[name of website] Privacy Policy
Introduction
This Privacy Policy outlines [fill in applicable company name] (" we ", " our " or " the Company ") practices with respect to information collected from users who access our website at [Fill in applicable linkable address] (" Site "), or otherwise share personal information with us (collectively: " Users ").
Grounds for data collection
Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter " Personal Information ") [add explanation regarding the legal grounds for processing personal information, such as:]
is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.
When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.
We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.
What information we collect?
We collect two types of data and information from Users.
The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“ Non-personal Information ”). We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).
The second type of information Personal Information which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:
- Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID) and other information which relates to your activity through the Site.
- [add types of personal information collected, and respective explanations, such as:]
- Registration information: When you register to our Site you will be asked to provide us certain details such as: full name; e-mail or physical address, and other information.
- …
- …
How do we receive information about you?
We receive your Personal Information from various sources:
- When you voluntarily provide us your personal details in order to register on our Site;
- When you use or access our Site in connection with your use of our services;
- From third party providers, services and public registers (for example, traffic analytics vendors).
What information we collect?
We do not rent, sell, or share Users’ information with third parties except as described in this Privacy Policy.
We may use the information for the following:
- [ add types of detailed uses, such as:]
- Communicating with you – sending you notices regarding our services, providing you with technical information and responding to any customer service issue you may have;
- To communicate with you and to keep you informed of our latest updates and services;
- To serve you advertisements when you use our Site (see more under "Advertisements");
- To market our websites and products (see more under "Marketing");
- Conducting statistical and analytical purposes, intended to improve the Site.
- …
In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies and subcontractors.
In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our trusted third party providers, who may be located in different jurisdictions across the world, for any of the following purposes:
- Hosting and operating our Site;
- [Add and amend relevant types of third parties, such as:]
- Providing you with our services, including providing a personalized display of our Site;
- Storing and processing such information on our behalf;
- Serving you with advertisements and assist us in evaluating the success of our advertising campaigns and help us retarget any of our users;
- Providing you with marketing offers and promotional materials related to our Site and services;
- Performing research, technical diagnostics or analytics;
We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.
User Rights
You may request to:
- Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information, together with supplementary information.
- Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format.
- Request rectification of your personal information that is in our control.
- Request erasure of your personal information.
- Object to the processing of personal information by us.
- Request to restrict processing of your personal information by us.
- Lodge a complaint with a supervisory authority.
However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
If you wish to exercise any of the aforementioned rights, or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:
[add contacts details] .
Retention
We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Cookies
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.
A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services.
The Site uses the following types of cookies:
a. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed;
b. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in;
c. 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access.
Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.
We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy .
Third party collection of information
Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.
This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy.
How do we safeguard your information?
We take great care in implementing and maintaining the security of the Site and your information. [explain about your security practices, such as: we employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorized use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy] . Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.
Transfer of data outside the EEA
Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.
Advertisement
We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser).
[Add information regarding opt-out options from personalized advertisements, such as:] You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative ("NAI") and the Digital Advertising Alliance ("DAA"). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/ .
Marketing
We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you.
Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists.
Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.
Corporate transaction
We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Minors
We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorization by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at [add applicable email address] .
Updates or amendments to this Privacy Policy
We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.
How to contact us
If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at [add applicable email address] .
Please complete the details of the company
Last Modified __________
Notice of Privacy Practices & Website Privacy Policy
Effective Date: January 1, 2026 · Last Updated: July 3, 2026
The short version
- Your privacy is the whole point. This is a plain-language summary of how we protect the information you share with us. The full legal notice is right below.
- What you tell us stays private. We share your information only with your permission — or when the law requires it, such as a safety emergency or a court order.
- We never sell your information.
- You're in control. You can see your records, ask us to correct something, request a copy, and tell us how you'd like to be contacted.
- Pay privately, stay private. If you pay out of pocket in full, you can ask us not to share that visit with your insurance — and we will honor it.
- Telehealth is secure. We use a HIPAA-compliant video platform and do not record sessions without your written permission.
- Questions? Reach Jason at info@ywtherapy.com or 757-713-9883.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Your Way Therapy ("we," "us," "our," or the "Practice") is a solo telehealth mental health practice operated by Jason Kelley, LCSW and licensed to provide services in Virginia, West Virginia, North Carolina, South Carolina, Illinois, Florida, and Texas. We are committed to protecting the privacy and confidentiality of your health information. We are required by law to maintain the privacy of Protected Health Information ("PHI"), to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect.
This document is divided into two parts:
- Part I — Notice of Privacy Practices (HIPAA): How we use and disclose your Protected Health Information, and your rights regarding that information.
- Part II — Website Privacy Policy: How we collect, use, and protect information through our website, online intake forms, and scheduling tools.
Part I — Notice of Privacy Practices (HIPAA)
1. Our Commitment to Your Privacy
Your Way Therapy understands that information about you and your health is personal and sensitive. We create a record of the care and services you receive so that we can provide quality care and comply with legal requirements. This Notice applies to all records of your care generated by the Practice, whether created by your provider or received from others.
The Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the HITECH Act and their implementing regulations (the "Privacy Rule" and "Security Rule"), governs how we may use and disclose your PHI. PHI is information that identifies you and relates to your past, present, or future physical or mental health condition, the provision of health care to you, or payment for that care.
2. How We May Use and Disclose Your Health Information Without Your Authorization
The following describes the ways we may use and disclose PHI. Not every use or disclosure will be listed, but all permitted uses and disclosures fall within one of the categories below.
2.1 For Treatment
We may use and disclose your PHI to provide, coordinate, and manage your mental health care and related services. For example, we may share information with another health care provider you are seeing, with your physician or psychiatrist for coordination of care, or with professionals we consult with about your care (consultation is conducted in a manner that protects your identity where possible).
2.2 For Payment
We may use and disclose your PHI to obtain payment for the services we provide. For example, we may share information with your health insurance plan to obtain prior authorization or to determine eligibility, submit claims, or to bill and collect payment. If you pay for a service out of pocket in full and ask us not to share that information with your health plan, we will honor that request as described in Section 4.
2.3 For Health Care Operations
We may use and disclose your PHI for our business operations — for example, quality assessment and improvement, reviewing the competence or qualifications of professionals, training, licensing, legal and auditing functions, and general administrative activities necessary to run the Practice.
2.4 Business Associates
We may share your PHI with third-party "Business Associates" that perform services on our behalf — such as our electronic health record/practice management system, telehealth video platform, online scheduling and intake provider, billing service, and email or document storage providers. We require each Business Associate, by written Business Associate Agreement, to appropriately safeguard your information consistent with HIPAA.
2.5 Appointment Reminders and Communications
We may contact you to provide appointment reminders, to discuss scheduling, or to share information about treatment alternatives or other health-related services. We will communicate with you using the contact methods and at the locations you authorize (see "Confidential Communications" under Your Rights).
3. Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object
We may use or disclose your PHI without your authorization in the following circumstances, to the extent permitted or required by law:
- As Required by Law. When federal, state, or local law requires it.
- To Avert a Serious Threat to Health or Safety. When necessary to prevent or lessen a serious and imminent threat to the health or safety of you or others, including disclosure to law enforcement or the person reasonably able to prevent or lessen the threat. This includes situations involving a risk of suicide or harm to others.
- Abuse, Neglect, or Domestic Violence. To report suspected abuse, neglect, or domestic violence to authorities as required or permitted by law. As a mental health provider, your provider is a mandated reporter in each state in which we are licensed.
- Public Health Activities. To public health authorities for purposes such as preventing or controlling disease, injury, or disability.
- Health Oversight Activities. To a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.
- Judicial and Administrative Proceedings. In response to a court or administrative order, subpoena, discovery request, or other lawful process, subject to applicable legal protections.
- Law Enforcement. For limited law enforcement purposes as permitted by law.
- Coroners, Medical Examiners, and Funeral Directors. As authorized by law.
- Workers' Compensation. As authorized by and to the extent necessary to comply with workers' compensation laws.
- Specialized Government Functions. For military, national security, or protective services as authorized by law.
- Decedents. To family members or others involved in a deceased individual's care, as permitted by law.
- Research. In limited circumstances, with appropriate privacy protections and oversight.
4. Uses and Disclosures Requiring Your Written Authorization
Other uses and disclosures of your PHI will be made only with your written authorization. In particular, the following always require your authorization:
- Psychotherapy Notes. Your provider may keep "psychotherapy notes" — notes documenting or analyzing the contents of a counseling session — separate from the rest of your record. With limited exceptions permitted by law, we will not use or disclose psychotherapy notes without your specific written authorization. These notes receive special protection under HIPAA and applicable state law.
- Marketing. Most uses and disclosures of PHI for marketing purposes.
- Sale of PHI. Any disclosure that constitutes a sale of PHI.
- Other Uses Not Described in This Notice.
You may revoke an authorization in writing at any time, except to the extent we have already acted in reliance on it. Revocation does not affect disclosures already made.
5. Your Rights Regarding Your Health Information
You have the following rights with respect to your PHI:
- Right to Inspect and Copy. You have the right to inspect and obtain a copy of your PHI in your designated record set, in the form and format you request if readily producible (including electronic copies). We may charge a reasonable, cost-based fee. In limited circumstances we may deny access, and you may have a right to have certain denials reviewed.
- Right to Request an Amendment. If you believe information in your record is incorrect or incomplete, you may request that we amend it. We may deny your request under certain circumstances and will provide a written explanation; you may submit a statement of disagreement.
- Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures we have made of your PHI, other than disclosures for treatment, payment, health care operations, and certain other exceptions.
- Right to Request Restrictions. You have the right to request a restriction on how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to all requests, except that we must agree to your request to restrict disclosure to a health plan for payment or health care operations if you have paid for the service in full, out of pocket.
- Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location (for example, by a specific phone number, email, or mailing address). We will accommodate reasonable requests.
- Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
- Right to Be Notified of a Breach. You have the right to be notified if there is a breach of your unsecured PHI.
To exercise any of these rights, please submit your request in writing to our Privacy Officer using the contact information in Section 9.
6. Special Protections and State Law
Mental health and substance use information often receives heightened protection under state law. Because Your Way Therapy is licensed in Virginia, West Virginia, North Carolina, South Carolina, Illinois, Florida, and Texas, your information is protected by both HIPAA and the laws of the state in which you receive services. Where a state law provides you greater privacy protection than HIPAA, we will follow the more protective law. Examples of areas where state law may impose additional requirements include:
- Confidentiality of mental health, psychotherapy, and substance use disorder records;
- Disclosures involving minors and the rights of parents or guardians;
- Specific consent or authorization requirements for the release of records;
- Duties to warn or protect third parties from threatened harm.
If you have questions about the specific protections that apply in your state, please contact our Privacy Officer.
7. Telehealth-Specific Practices
Your Way Therapy provides services primarily through telehealth (live video and, where appropriate, telephone). To protect your information during telehealth:
- We use a HIPAA-compliant video conferencing platform and maintain a Business Associate Agreement with that vendor.
- Sessions are not recorded unless you provide separate written authorization.
- We take reasonable steps to conduct sessions in a private setting, and we encourage you to do the same.
- Electronic transmission of information over the internet carries inherent risks; while we use appropriate safeguards, no method of electronic transmission is completely secure.
- Standard text messages and unencrypted email are not fully secure. If you choose to communicate with us by these methods, you accept the associated risks. We will use secure methods for transmitting clinical information whenever practicable.
8. Our Duties
We are required by law to:
- Maintain the privacy and security of your PHI;
- Provide you with this Notice of our legal duties and privacy practices;
- Notify you following a breach of unsecured PHI;
- Abide by the terms of the Notice currently in effect.
We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have as well as information we receive in the future. The current Notice will be posted on our website and available at your request. The effective date is noted at the top of this document.
9. Complaints and Contact Information
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.
Privacy Officer / Practice Contact
Your Way Therapy — Jason Kelley, LCSW
1021 Eden Way N, Suite 118 PMB 265, Chesapeake, VA 23320
Email: info@ywtherapy.com · Phone: 757-713-9883
U.S. Department of Health and Human Services, Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201 · Phone: 1-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints/
Part II — Website Privacy Policy
This Website Privacy Policy explains how Your Way Therapy collects, uses, and protects information through our website https://www.ywtherapy.com(the "Site"), including our online intake forms and scheduling tools. This policy supplements, and does not replace, the Notice of Privacy Practices above. Where information you submit constitutes PHI, the HIPAA protections in Part I apply.
1. Information We Collect
Information you provide directly. When you contact us, complete an online intake or contact form, request or book an appointment, or communicate with us, we may collect information such as your name, email address, phone number, mailing address, date of birth, insurance information, and the reason you are seeking services. Intake forms may request health-related information necessary to provide care.
Information collected automatically. When you visit the Site, we and our service providers may automatically collect certain technical information, such as your IP address, browser type, device information, pages viewed, and the dates/times of access, through cookies and similar technologies.
2. How We Use Information
We use the information we collect to:
- Respond to your inquiries and provide requested services;
- Schedule and manage appointments;
- Complete intake and verify insurance;
- Operate, maintain, and improve the Site;
- Communicate with you about your care and our services;
- Comply with legal obligations and protect our rights.
3. Cookies and Analytics
Our Site uses Google Analytics (via Google Tag Manager) to understand how visitors use the Site and improve it. Google Analytics sets cookies and collects information such as pages viewed, time on site, and general location; this data is processed by Google. Google Analytics is used only on our public marketing site and is not used to collect protected health information. You can opt out using Google's browser add-on at tools.google.com/dlpage/gaoptout.
4. How We Share Information
We do not sell your personal information. We may share information with trusted service providers who perform functions on our behalf — such as website hosting, online scheduling/intake, telehealth, and electronic health records — subject to confidentiality obligations and, where PHI is involved, a Business Associate Agreement. We may also disclose information when required by law or to protect the safety of you or others, consistent with Part I of this document.
5. Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect the information we collect. However, no website or method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Third-Party Links
Our Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.
7. Children's Privacy
Our Site is not directed to children under 16, and we do not knowingly collect personal information from children under 16 through the Site. When we provide services to minors, intake and consent are handled in accordance with HIPAA and applicable state law, which may require parental or guardian consent. If you believe a child has provided us information through the Site, please contact us so we can address it.
8. Your Choices
You may choose not to provide certain information, although this may limit our ability to provide services. You may opt out of non-essential communications at any time by contacting us. To exercise rights regarding your PHI, see "Your Rights" in Part I.
9. Changes to This Policy
We may update this Website Privacy Policy from time to time. Changes will be posted on this page with a revised "Last Updated" date.
10. Contact Us
If you have questions about this Website Privacy Policy or our privacy practices, please contact:
Your Way Therapy
Email: info@ywtherapy.com (please include "Privacy Policy" in your subject line)
Phone: 757-713-9883
1021 Eden Way N, Suite 118 PMB 265, Chesapeake, VA 23320


