Data Privacy Policy — goCorporate™

Your Privacy Is Not a Feature — It's a Foundation

goCorporate™ is built for healthcare practitioners. We understand that the data you entrust to us carries professional and legal weight. We do not sell your information. We do not trade your data for ad revenue. Full stop.

Overview

This Data Privacy Policy ("Policy") describes how goCorporate™ ("goCorporate," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our website, enroll in our programs, or interact with our services.

By accessing or using goCorporate™ services, you agree to the terms of this Policy. If you do not agree, please discontinue use of our services.

Scope

This Policy applies to all goCorporate™ digital properties including our website, member portal, email communications, checklists, and any associated platforms. It does not govern third-party websites we may link to — those are subject to their own privacy policies.

goCorporate™ operates as a clinical independence infrastructure for licensed practitioners — primarily Psychiatric Mental Health Nurse Practitioners (PMHNPs) and related healthcare professionals. This context shapes how seriously we take data privacy and why we go beyond minimum legal requirements.

Information We Collect

We collect information you provide directly, information generated by your use of our services, and limited information from third parties.

Information You Provide

Category	Examples	When Collected
Identity	First name, last name, professional title	Enrollment, lead forms, community registration
Contact	Email address, phone number	Sign-up forms, checklist opt-in, newsletter
Professional	License type, state of licensure, specialty, years in practice	Program enrollment, onboarding intake
Financial	Billing address, last 4 digits of card (tokenized)	Payment processing — we do not store full card numbers
Program Activity	Module completions, milestone submissions, coaching notes	Ongoing program participation
Communications	Email replies, support tickets, community posts	When you contact us or participate in community

Information Collected Automatically

When you visit our website or use our platform, we automatically collect certain technical data:

Device & browser data — browser type, operating system, device type, screen resolution
Usage data — pages visited, time on page, links clicked, scroll depth, referral URL
IP address — used for approximate geolocation (country/region level) and fraud prevention
Cookies and similar technologies — session cookies, preference cookies, analytics identifiers (see Cookies section)

Information From Third Parties

We may receive limited information from:

Payment processors (Stripe) — transaction status and billing country
Email platforms — delivery status, open rates (aggregate, not individually targeted for profiling)
Social platforms — only if you connect a social account or engage with goCorporate™ content there

How We Use Your Data

We use your personal information only for the purposes listed below. We do not use your data for purposes incompatible with those for which it was collected.

Delivering services — providing access to your enrolled program tier, tracking milestones, scheduling coaching sessions
Communications — sending onboarding emails, program updates, community announcements, and transactional notifications
Support — responding to support tickets, troubleshooting account issues, processing refund requests
Marketing (with consent) — sending newsletters, promotional content, and launch checklist follow-up sequences — only where you have opted in
Product improvement — analyzing aggregate usage patterns to improve our curriculum, platform experience, and outcomes
Legal compliance — meeting our obligations under applicable law, including record-keeping and responding to lawful requests
Fraud prevention & security — detecting and preventing unauthorized access or abuse

No Sale of Personal Data

goCorporate™ does not and will never sell, rent, or trade your personal information to third-party advertisers, data brokers, or marketers. This applies to all practitioners regardless of tier or enrollment status.

Third-Party Sharing

We share personal information with a limited set of service providers who help us deliver our services. All third parties are contractually obligated to process your data only as instructed and to maintain appropriate security standards.

Service Provider	Purpose	Data Shared
Stripe	Payment processing	Name, email, billing address, payment amount
Email platform (e.g., ConvertKit / Klaviyo)	Email delivery, sequences, list management	Name, email address, subscription preferences
Video platform (e.g., Vimeo / Kajabi)	Program video hosting and delivery	Viewing data associated with your account
Analytics (e.g., Google Analytics)	Website usage analytics — aggregated	Anonymized behavioral data, no PII
Scheduling tool (e.g., Calendly)	Coaching and strategy call booking	Name, email, appointment details
Community platform	Member community access	Name, professional title, profile data you provide

Legal Disclosure

We may disclose your personal information if required by law, legal process, or governmental authority, or if we believe in good faith that disclosure is necessary to:

Comply with a legal obligation or court order
Protect the rights, property, or safety of goCorporate™, our users, or others
Investigate fraud or respond to a government request

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your information being transferred and becoming subject to a different privacy policy.

HIPAA Considerations

Important Clarification

goCorporate™ is a business education and practice-launch infrastructure platform — not a clinical service. We do not access, store, transmit, or process Protected Health Information (PHI) belonging to your patients. We are not your patients' Business Associate under HIPAA.

However, because our members are licensed healthcare practitioners, we hold ourselves to elevated data-handling standards consistent with the spirit of HIPAA even where not legally required:

Your professional credentials and license information are treated as sensitive data and are never shared beyond necessary service delivery
We use encryption in transit (TLS 1.2+) and at rest for all personal data
Access to member data is role-restricted to staff with a documented need
We maintain access logs and review them regularly for anomalies
We undergo periodic security reviews

Your Responsibility

When you use goCorporate™ to set up your practice, you become a Covered Entity under HIPAA once you begin treating patients. The systems, tools, and platforms we recommend or teach you to use are your responsibility to configure and vet for HIPAA compliance within your own practice. goCorporate™ can guide you — but your practice's compliance obligations are yours alone.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our website, remember your preferences, and understand how you engage with our content.

Types of Cookies We Use

Strictly necessary cookies — required for our website to function (session management, security tokens). These cannot be disabled.
Preference cookies — remember your settings, such as language or display preferences.
Analytics cookies — help us understand how visitors interact with our site in aggregate. We use anonymized data only.
Marketing cookies — only set if you have given explicit consent. Used to deliver relevant content and track the effectiveness of our marketing.

Cookie Control

You can manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences. Disabling non-essential cookies will not affect your ability to access our content, though some features may behave differently. We honor Do Not Track (DNT) signals where technically feasible.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Active account data — retained for the duration of your enrollment plus 3 years after your last interaction, to support program re-enrollment, references, and refund eligibility verification
Email marketing data — retained until you unsubscribe; upon unsubscribe we suppress your address within 10 business days
Financial records — retained for 7 years to meet tax and accounting obligations
Support communications — retained for 2 years after ticket resolution
Analytics data — aggregated and anonymized within 14 months; individual session data is not retained beyond that point
Deleted accounts — upon a verified deletion request, we remove personal data within 30 days, except where retention is required by law

Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information. We honor these rights for all users regardless of jurisdiction.

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing for marketing or profiling purposes at any time.

Right to Restrict

Request that we limit how we use your data while a dispute is resolved.

How to Exercise Your Rights

Submit a privacy rights request by emailing privacy@gocorporate.com with the subject line "Privacy Rights Request." We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing the request.

California Residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what categories of personal information are collected and shared, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising privacy rights. To submit a CCPA request, email privacy@gocorporate.com.

EEA & UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation. Our lawful bases for processing include: contract performance (delivering your enrolled program), legitimate interests (fraud prevention, service improvement), legal obligation, and consent (marketing communications). You also have the right to lodge a complaint with your local supervisory authority.

Security

We implement technical and organizational measures designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Encryption at rest — sensitive data fields are encrypted at the database level
Access controls — role-based access ensures staff see only what they need; all access is logged
Multi-factor authentication — required for all internal system access
Vendor due diligence — all third-party service providers are assessed for security practices before onboarding
Incident response — we maintain a documented incident response plan and will notify affected users within 72 hours of becoming aware of a material breach

No Absolute Guarantee

While we take security seriously, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password for your goCorporate™ account and to never share your login credentials.

Children's Privacy

goCorporate™ services are designed exclusively for licensed healthcare professionals. Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe we have collected information from a minor, please contact us at privacy@gocorporate.com.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Send an email notice to all enrolled members at least 14 days before the changes take effect
Post a banner on our website for 30 days after the update

Your continued use of goCorporate™ services after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree to the updated terms, please contact us to discuss your options or close your account.

Contact & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact our Privacy team:

Privacy Email

privacy@gocorporate.com

Mailing Address

goCorporate™, Attn: Privacy
United States

Response Time

Within 30 business days

General Support

Visit Support Center

This Privacy Policy was last reviewed and updated on April 1, 2026. Previous versions are available upon request by emailing privacy@gocorporate.com.