NOTICE OF PRIVACY POLICY.

Intentional Therapy PLLC
Effective Date: October 22, 2025
Last Updated: October 22, 2025

INTRODUCTION

Intentional Therapy PLLC ("we," "us," or "our") is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at www.intentionaltherapypllc.com (the "Website") or use our services.

This Privacy Policy applies to information collected through our Website, including our client portal. If you are a current or former client, please also refer to our Notice of Privacy Practices (HIPAA Notice), which provides detailed information about how we handle your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

Contact Information for Privacy Inquiries:
Email: info@intentionaltherapypllc.com
Phone: (214) 506-8096

INFORMATION WE COLLECT

1. Information You Provide Directly

Through Website Contact Forms:

  • Name

  • Email address

  • Phone number

  • Message content

  • Reason for inquiry

Through Client Portal and Intake Forms:

  • Personal identification information (name, date of birth, address)

  • Contact information (phone, email)

  • Insurance information

  • Medical and mental health information

  • Treatment history

  • Emergency contact information

  • Payment and billing information

Through Appointment Scheduling:

  • Appointment dates and times

  • Preferred therapist

  • Session type (individual, couples, family, telehealth)

2. Information Collected Automatically

Website Usage Information:

  • We currently do not use cookies or tracking technologies

  • Our website hosting provider (Squarespace) may collect basic server logs including IP addresses for security purposes

  • We do not use analytics tools like Google Analytics on our public website

Client Portal:

  • Login information and activity within the secure TherapyAppointment portal is collected by our EHR system for security and record-keeping purposes

3. Information from Third Parties

We may receive information from:

  • Insurance companies (coverage verification, claims processing)

  • Healthcare providers (with your authorization)

  • Billing services

  • Previous therapists or treatment facilities (with your written consent)

HOW WE USE YOUR INFORMATION

Website Visitors (Non-Protected Information)

We use information collected through our Website contact forms to:

  • Respond to your inquiries about our services

  • Schedule initial consultations

  • Provide information about our practice

  • Send appointment confirmations

  • Improve our Website and services

  • Comply with legal obligations

Current and Former Clients (Protected Health Information)

For current and former clients, we use your Protected Health Information (PHI) as described in our Notice of Privacy Practices, which you receive when you begin services. Generally, we use PHI to:

  • Provide mental health treatment and care coordination

  • Process billing and insurance claims

  • Schedule and confirm appointments

  • Send appointment reminders (via email, text, or phone based on your consent)

  • Comply with legal and regulatory requirements

  • Conduct required reporting (child abuse, elder abuse, imminent danger)

HOW WE SHARE YOUR INFORMATION

Website Contact Form Information (Non-PHI)

We do not sell, rent, or share contact form information with third parties for marketing purposes. We only share this information with:

  • Our staff: To respond to your inquiry and schedule appointments

  • Legal authorities: When required by law

Protected Health Information (PHI)

For current and former clients, we may share your PHI as permitted under HIPAA and as detailed in our Notice of Privacy Practices. Generally, we may share PHI with:

Without Your Authorization:

  • Treatment purposes: With other healthcare providers involved in your care (with your consent)

  • Payment purposes: With insurance companies, billing services, and payment processors to obtain payment for services

  • Healthcare operations: With business associates (supervisors, consultants, EHR providers) who are bound by confidentiality agreements

  • Legal requirements: When required by law, court order, or to report suspected abuse, neglect, or imminent danger

With Your Written Authorization:

  • Family members or others you designate

  • Other healthcare providers for coordination of care

  • Legal representatives, attorneys, or courts (except when required by law)

  • Schools or employers (for accommodations, disability claims, etc.)

Third-Party Service Providers

We work with trusted third-party service providers who assist us in operating our Website and delivering our services. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information:

  • TherapyAppointment: Our HIPAA-compliant EHR and practice management system that stores client records, processes payments, and manages scheduling. TherapyAppointment is bound by a Business Associate Agreement (BAA) and complies with HIPAA security and privacy requirements.

  • Google Calendar: Used for internal scheduling coordination (no PHI is stored in Google Calendar)

  • Zoom and Google Meet: HIPAA-compliant video telehealth platforms used for virtual therapy sessions. Both platforms are configured to meet HIPAA requirements and are covered by Business Associate Agreements.

  • Squarespace: Our website hosting provider, which may have access to basic server logs and contact form submissions

  • Insurance billing services: Third-party billing partners who submit and track insurance claims on our behalf (covered by BAA)

All business associates who handle PHI are required to sign Business Associate Agreements and comply with HIPAA security and privacy standards.

COOKIES AND TRACKING TECHNOLOGIES

We do not currently use cookies or tracking technologies on our Website. This means:

  • We do not use analytics tools (like Google Analytics)

  • We do not use advertising pixels or tracking (Facebook Pixel, Google Ads)

  • We do not track your browsing behavior across websites

  • We do not use cookies for website functionality or preferences

Squarespace (our hosting provider) may use minimal cookies for security purposes only.

If we decide to implement cookies or tracking in the future, we will update this Privacy Policy and provide notice on our Website.

YOUR PRIVACY RIGHTS

You have the following rights regarding your information:

For Website Visitors:

  • Access: Request to see what information we have collected from you through contact forms

  • Correction: Request correction of inaccurate information

  • Deletion: Request deletion of your contact form submission (subject to legal retention requirements)

  • Opt-Out: Opt out of future communications by contacting us

For Current and Former Clients:

As a healthcare provider, we must comply with HIPAA, which provides you with specific rights regarding your Protected Health Information. Please see our Notice of Privacy Practices for complete details. Generally, you have the right to:

  • Access your records: Request a copy of your medical records

  • Amend your records: Request corrections to your records

  • Accounting of disclosures: Request a list of certain disclosures we have made

  • Request restrictions: Request limits on how we use or disclose your PHI (we are not required to agree)

  • Confidential communications: Request that we communicate with you in a specific way or at a specific location

  • Revoke authorization: Revoke any authorization you previously gave us (except to the extent we have already acted)

  • Receive paper copy: Receive a paper copy of our Notice of Privacy Practices

To exercise your rights, contact us at:
Email: info@intentionaltherapypllc.com
Phone: (214) 506-8096

DATA SECURITY

We take the security of your information seriously and implement appropriate technical, physical, and administrative safeguards:

Technical Safeguards:

  • SSL/TLS encryption (https://) for all website communications

  • HIPAA-compliant, encrypted data storage through TherapyAppointment EHR

  • Password-protected systems and client portal

  • Two-factor authentication for client portal and administrative access

  • Secure, encrypted email for PHI communications (when necessary)

  • Encrypted video platforms for telehealth (Zoom and Google Meet with HIPAA-compliant settings)

Physical Safeguards:

  • Secure storage of any physical records

  • Limited access to records based on role and necessity

  • Virtual practice model reduces physical security risks

Administrative Safeguards:

  • Staff training on HIPAA privacy and security requirements

  • Business Associate Agreements with all third-party vendors who handle PHI

  • Regular security assessments and policy reviews

  • Incident response procedures for potential breaches

Important Note: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

DATA RETENTION

Website Contact Forms: We retain contact form submissions for one (1) year from the date of submission, or until you request deletion.

Client Records (PHI):

  • Texas clients: We retain records for at least seven (7) years after the last date of service for adults. For clients who were minors, records are retained until the client turns 21 or for ten (10) years after the last date of service, whichever is longer.

  • Florida clients: We retain records for at least seven (7) years from the last date of contact, or longer as required by law.

Billing and Financial Records: Retained for seven (7) years as required by tax and business regulations.

Data Deletion: We manually delete records after the required retention period has expired. You may request early deletion of certain non-PHI information, but we cannot delete PHI that we are legally required to retain.

CHILDREN'S PRIVACY

We provide mental health services to minors (individuals under age 18) with appropriate parental/guardian consent. When we collect information from or about minors:

  • We obtain parental/guardian consent before collecting PHI from minors

  • We comply with COPPA (Children's Online Privacy Protection Act) for children under 13

  • Parents/guardians have rights to access and control their child's information (subject to state-specific laws regarding adolescent consent)

  • We do not knowingly collect information from children under 13 through our Website without parental consent

State-Specific Provisions:

  • Texas: Minors age 16+ may consent to their own mental health treatment and control access to their records

  • Florida: Minors under 18 generally require parental consent for treatment, with limited exceptions

For more information about minors' rights and parental access, please see our Informed Consent for Services.

TELEHEALTH PRIVACY

When you participate in telehealth sessions via Zoom or Google Meet:

  • All sessions are conducted on HIPAA-compliant platforms with encryption

  • We do not record sessions without your explicit written consent

  • You are responsible for ensuring your location is private during sessions

  • You must inform us of your physical location at the start of each session (required for emergency purposes)

  • Video platforms may collect technical data (connection quality, device type) for functionality purposes

Please refer to our Telehealth Consent Form for complete information about telehealth privacy and security.

LINKS TO THIRD-PARTY WEBSITES

Our Website contains links to social media platforms (Facebook, Instagram, LinkedIn) and may contain links to other third-party websites. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make changes:

  • We will update the "Last Updated" date at the top of this policy

  • We will post the updated policy on our Website

  • For material changes, we may provide additional notice (via email or prominent notice on our Website)

  • Continued use of our Website or services after changes indicates acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

HIPAA NOTICE OF PRIVACY PRACTICES

This Privacy Policy is intended to supplement, not replace, our HIPAA Notice of Privacy Practices. All current and former clients receive our Notice of Privacy Practices, which provides detailed information about:

  • How we use and disclose your Protected Health Information

  • Your rights under HIPAA

  • Our legal duties regarding your PHI

  • How to file a complaint if you believe your privacy rights have been violated

If you have not received our Notice of Privacy Practices or would like another copy, please contact us at info@intentionaltherapypllc.com.

STATE-SPECIFIC PRIVACY RIGHTS

Texas Residents

Texas law provides additional privacy protections for mental health records. We comply with all applicable Texas laws regarding confidentiality of mental health information.

Florida Residents

Florida law provides specific protections for mental health and substance abuse treatment records. We comply with all applicable Florida laws regarding confidentiality of mental health information.

BREACH NOTIFICATION

In the event of a data breach that affects your Protected Health Information, we will:

  • Notify you without unreasonable delay, and in no case later than 60 days after discovery of the breach

  • Provide information about what happened, what information was involved, and steps you can take to protect yourself

  • Notify the U.S. Department of Health and Human Services if required

  • Comply with all applicable state breach notification laws

If a breach affects only non-PHI information (such as contact form submissions), we will notify affected individuals as required by applicable law.

CONTACT US

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

Intentional Therapy PLLC
Email: info@intentionaltherapypllc.com
Phone: (214) 506-8096

Office Hours:
Monday - Thursday: 9:00 AM - 6:00 PM CT
Friday: 9:00 AM - 5:00 PM CT

FILING A COMPLAINT

If you believe your privacy rights have been violated, you have the right to file a complaint:

With Our Practice:
Email: info@intentionaltherapypllc.com
Phone: (214) 506-8096

With State Licensing Boards:

  • Texas: Texas State Board of Examiners of Professional Counselors: (512) 305-7700 | www.bhec.texas.gov

  • Florida: Florida Board of Clinical Social Work, Marriage & Family Therapy and Mental Health Counseling: (850) 245-4474 | www.flhealthsource.gov

With Federal Authorities:

  • U.S. Department of Health and Human Services, Office for Civil Rights:
    Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
    Phone: 1-877-696-6775

You will not be retaliated against for filing a complaint.

CONSENT AND ACKNOWLEDGMENT

By using our Website, scheduling an appointment, or accessing our client portal, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

For clients receiving services, you will also sign our Informed Consent for Services and receive our Notice of Privacy Practices, which provide additional detail about how we handle your Protected Health Information.