We recognize that an Employee Assistance Program (EAP) involves far more than data.
It involves trust, dignity, and psychological safety.
Accordingly, we make the following clear, enforceable, and traceable commitments to all organizations using this Platform and to all employees who access EAP services through it.
The Platform collects only data that is necessary, clearly defined, and strictly required for the provision of EAP services.
We do not collect data unrelated to service delivery, nor do we use data beyond its stated purpose.
Specifically, the Platform:
Does not collect employees’ private communications
Does not collect behavioral tracking data unrelated to EAP services
Does not establish cross-system personal data linkages
All data collection activities adhere to the principles of necessity, legitimacy, and transparency.
To prevent any form of internal or external misuse, the Platform is designed with strict separation mechanisms, including:
Complete logical separation between employee usage data and employer administrative data
No access by employers to any information that could identify individual employees
Psychological and EAP-related data presented only in anonymized, aggregated, or statistical form
Employers may access overall trends and improvement insights only.
They do not, and cannot, access individual employees’ psychological status, conversation content, or assessment results.
The Platform implements multi-layered information security protections, including but not limited to:
Role-based access control and least-privilege principles
Encryption of data during transmission and storage
Comprehensive logging and auditing of system operations and data access
Regular security testing and risk assessments
Only authorized systems and personnel may access relevant data, and solely within the scope required to perform their duties.
We explicitly commit that:
Employee-related data is not sold, exchanged, rented, or otherwise transferred
Data is not used for advertising, marketing, or any third-party commercial purposes
No data is disclosed to third parties without lawful basis and the consent of the data subject, where required
Data exists only for the purpose of providing EAP services, and for no other reason.
All data processing activities on the Platform are conducted in accordance with applicable data protection and privacy regulations.
Employers and employees may lawfully request access to, restriction of, or deletion of personal data
Upon service termination or contract expiration, data will be deleted or irreversibly de-identified in accordance with contractual terms and legal requirements
We do not retain data unnecessarily, and we do not allow data to become a source of risk.
An EAP should never function as a management or surveillance tool.
It should be a safe space where individuals feel secure enough to engage and speak honestly.
For this reason, in our system design, governance, and public statements,
we choose to define what must not be done more clearly than what can be done.