Notice of Privacy Practices.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Effective April 21, 2026 · Version 1.0
The entity and the scope.
This Notice of Privacy Practices (the "Notice") is issued by R & S Enterprises, d/b/a Peacefull-ai ("Peacefull," "we," "us"), a Texas-incorporated company operating the Peacefull behavioral-health companion product. It describes how we may use and disclose your Protected Health Information ("PHI") and tells you about your rights under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA").
Peacefull is clinician-invited by design. When you use Peacefull, you are typically receiving services under the supervision of a licensed clinician or practice. Your clinician or practice is the treating covered entity and has its own Notice of Privacy Practices that also governs your information. This Notice covers how Peacefull, as the operator of the companion service, handles your PHI.
How we may use and disclose your PHI.
Without your written authorization.
The following categories describe the ways we may use and disclose your PHI without asking for written authorization from you, as permitted or required by HIPAA.
Treatment.
We use and share PHI to coordinate or provide care. For example, we surface mood check-ins, assessment scores, and opted-in context to your treating clinician so that your next session can build on the work you did between sessions.
Payment.
We use and share PHI for billing and collection of payment for services, including verification of coverage and submission of claims by your treating practice when applicable. Peacefull itself is clinician-paid; we do not bill patients directly.
Health care operations.
We use PHI for quality assessment and improvement, clinical safety evaluation, training and competence, licensing, auditing, and the clinical governance processes that gate every model update. All are activities permitted under HIPAA's operations definition.
Required by law.
We disclose PHI when required by federal, state, or local law — including law enforcement, judicial or administrative proceedings, public health activities, abuse or neglect reporting, and health-oversight activities.
Serious threat to health or safety.
We may use or disclose PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of you or others, consistent with applicable law and professional ethical standards.
Public health and government functions.
We may disclose PHI to public-health authorities, the Food and Drug Administration (FDA), government benefit programs, military authorities, national security authorities, and correctional institutions where permitted by law.
Business Associates.
We may share PHI with contractors or vendors that perform services for us — hosting, observability, model inference, and similar. Each is covered by a Business Associate Agreement (BAA) that restricts their use of PHI to the same standards that apply to us.
Uses that require your signature.
The following uses and disclosures will be made only with your written authorization. You may revoke your authorization at any time, in writing, except to the extent that we have already acted in reliance on it.
Psychotherapy notes.
Most uses and disclosures of psychotherapy notes, as defined under HIPAA, require your written authorization. This includes sharing notes for treatment, payment, or health care operations beyond narrowly permitted exceptions.
Marketing communications.
We will not use or disclose your PHI for marketing purposes (as defined by HIPAA) without your written authorization. Peacefull does not sell PHI, use PHI for advertising, or share PHI with data brokers.
Sale of PHI.
We will not sell your PHI. Any disclosure that would constitute a sale under HIPAA requires your written authorization. We commit never to seek such authorization as a condition of service.
Other uses not described in this Notice.
Any other use or disclosure of your PHI not described in this Notice will be made only with your written authorization, which you may revoke at any time (with the exception noted above for disclosures already made in reliance).
What you can ask us to do.
You have the following rights with respect to PHI we maintain about you. To exercise any of them, write to our Privacy Officer at privacy@peacefull-ai.io.
Right to request restrictions.
You may ask us to restrict how we use or disclose your PHI for treatment, payment, or operations. We are not required to agree, except that we must honor a request to restrict disclosure to a health plan for services you have paid for in full, out of pocket.
Right to confidential communications.
You may ask us to contact you in a specific way (for example, only by email, only at a particular address). We will accommodate reasonable requests.
Right to inspect and copy.
You may inspect and obtain a copy of your PHI, in the form and format you request if readily producible, including electronic copies. Certain limited exceptions apply.
Right to amend.
You may request that we amend PHI we maintain about you if you believe it is incorrect or incomplete. We may deny your request for reasons permitted by HIPAA; in that case, you may submit a written statement of disagreement that will be included with the record.
Right to an accounting of disclosures.
You may request a list of certain disclosures of your PHI we have made. The list will not include disclosures for treatment, payment, or operations, or disclosures you authorized. The first accounting in a 12-month period is free; additional requests may incur a reasonable, cost-based fee.
Right to a paper copy.
You are entitled to a paper copy of this Notice on request, even if you have agreed to receive it electronically. Write to privacy@peacefull-ai.io and we will send one to the address you provide.
Right to breach notification.
We will notify you, consistent with HIPAA, the HITECH Act, and the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521.053), if a breach compromises the privacy or security of your unsecured PHI or sensitive personal information.
Right to revoke authorization.
For uses and disclosures that required your authorization, you may revoke that authorization at any time in writing, except to the extent we have already acted in reliance.
What we commit to.
Privacy and security of PHI.
We are required by law to maintain the privacy and security of your PHI and to notify affected individuals following a breach of unsecured PHI, consistent with HIPAA, the HITECH Act, and the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521.053).
Provide this notice.
We are required to give you this Notice of our legal duties and privacy practices with respect to your PHI and to abide by the terms of the Notice currently in effect.
No retaliation.
We will not retaliate against you for filing a complaint or exercising any right described in this Notice. Your continued access to the Peacefull companion service will not be affected by the exercise of a privacy right.
Minimum necessary.
When we use or disclose PHI — or request PHI from another covered entity — we apply the minimum-necessary standard consistent with our obligations under HIPAA.
Changes to this Notice.
We reserve the right to change the terms of this Notice and to make the revised Notice effective for all PHI we maintain, including PHI we created or received before the revision. Material changes will be posted on this page with a new effective date and communicated in-product and via email to the account holder at least 30 days before they take effect. Prior versions are retained in our public legal changelog.
How to file a complaint.
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. No retaliation will be taken against you for filing a complaint.
With Peacefull.
Write to our Privacy Officer at privacy@peacefull-ai.io. We will acknowledge receipt within five business days and respond within 30 days.
With HHS Office for Civil Rights.
You may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, by writing to 200 Independence Avenue SW, Washington DC 20201, by calling 1-877-696-6775, or through the OCR complaint portal at hhs.gov/ocr/complaints/.
Privacy Officer.
Questions about this Notice, requests to exercise a right above, or concerns about how your PHI has been handled should be directed to our Privacy Officer:
Alex Rodriguez, Privacy Officer
R & S Enterprises (d/b/a Peacefull-ai)
privacy@peacefull-ai.io
A paper copy of this Notice is available on request.