Related policies
See also our Privacy Policy, Terms and Conditions, Refund & Cancellation Policy, and Minor Safety Policy.
Last updated: June 2026
Aproch is committed to protecting the confidentiality, integrity, availability, and security of information entrusted to the Platform.
This Information Security & Confidentiality Policy establishes the principles, safeguards, responsibilities, and procedures governing the protection of personal information, appointment data, communications, and platform systems.
This Policy applies to all Users, Clients, Professionals, employees, contractors, service providers, and other individuals who access or interact with Aproch systems or information.
Aproch shall implement reasonable administrative, technical, operational, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, destruction, misuse, or loss.
Security measures may be reviewed and updated periodically in response to evolving risks, threats, technologies, legal requirements, and business needs.
Access to information shall be restricted to authorized individuals who require such access for legitimate operational, clinical, support, compliance, or security purposes.
Aproch may implement:
Unauthorized access to information is strictly prohibited.
Aproch may implement authentication mechanisms designed to verify the identity of users and authorized personnel.
Such measures may include:
Users may be required to complete authentication procedures before accessing certain services.
Users are responsible for maintaining secure passwords.
Users shall:
Aproch reserves the right to require password changes where security risks are identified.
Aproch may employ industry-standard encryption technologies to protect information during transmission and storage.
Encryption measures may include:
No security system can guarantee absolute protection; however, Aproch shall take reasonable measures to safeguard information.
Aproch may implement infrastructure safeguards designed to protect systems and information from unauthorized access, disruption, misuse, or attack.
Security controls may include:
Aproch may maintain network security measures designed to identify, prevent, detect, and respond to security threats.
Such measures may include:
Users are solely responsible for safeguarding their login credentials.
Users shall not:
Any activity conducted through a User's account may be attributed to that User unless otherwise demonstrated.
Users are responsible for securing devices used to access the Platform.
Users are encouraged to:
Aproch shall not be responsible for security failures occurring on User-controlled devices.
Users shall promptly notify Aproch if they become aware of:
Failure to promptly report security concerns may increase risk and limit Aproch's ability to respond effectively.
Aproch recognizes the sensitive nature of mental health information.
Client information shall be treated as confidential and may only be accessed, used, disclosed, or processed where reasonably necessary for:
Professionals are expected to maintain confidentiality in accordance with:
Professionals remain responsible for maintaining appropriate confidentiality concerning information obtained through consultations.
Employees, contractors, consultants, and authorized representatives of Aproch who access confidential information shall be expected to maintain confidentiality.
Such individuals may be required to:
Unauthorized disclosure of confidential information may result in disciplinary action, termination, legal action, or referral to authorities.
Access to confidential information shall be limited to individuals whose responsibilities reasonably require such access.
Aproch shall seek to minimize unnecessary access to personal, clinical, operational, and security-related information.
Any person who becomes aware of an actual or suspected security incident involving Aproch systems or information is encouraged to report the matter immediately.
Reports may include:
Where Aproch becomes aware of a suspected or confirmed data breach, reasonable efforts may be undertaken to:
Response actions may vary depending upon the nature and severity of the incident.
Aproch may investigate security incidents, policy violations, suspicious activities, and operational risks.
Investigations may involve:
Users agree to cooperate reasonably with investigations relating to security matters.
Following investigation, Aproch may implement corrective measures including:
Corrective actions shall be determined based on the circumstances of each case.
Aproch may maintain backup procedures designed to support recovery of critical information and operational continuity.
Backup practices may vary depending on system requirements, legal obligations, and operational considerations.
Aproch may maintain disaster recovery procedures designed to respond to:
Recovery priorities shall be determined based on operational and security considerations.
Following significant disruptions, Aproch shall make reasonable efforts to restore services as promptly as practicable.
Restoration timelines may vary depending on the nature, severity, and complexity of the disruption.
Aproch shall endeavor to comply with applicable laws, regulations, legal obligations, and industry requirements relating to information security, privacy, confidentiality, and platform operations.
Users are also expected to comply with applicable legal requirements when using the Platform.
Aproch may respond to lawful requests from:
Information may be disclosed where required by law or reasonably necessary to comply with legal obligations.
Where Aproch reasonably believes that information may be relevant to:
Aproch may preserve records, communications, logs, documents, and other relevant information for an appropriate period.
Such preservation may occur even where deletion requests have been submitted, where legally permitted or required.
Violations of this Policy may result in:
Aproch reserves the right to modify this Policy at any time.
Updated versions shall become effective upon publication on the Platform.
Continued use of the Platform following publication constitutes acceptance of the revised Policy.
For information security concerns, confidentiality matters, data breach reports, security incidents, or policy-related inquiries, Users may contact Aproch using the details below.
Aproch encourages prompt reporting of any suspected security concerns to help protect Users, Professionals, and Platform operations.
See also our Privacy Policy, Terms and Conditions, Refund & Cancellation Policy, and Minor Safety Policy.