Privacy Policy
Last updated October 31, 2025
1) Scope: website vs. health records
This Privacy Policy explains how we handle information collected through our website only. Information created or received in the course of psychotherapy is Protected Health Information (PHI) governed by HIPAA and our Notice of Privacy Practices, available in the SimplePractice client portal. If anything here conflicts with our HIPAA Notice, the HIPAA Notice controls.
2) Information we collect on this website
You provide: name, email, phone, and message content when you submit a contact form or email us.
Automatic data: IP address, device/browser type, pages viewed, timestamps, and basic diagnostic/log data.
Cookies/analytics (optional): We may use essential cookies for site functionality and, if enabled, privacy-respecting analytics to understand aggregate usage. See “Cookies” below for your choices.
We do not use website data to make clinical decisions and we do not sell personal information.
3) How we use website information
Respond to inquiries and schedule consultations
Operate, secure, troubleshoot, and improve the website
Maintain communication records and comply with legal obligations
No emergency use: Website forms and email are not for crisis or urgent messages.
4) When we share website information
We may share limited website-collected personal information with:
Service providers: e.g., Squarespace (hosting), email/IT/security vendors, analytics providers (if enabled) under contracts that restrict use.
Professional advisors: legal/IT/security under confidentiality.
Authorities: if required by law or to protect rights, safety, or security.
PHI is shared only as permitted by HIPAA and our HIPAA Notice.
5) Email, forms, and security
Email and standard web forms may not be fully secure. Please avoid sending sensitive details via the website. Once you become a client, use the SimplePractice portal for confidential communication whenever possible.
6) Data retention
We keep website inquiry data only as long as necessary for the purposes above or as required by law. Clinical records are retained per HIPAA and Massachusetts law (see HIPAA Notice).
7) Your choices & rights
Contact us to request access, correction, or deletion of website inquiry data where applicable.
Cookies/analytics controls: You can adjust your browser settings to refuse non-essential cookies or use our cookie banner (if enabled).
PHI rights: Your HIPAA rights (access, amendment, restrictions, accounting) are described in our HIPAA Notice.
8) Cookies and analytics (simple version)
We use essential cookies so the site works properly. If we enable analytics, we will use privacy-respecting settings (e.g., IP masking/aggregation) to understand traffic patterns. You can opt out via our cookie banner (if enabled) and/or your browser settings.
Optional add-ons (choose if applicable):
Google Analytics 4: configured with IP anonymization and data retention limits.
No advertising/retargeting pixels are used on this site. (If you ever add Meta Pixel or ads, update this section.)
9) Children’s privacy
This website is not directed to children under 13, and we do not knowingly collect personal information from children via the website.
10) Links to other sites
We may link to third-party sites and services (including the SimplePractice client portal). Those sites have their own privacy policies and security practices.
11) Geographic notice
We provide psychotherapy to clients located in Massachusetts at the time of service. The website may be accessed from other locations; by using it, you understand your data may be processed in the United States.
Optional EEA/UK note: If you are in the EEA/UK, you may have additional rights under local law. Contact us to exercise any applicable rights.
12) Changes to this policy
We may update this Privacy Policy from time to time. The “Effective date” above reflects the latest version. Material changes will be noted on this page.
13) How to contact us
Questions or requests about this Privacy Policy: kat@therapywithkatmontague.com