Privacy Policy

We know privacy matters, especially when it comes to ADHD, mental health, and personal reflection. Here’s a plain-English overview of how privacy works at Shimmer and in Indy by Shimmer.

What we collect

  • Information you choose to share, like account details, reflections, goals, or messages
  • Coaching-related information if you participate in 1:1 ADHD coaching
  • App and website usage data to help us understand what’s working and what’s not
  • Payment information (processed securely by third-party providers like Stripe)

How we use your information

  • To provide and improve Shimmer ADHD coaching and Indy, our AI-powered ADHD support app
  • To personalize your experience and support what matters most to you
  • To communicate with you about the Service, updates, or support
  • To improve our tools through research, analysis, and product development

AI and Indy

  • Indy provides supportive insights and reflections and is not intended to provide medical advice, diagnosis, or treatment.
  • Indy uses artificial intelligence, including third-party providers such as OpenAI, to generate responses and insights
  • Your identifiable information is not used to train external AI models without your explicit consent
  • When AI is involved, we use de-identified, anonymized, or aggregated data unless you explicitly consent otherwise

Research and insights

  • We may use anonymous, aggregated, or de-identified data to better understand ADHD and improve our Services
  • These insights may be shared in blog posts, reports, or presented at conferences or educational events
  • We never share information that identifies you personally

What we don’t do

  • We don’t sell your personal data
  • We don’t allow third parties to use your data to train their own AI models
  • We don’t share individual coaching sessions or Indy entries with employers, schools, or other organizations

Your choices

  • You can opt out of session recordings
  • You can unsubscribe from marketing emails
  • You can request access to, correction of, or deletion of your information
  • You can contact us at privacy@shimmer.care with questions or concerns

Our intent

Our goal is simple: to build better tools and support for people with ADHD. We use privacy-protective practices so we can learn what works, without compromising your trust.

Effective as of May 1, 2022

Last updated on January 5, 2026

This “Privacy Policy” describes the privacy practices of Shimmer, Inc. and our subsidiaries and affiliates (collectively, “Shimmer”, “we”, “us”, or “our”) in connection with the https://shimmer.care website or any other website that we own or control and which posts or links to this Privacy Policy (collectively, the “Sites”), any other feature and services available through our Sites and through mobile and desktop or device applications (collectively, the “Service”), and our direct marketing communications. The “Service” includes Shimmer’s ADHD coaching services as well as Indy by Shimmer, our AI-powered mobile and web application that provides ADHD-aligned support, reflection, and scaffolding. We leverage third-party artificial intelligence providers, including OpenAI, to generate responses and insights based on user input, subject to the data protections and limitations described in this Privacy Policy. By registering as a member or by visiting, browsing, or using the Service in any way, you (as a “user”) you acknowledge and agree to the practices described in this Privacy Policy, which forms a binding agreement between you and Shimmer.

Shimmer is committed to protecting the privacy of your Personal Information. Personal Information is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition; related health care services; or related to the past, present, or future payment for the provision of health care to you.

Table of Contents

Personal Information We Collect

How We Use Your Personal Information

How We Share Your Personal Information

Your Choices

Other Sites, Mobile Applications and Services

Security Practices

International Data Transfers

Children

Changes to this Privacy Policy

How to Contact Us

 

Personal Information We Collect

Information you provide to us.  Personal information you provide to us through the Service or otherwise may include:

  • Account Information, such as your first and last name, gender, email and mailing addresses, and password when you create an account to log in to our network (“Account”).
  • Content you choose to upload to the Service, such as text, images, audio and video, along with the metadata associated with the files you upload, including any information shared during a coaching session or entered into Indy (such as reflections, prompts, goals, or free-form responses).
  • Session Records, which is a record with the minimum information your coach would need to identify you and document the Service you received. This includes internal notes and dates you received services.
  • Registration information, such as information that may be related to a service or a webinar or other training opportunity for which you register.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us.
  • Demographic information, such as your city, state, country of residence, and zip code.
  • Usage information, such as information about how you use the Service and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Service.
  • Financial data, such as the credit card or other payment card details that you use to pay for the Service, and your Service-related billing information and transaction history.
  • Marketing information, such as information including your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
  • Other information that we may collect that is not specifically listed here but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from social media platforms. We may maintain pages for Shimmer on social media platforms, such as LinkedIn, Twitter, Facebook and other third party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platforms, and we will treat such information in accordance with this Privacy Policy.

Information we obtain from other third parties

We may receive personal information about you from third-party sources, such as business partners, marketing partners, publicly available sources, and data providers.

Cookies and Other Information Collected by Automated Means          

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, the website you visited before browsing to our websites, general location information such as city, state or geographic area, and information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.  Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications. For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), and similar technologies.  We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Service and in our HTML formatted emails to track the actions of users on our websites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our Service, so that we can manage our content more effectively.

See below for information about your choices with respect to cookies and other technologies.

Audio & Video Data 

We may record coaching sessions provided through our Service with the express consent of both the coach and the user (each a “Recording”). If you have consented to a Recording, it will be used to inform analyses on the quality and effectiveness of your coaching session. The session recording may be used in the following ways: 

  • Analysis of aggregate call statistics such as number of speaker turns.      
  • Text analysis including full transcript, key words, themes, and sentiment of words.
  • Audio analysis.     
  • Video analysis which may include facial expressions and body language. 

We have developed software to view and analyze these sessions and derive insights from them in a deidentified manner to improve your experience and our Service. When Shimmer uses the term “deidentified” we understand this is useful as a data minimization technique and included within this term is a commitment not to re-identify the data unless necessary to provide the Service to you.  Shimmer is constantly looking for ways to improve our services. Occasionally in our pursuit of the best tools to provide the analysis we need to serve our Users, we may use third party vendors to assist with analyzing this data. When working with third party vendors, Shimmer’s priority is to provide data in a deidentified manner and will ensure that your data remains confidential to your experience with Shimmer. Shimmer requires all third party vendors to certify in contract they will never sell data and will maintain strict privacy and security controls for all data they may have access to as a result of working with Shimmer. Occasionally, the third party vendors providing analysis of this data may utilize artificial intelligence. That means, in addition to the contractual protections noted above, any data received from Shimmer cannot be used to train their algorithms or data models and must be immediately deleted after providing the requested analysis.  Any data shared with our third party vendors remains encrypted in transit.  The Recordings will be securely stored in our data center in the United States and our employees can access them on a need-to-know basis only.  If our Service is provided to you through your employer or other organization, they will never receive access to your individual recording although they may see aggregate and de-identified analysis of all users from the organization using our Service so long as our data scientists can confirm a minimum threshold of users from your organization to maintain anonymity. 

Insights derived from de-identified session recordings may also inform the design, evaluation, and improvement of Indy’s AI-driven features, in accordance with the data use limitations described in this Privacy Policy.

Health Information 

Shimmer's Service does not collect any Protected Health Information as that is defined under the Health Insurance Portability and Accountability Act (“HIPAA”) and the use of our Service does not require HIPAA compliance.  Additionally, Shimmer is not considered a Covered Entity under HIPAA.  Shimmer acknowledges and understands the definition of health information is more expansive under GDPR and other privacy regulations, to include general well-being and any data relating to a person’s physical or mental health; therefore, Shimmer handles all health information as sensitive and has implemented additional security and privacy protocols for all health-related information.  

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

To operate the Service.  We use your personal information to:

  • provide, operate and improve the Service;
  • provide information about our products and services;
  • communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • communicate with you about coach services in which you participate;
  • communicate with you about webinars and other training opportunities;
  • understand your needs and interests, and personalize your experience with the Service and our communications;
  • provide support and maintenance for the Service; or
  • respond to your requests, questions, and feedback.

For research and development.  We may use your personal information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our Services, products, marketing, and your overall experience. 

We may store and use personal information and usage data to develop, train, evaluate, and improve Shimmer’s and Indy’s features, including our machine learning and artificial intelligence systems.

When we use third-party AI providers (such as OpenAI), we do so in a manner designed to protect your privacy. Unless we obtain your prior explicit consent, any data shared with such providers is de-identified, anonymized, or aggregated, and is not used by those providers to train their own models.

To send you marketing and promotional communications.  We may send you marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below. 

To comply with law. We use your personal information — as we believe necessary or appropriate — to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.  

For compliance, fraud prevention, and safety.  As we believe necessary or appropriate, we may use your personal information and disclose it to law enforcement, government authorities, and private parties to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent.  In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create anonymous, aggregated or de-identified data.  We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect.  We make personal information into anonymous, aggregated or de-identified data by removing or not utilizing information that makes the data personally identifiable to you.  We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and to promote our business.  

Research and Insights Sharing

As part of our mission to improve ADHD support, we may use anonymous, aggregated, or de-identified data derived from Shimmer coaching services and Indy usage to conduct internal research, generate insights, and evaluate effectiveness.

This research may be shared externally in academic papers, blog posts, public reports, or presentations at conferences, workshops, or industry events, including those focused on ADHD, mental health, coaching, behavioral science, or technology.

These materials will never include information that identifies you personally, and we apply safeguards to reduce the risk of re-identification. Our intent in sharing these insights is to advance understanding and improve support for people with ADHD, including individuals like you.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy:

Affiliates.  We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers.  We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our business (such as customer support, artificial intelligence, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

Other users. Other parties, such as other members or coaches in the Service,  may be able to view your content when you provide such content to your public user profile or voluntarily disclose it in a manner that other users or the public can view. We do not control how other users or third parties use any personal information that you make available to them.

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processor, Stripe, and we never physically receive or store your full payment card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with its own Privacy Policy here: https://stripe.com/privacy.

Business partners. We may share information with integration, joint marketing, and other business partners that provide products and services that we believe may be of interest to you. These business partners may use the information we share with them for their own purposes. You may opt out of our sharing of your information with such business partners by following the instructions provided below.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.  

Business transfers.  We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor the Privacy Policy.

Your Choices 

In this section, we describe the rights and choices available to all users.

Access or update your information. You may request to review and update certain personal information by contacting us at privacy@shimmer.care.

Opt out of Shimmer recordings. You may opt out of having your coaching sessions recorded and/or transcribed by contacting us at privacy@shimmer.care. You understand that certain Services may not be functional after opting out.

Opt out of Shimmer marketing communications.  You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@shimmer.care. You may continue to receive service-related and other non-marketing emails.  

Cookies and other technologies.  Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Service may not work properly.  

Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Opt out of sharing.  You may opt out of our sharing of your information with integration, joint marketing and other business partners by emailing us at privacy@shimmer.care, using the subject line “Opt Out of Sharing”.

Do not track.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

California Privacy Rights

California residents have the right to limit the use and disclosure of Sensitive Personal Information, as defined by the California Privacy Rights Act. Shimmer does not use Sensitive Personal Information for purposes other than providing and improving the Service, conducting research, ensuring security, and complying with law.

Other Sites, Mobile Applications and Services

The Service may contain links to other websites, mobile applications, and other online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages, in mobile applications or on online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions.  Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites, mobile applications and online services that you use.

Security Practices

The security of your personal information is important to us.  We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International Data Transfers

Our headquarters is in the United States and we have service providers in other countries.  Your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.  

Children 

The Service is not directed to, and we do not knowingly collect personal information from, anyone under the age of 13.  If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.  We encourage parents with concerns to contact us.

Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. We may (and if required by law will) also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if we have your contact information) or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Privacy Policy or privacy practices to privacy@shimmer.care.  You may also write to us via postal mail at:

        

Shimmer, Inc.

Attn: Legal

1015 Fillmore St. #12411

San Francisco, CA 94115

European Economic Area (EEA) & United Kingdom Privacy Addendum

This section applies to individuals located in the European Economic Area (EEA) or the United Kingdom and supplements the Privacy Policy above. To the extent of any conflict, this Addendum applies for EEA and UK users.

Legal Bases for Processing

Where the General Data Protection Regulation (“GDPR”) or UK GDPR applies, Shimmer processes personal data on one or more of the following legal bases:

  • Performance of a contract, where processing is necessary to provide and operate the Service, including Shimmer’s ADHD coaching services and Indy by Shimmer;
  • Legitimate interests, including improving, securing, and maintaining the Service; developing and evaluating AI-powered features; conducting internal research and analytics; and preventing fraud or misuse, provided such interests are not overridden by the rights and freedoms of individuals; and
  • Consent, where required by applicable law or where Shimmer explicitly requests it (such as for session recordings or certain optional features).

Artificial Intelligence and Automated Processing

Indy by Shimmer uses artificial intelligence to generate supportive insights, reflections, and guidance based on user input.
Shimmer does not engage in solely automated decision-making that produces legal or similarly significant effects on individuals within the meaning of Article 22 of the GDPR.

Research and De-Identified Data

Shimmer may process personal data for research and development purposes, including evaluating and improving the effectiveness of its Services and AI-powered features. Where feasible, such research is conducted using anonymous, aggregated, or de-identified data.

Research findings and insights may be shared publicly, including through publications, reports, or presentations at conferences or educational events, in a manner that does not identify any individual.

International Data Transfers

Personal data may be transferred to and processed in the United States or other countries outside the EEA or UK. Where required, Shimmer relies on appropriate safeguards to protect personal data, such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

Your GDPR Rights

Subject to applicable law, individuals in the EEA and UK have the right to:

  • request access to their personal data;
  • request correction or deletion of personal data;
  • object to or request restriction of processing;
  • request data portability; and
  • withdraw consent at any time, where processing is based on consent.

You may exercise these rights by contacting privacy@shimmer.care.

You deserve to shimmer.

About usScienceFor coachesFor Providers
Coaching for TeensADHD BlogThe ADHD GuideThe ADHD Podcast
© 2025 Shimmer. All rights reserved.
Privacy PolicyTerms of Service
Manage your preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.