FamilyTime Centers:
Privacy Policy
Effective Date: 3 May 2025 │ Last Reviewed: 3 May 2025
0. Scope & Purpose
Family Time Centers ("FTC," "we," "us," or "our") provides mental‑health services online and in person. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information via https://familytimecenters.com, related sub‑domains, our telehealth platform, social‑media pages, email, phone, and offline interactions. It incorporates obligations under HIPAA, the California Privacy Rights Act (CPRA), relevant U.S. state privacy laws (e.g., Colorado CPA, Virginia VCDPA), and the EU/UK GDPR to the extent they apply.
1. Definitions
Personal Information (PI): Information that identifies, relates to, or could reasonably be linked with an individual.
Protected Health Information (PHI): Individually identifiable health information regulated by HIPAA.
Processing: Any operation performed on PI/PHI (collection, storage, use, disclosure, etc.).
Service Providers / Business Associates: Third parties that process data on our behalf under contractual obligations.
2. Categories of
Information
We Collect.
Category | Examples | Sources |
|---|---|---|
Identifiers | Name, postal address, email, phone #, account ID, IP address, device ID | Direct from you; cookies |
Health‑related Data (PHI) | Intake notes, diagnosis codes, treatment plans, progress notes, insurance member ID | Direct/professional sources; therapists |
Commercial Information | Payment card last 4 digits, invoices, transaction history, insurance EOBs | Payment processors; insurers |
Internet / Technical Data | Log files, browser type, referral URL, session metadata, clickstream | Cookies; pixels; analytics SDKs |
Geolocation (Coarse) | City/region derived from IP | IP lookup |
Audio/Visual | Voicemails, recorded telehealth sessions (only with explicit consent) | Telehealth/video platform |
Inferences | Appointment likelihood, engagement scores | Analytics tools |
3. Legal Bases
for Processing
(GDPR & CPRA)
Consent (e.g., newsletter signup, marketing cookies)
Contract (provision of therapy services)
Legal Obligation (HIPAA, insurance, tax)
Legitimate Interests (site security, product improvement, non‑intrusive analytics)
Vital Interests (preventing self‑harm or harm to others, emergency disclosures)
4. How We Use
Your Information
Treatment & Operations: therapist matching, appointment scheduling, clinical supervision, outcome tracking.
Payment & Insurance: eligibility verification, claims submission, copay collection, EDI clearinghouse communications.
Client Support: respond to inquiries, send reminders, handle feedback.
Platform Enhancement: debugging, analytics, UI/UX testing.
Marketing & Advertising: deliver and measure ads on Google, Meta, LinkedIn, and remarketing networks (hashed or aggregated data only; no PHI).
Regulatory Compliance & Risk Management: audits, incident response, fraud prevention, subpoenas.
5. Disclosures
& Recipients
We do not sell PI/PHI. We may share limited data with:
Therapists, Supervisors, and Clinical Staff – for direct care.
Service Providers / Business Associates – e.g., Google Workspace (email), Twilio ( SMS,Voice), Stripe (payments), Go High Level (CRM), Google Workspace (email). All bound by HIPAA BAAs or DPA/DPAs.
Insurance Payers & Clearinghouses – Beacon, Office Ally, TriZetto, etc.
Analytics & Ad Platforms – Google Analytics 4, Meta Pixel, (pseudonymized/non‑PHI event data).
Legal or Public Authorities – when required by law or to protect vital interests.
Successors – in a merger, acquisition, or asset sale, with continued privacy safeguards.
6. Cookies, Pixels
& Similar Tech
We deploy first‑party cookies for authentication and preference storage, and third‑party cookies/pixels for:
Analytics (GA4, Hotjar) – understanding aggregate usage.
Advertising – retargeting, frequency capping, conversion tracking.
Performance – CDN caching, load balancing.
Opt‑Out / Controls:
Browser settings; industry opt‑outs at aboutads.info/choices;
Our "Cookie Settings" banner (OneTrust) allows granular consent.
We honor Global Privacy Control (GPC) signals where legally required.
7. Data Retention
PHI & Clinical Records: ≥ 7 years after final service date (California § 4999.80 & HIPAA 45 CFR 164.530(j)).
Insurance & Billing Records: 10 years (IRS & payor guidelines).
Marketing Data: 24 months, unless you opt out sooner.
Web Logs: 12 months for security/audit, then aggregated or deleted.
8. Data Security
Measures
TLS 1.3 encryption in transit; AES‑256 at rest (Google Cloud BAA)
Role‑Based Access Control & MFA for staff
Annual HIPAA Security Rule risk assessment (NIST SP 800‑30)
Continuous vulnerability scanning & 24×7 log monitoring
Incident‑response plan with 72‑hour breach notification window (GDPR Art. 33)
9. International
Transfers
FTC servers reside in the United States. If you access our services from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and supplementary measures for any onward transfer.
10. Your Privacy
Rights & Choices
California / U.S. State Rights
Know / Access – categories & specific pieces of PI.
Correct – inaccurate PI.
Delete – PI subject to statutory exceptions (e.g., PHI retention).
Opt‑Out of “Sharing” / Targeted Ads – via cookie banner or emailing info@propsych.com.
Limit Sensitive PI – restrict use of precise geolocation or mental‑health data for anything beyond treatment.
EU/UK GDPR Rights
Access, Rectification, Erasure, Restriction, Data Portability, Objection, and Automated Decision‑Making rights. || Supervisory Authority: ICO (UK) or local DPA.
We respond within 30 days (extendable to 60/90 days where permitted).
11. HIPAA Notice of
Privacy Practices
A separate NPP is provided during client intake, detailing:
Permitted uses/disclosures for Treatment, Payment, and Operations.
Patient rights (access, amendment, accounting, confidential communications).
Complaint process via OCR or FTC Privacy Officer.
12. Children’s Privacy
(COPPA)
We do not knowingly collect PI from children under 13 without verifiable parental consent. Parents may review/delete a child’s information by contacting us.
13. Automated
Decision Making
We do not use fully automated algorithms to make clinical decisions. AI‑driven tools (e.g., therapist matching suggestions) are reviewed by licensed staff before action.
14. Do Not Track (DNT)
Our site does not currently respond to browser DNT signals. We do respect legally recognized Global Privacy Control (GPC) signals for opt‑out of data “sharing.”
15. Policy Updates
We may revise this Policy periodically. Material changes will be announced via banner or email. Continued use signifies acceptance.
16. Contact Us
Privacy Officer – Michael Kaufman, Family Time Centers 12501 Chandler Blvd, Suite 102 Valley Village, CA 91607, USA Phone: (818) 821‑6012 Email: info@propsych.com
If you believe we have violated your privacy rights, you may also file a complaint with the U.S. Department of Health & Human Services (Office for Civil Rights) or the California Privacy Protection Agency. We will not retaliate for filing a complaint.
© 2025 FamilyTime Centers. All rights reserved.