality

Professionals are expected to maintain confidentiality in accordance with:

  • Professional standards
  • Ethical obligations
  • Applicable laws
  • Platform policies

Professionals remain responsible for maintaining appropriate confidentiality concerning information obtained through consultations.

13. Internal Staff Confidentiality

Employees, contractors, consultants, and authorized representatives of Aproch who access confidential information shall be expected to maintain confidentiality.

Such individuals may be required to:

  • Follow confidentiality obligations
  • Comply with internal policies
  • Access information only when authorized

Unauthorized disclosure of confidential information may result in disciplinary action, termination, legal action, or referral to authorities.

14. Need-to-Know Access Principle

Access to confidential information shall be limited to individuals whose responsibilities reasonably require such access.

Aproch shall seek to minimize unnecessary access to personal, clinical, operational, and security-related information.

D. Incident Management

15. Security Incident Reporting

Any person who becomes aware of an actual or suspected security incident involving Aproch systems or information is encouraged to report the matter immediately.

Reports may include:

  • Data exposure
  • Unauthorized access
  • Security vulnerabilities
  • Account compromise
  • Suspicious activity

16. Data Breach Response

Where Aproch becomes aware of a suspected or confirmed data breach, reasonable efforts may be undertaken to:

  • Assess the incident
  • Contain the impact
  • Preserve evidence
  • Restore security
  • Notify affected parties where appropriate
  • Comply with legal obligations

Response actions may vary depending upon the nature and severity of the incident.

17. Internal Investigations

Aproch may investigate security incidents, policy violations, suspicious activities, and operational risks.

Investigations may involve:

  • Review of system records
  • Review of communications
  • Collection of evidence
  • User interviews
  • Cooperation with service providers or authorities

Users agree to cooperate reasonably with investigations relating to security matters.

18. Corrective Actions

Following investigation, Aproch may implement corrective measures including:

  • Account restrictions
  • Password resets
  • Security updates
  • Access modifications
  • Policy improvements
  • Suspension or termination of accounts

Corrective actions shall be determined based on the circumstances of each case.

E. Business Continuity

19. Data Backup

Aproch may maintain backup procedures designed to support recovery of critical information and operational continuity.

Backup practices may vary depending on system requirements, legal obligations, and operational considerations.

20. Disaster Recovery

Aproch may maintain disaster recovery procedures designed to respond to:

  • Infrastructure failures
  • Cybersecurity incidents
  • Service interruptions
  • Natural disasters
  • Other disruptive events

Recovery priorities shall be determined based on operational and security considerations.

21. Service Restoration

Following significant disruptions, Aproch shall make reasonable efforts to restore services as promptly as practicable.

Restoration timelines may vary depending on the nature, severity, and complexity of the disruption.

F. Legal Compliance

22. Regulatory Compliance

Aproch shall endeavor to comply with applicable laws, regulations, legal obligations, and industry requirements relating to information security, privacy, confidentiality, and platform operations.

Users are also expected to comply with applicable legal requirements when using the Platform.

23. Law Enforcement Requests

Aproch may respond to lawful requests from:

  • Courts
  • Law Enforcement Agencies
  • Government Authorities
  • Regulatory Bodies
  • Other legally authorized entities

Information may be disclosed where required by law or reasonably necessary to comply with legal obligations.

24. Preservation of Evidence

Where Aproch reasonably believes that information may be relevant to:

  • Investigations
  • Security incidents
  • Legal proceedings
  • Regulatory matters
  • Safety concerns

Aproch may preserve records, communications, logs, documents, and other relevant information for an appropriate period.

Such preservation may occur even where deletion requests have been submitted, where legally permitted or required.

25. Policy Violations

Violations of this Policy may result in:

  • Warnings
  • Account restrictions
  • Suspension
  • Permanent removal from the Platform
  • Termination of professional relationships
  • Legal action
  • Reporting to relevant authorities

26. Amendments to this Policy

Aproch reserves the right to modify this Policy at any time.

Updated versions shall become effective upon publication on the Platform.

Continued use of the Platform following publication constitutes acceptance of the revised Policy.

27. Contact Information

For information security concerns, confidentiality matters, data breach reports, security incidents, or policy-related inquiries, Users may contact Aproch using the details below.

Aproch encourages prompt reporting of any suspected security concerns to help protect Users, Professionals, and Platform operations.

Related policies

See also our Privacy Policy, Terms and Conditions, Refund & Cancellation Policy, and Minor Safety Policy.