top of page

Privacy Policy

1. Information We Collect

We collect information to provide effective therapy services and improve your experience. The types of information we collect include:

a. Personal Information

  • Contact Information: Your name, email address, phone number, and mailing address provided through intake forms, contact forms, or scheduling tools.

  • Payment Information: Billing details (e.g., credit card information) processed securely through third-party payment processors for session fees.

  • Protected Health Information (PHI): Health-related information necessary for therapy, such as intake forms, relationship history, session notes, treatment plans, or diagnoses. This information is handled with the highest level of confidentiality under HIPAA [and other applicable laws].

b. Non-Personal Information

  • Usage Data: Information about your interaction with the Site, such as IP address, browser type, pages visited, and time spent on the Site, collected to improve functionality.

  • Cookies and Tracking Technologies: We use cookies or similar technologies to enhance your experience and analyze Site performance. You can manage cookie preferences through your browser settings.

c. Information from Third Parties

  • We may receive information from third-party platforms (e.g., scheduling tools like Calendly, telehealth platforms like Doxy.me, or payment processors like Stripe) in accordance with their privacy policies and HIPAA compliance requirements.
     

2. How We Use Your Information

We use your information to provide high-quality therapy services and maintain a secure, user-friendly Site. Specifically, we use your information to:

  • Deliver couples and marriage therapy, including session planning, note-taking, and treatment coordination.

  • Schedule appointments and send reminders.

  • Process payments for services.

  • Communicate with you, such as responding to inquiries or sending administrative updates (e.g., appointment confirmations).

  • Comply with legal and ethical obligations, including HIPAA and professional standards set by organizations like the [American Counseling Association or relevant body].

  • Improve our Site and services through analytics (e.g., understanding how users navigate the Site).

  • Send optional newsletters or educational resources about relationships and therapy (you may opt out at any time).
     

3. How We Share Your Information

We do not sell, rent, or share your personal or health information except in the following limited circumstances:

a. Service Providers

  • We share information with trusted third-party vendors who assist with our operations (e.g., telehealth platforms, payment processors, or electronic health record systems). These vendors are HIPAA-compliant (if applicable) and bound by confidentiality agreements.

b. Legal and Ethical Obligations

  • We may disclose information when required by law or professional ethics, including:

    • To prevent harm to you or others (e.g., imminent risk of self-harm, harm to others, or abuse reporting as mandated by law).

    • In response to legal processes (e.g., court orders, subpoenas).

    • To comply with regulatory requirements (e.g., audits by licensing boards).

c. With Your Consent

  • We may share information with other professionals (e.g., for coordinated care) only with your written consent.

d. Business Transfers

  • In the event of a merger, acquisition, or sale of our practice, your information may be transferred as part of the transaction. We will notify you of any such change as required by law.

e. Limits of Confidentiality

  • As therapists, we uphold strict confidentiality. However, confidentiality is not absolute. We are legally and ethically obligated to disclose information in cases of suspected abuse, imminent harm, or as required by law (see Section 3b).
     

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure the Site functions properly (e.g., remembering your preferences).

  • Analyze Site usage to improve performance and user experience.

You can disable cookies through your browser settings, but this may affect your ability to use certain Site features. We do not use cookies for targeted advertising or share usage data with third parties for marketing purposes.
 

5. Data Security

We implement robust safeguards to protect your personal and health information, including:

  • Encryption: Secure transmission of data (e.g., via HTTPS) and encrypted storage of PHI.

  • HIPAA-Compliant Systems: Use of secure platforms for telehealth, scheduling, and record-keeping.

  • Access Controls: Limiting access to your information to authorized personnel only.

While we take every reasonable precaution, no system is entirely immune to risks. In the unlikely event of a data breach, we will notify affected individuals as required by law (e.g., within 72 hours under GDPR, if applicable).
 

6. Your Choices and Rights

You have rights regarding your personal and health information, subject to applicable laws:

a. HIPAA Rights (U.S. Clients)

  • Access: Request a copy of your PHI.

  • Amendment: Request corrections to inaccurate PHI.

  • Accounting of Disclosures: Request a list of certain disclosures of your PHI.

  • Restrictions: Request limits on how we use or share your PHI (though we may not always be able to comply).

b. GDPR Rights (EU Clients, if applicable)

  • Access and Portability: Request a copy of your data in a structured format.

  • Rectification: Correct inaccurate data.

  • Erasure: Request deletion of your data, subject to legal obligations.

  • Restriction and Objection: Limit or object to certain data processing.

c. CCPA Rights (California Residents)

  • Know: Request details about the personal information we collect or share.

  • Delete: Request deletion of your personal information, subject to exceptions.

  • Opt-Out: We do not sell your information, so no opt-out is necessary.

To exercise these rights, contact us at [Your Contact Email or Phone Number]. We will respond within the required timeframes (e.g., 30 days for GDPR, 45 days for CCPA, promptly for HIPAA).

d. Communication Preferences

  • You may opt out of non-essential communications (e.g., newsletters) by clicking “unsubscribe” in emails or contacting us.
     

7. Telehealth and Online Services

If you participate in online couples therapy, we use HIPAA-compliant platforms (e.g., [list platforms, e.g., Doxy.me, Zoom for Healthcare]) to ensure security. Please note:

  • Online therapy involves inherent risks (e.g., potential for interception), though we minimize these with encryption and secure systems.

  • You are responsible for ensuring a private, secure environment during sessions.

  • Third-party platforms have their own privacy policies, which we encourage you to review.
     

8. Third-Party Links

Our Site may include links to third-party websites or services (e.g., scheduling or payment platforms). We are not responsible for their privacy practices. Please review their policies before providing information.
 

9. International Data Transfers

If you are located outside [Your Country, e.g., the United States], your information may be processed in [Your Country]. We take steps to ensure compliance with international data protection laws (e.g., GDPR for EU clients) through appropriate safeguards.
 

10. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect information from minors. If we learn we have collected such information, we will delete it promptly.
 

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our Site or via email. The “Effective Date” at the top indicates the last revision.
 

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Comeback Story Counseling

mike@nocostory.com

970-316-3939

bottom of page