The Cerebral Canvas

Effective Date: [6th September 2025]
Last Updated: [6th September 2025]

The Cerebral Canvas (“we,” “us,” “our,” “Company”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our mental wellness services, website, and related platforms.

If you have any questions about this Privacy Policy, please contact us at: thecerebralcanvas0@gmail.com

1. Information We Collect

We collect information to provide you with personalized mental wellness services and improve your experience. The categories of information we may collect include:

A. Personal Information You Provide

  • Identity Information: Full name, username, date of birth, gender identity
  • Contact Information: Email address, phone number, mailing address
  • Account Information: Login credentials, security questions, profile preferences
  • Service Information: Session notes, booking details, appointment history, treatment preferences
  • Health and Wellness Information: Mental health concerns, therapy goals, wellness objectives, medical history relevant to our services (voluntarily provided)
  • Communication Records: Messages, emails, chat logs, feedback, and survey responses
  • Payment Information: Billing address, payment method details (processed securely through third-party providers)

B. Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system, screen resolution
  • Usage Data: Pages visited, time spent on pages, click patterns, session duration, referral sources
  • Location Data: General geographic location (city/state level) based on IP address
  • Cookies and Tracking Data: As described in Section 6 below

C. Information from Third Parties

  • Service Providers: Information from payment processors, scheduling platforms, or analytics services
  • Social Media: If you connect social media accounts, we may receive basic profile information
  • Healthcare Providers: With your explicit consent, information shared by referring healthcare professionals

2. How We Use Your Information

We use your information for the following purposes:

A. Service Delivery

  • Provide mental wellness coaching, therapy sessions, and support services
  • Schedule and manage appointments and sessions
  • Customize and personalize your experience based on your needs
  • Maintain continuity of care and track progress
  • Facilitate communication between you and our practitioners

B. Communication and Support

  • Send appointment confirmations, reminders, and updates
  • Respond to your inquiries and provide customer support
  • Share relevant resources, wellness tips, and educational content (with your consent)
  • Send important service announcements and policy updates

C. Service Improvement and Analytics

  • Analyze usage patterns to improve our website and services
  • Conduct research to enhance mental wellness programs
  • Monitor service quality and effectiveness
  • Develop new features and offerings

D. Legal and Security

  • Comply with applicable laws, regulations, and legal processes
  • Protect against fraud, security breaches, and other harmful activities
  • Enforce our Terms of Service and other agreements
  • Respond to legal requests from authorities when required

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information only in the following circumstances:

A. Service Providers and Business Partners

We work with trusted third-party service providers who help us operate our business:

  • Technology providers: Website hosting, cloud storage, security services
  • Communication tools: Email services, scheduling platforms, video conferencing
  • Payment processors: Secure payment handling and billing services
  • Analytics providers: Website performance and usage analytics
  • Professional services: Legal, accounting, and consulting services

All service providers are bound by confidentiality agreements and may only use your information to provide services to us.

B. Legal Requirements and Safety

We may disclose your information when required by law or to protect safety:

  • Legal compliance: Court orders, subpoenas, regulatory requirements
  • Safety concerns: Preventing harm to you or others, protecting rights and property
  • Law enforcement: Cooperating with investigations when legally required

C. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

D. With Your Consent

We may share your information for other purposes with your explicit consent.

4. International Users and Data Transfers

A. International Users

If you are located outside the United States, please note that we operate primarily under U.S. privacy laws. By using our services, you consent to the transfer and processing of your information in the United States.

B. European Union Users

If you are in the EU, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to data portability
  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with supervisory authorities

Legal basis for processing: We process your data based on:

  • Consent: For marketing communications and optional features
  • Contract performance: To provide our services
  • Legitimate interests: For service improvement and security
  • Legal compliance: When required by law

5. Health Information and HIPAA Considerations

A. Protected Health Information

Some information you provide may constitute Protected Health Information (PHI) under HIPAA. We implement appropriate safeguards to protect health-related information, including:

  • Secure data storage and transmission
  • Limited access on a need-to-know basis
  • Staff training on privacy requirements
  • Regular security audits and assessments

B. Mental Health Records

We maintain mental health session records in accordance with:

  • State licensing requirements for mental health practitioners
  • Professional ethical guidelines
  • Industry best practices for confidentiality

6. Cookies and Tracking Technologies

A. Types of Cookies We Use

  • Essential Cookies: Required for basic website functionality, login, and security
  • Analytics Cookies: Help us understand how visitors use our website (Google Analytics, etc.)
  • Preference Cookies: Remember your settings and preferences
  • Security Cookies: Protect against fraud and enhance security

B. Third-Party Tracking

We may use third-party analytics and advertising services, including:

  • Google Analytics (with IP anonymization)
  • Social media pixels for remarketing (Facebook, LinkedIn)
  • Heat mapping tools for user experience optimization

C. Your Cookie Choices

You can control cookies through:

  • Browser settings (block, delete, or restrict cookies)
  • Our cookie consent management tool
  • Opt-out tools provided by third-party services
  • Do Not Track browser signals (we honor these requests)

7. Data Security and Protection

A. Security Measures

We implement industry-standard security measures:

  • Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
  • Access Controls: Multi-factor authentication, role-based access, regular audits
  • Infrastructure: Secure cloud hosting with regular security updates
  • Monitoring: 24/7 security monitoring and incident response procedures
  • Staff Training: Regular privacy and security training for all personnel

B. Data Breach Response

In the event of a data breach:

  • We will investigate and contain the breach immediately
  • Notify affected users within 72 hours when legally required
  • Report to relevant authorities as mandated by law
  • Provide support and guidance to affected individuals

8. Data Retention and Deletion

A. Retention Periods

We retain your information for the following periods:

  • Account Information: Until account deletion + 30 days
  • Session Records: 7 years after last session (as required by professional standards)
  • Payment Data: 7 years for tax and audit purposes
  • Marketing Data: Until you unsubscribe + 2 years
  • Technical Logs: 2 years maximum
  • Legal Hold: Longer if required for legal proceedings

B. Automatic Deletion

We automatically delete:

  • Inactive accounts after 3 years
  • Marketing data after unsubscription
  • Technical logs after retention period expires
  • Temporary files and cache data regularly

9. Your Privacy Rights

A. Rights for All U.S. Users

You have the right to:

  • Access: Request copies of your personal information
  • Update: Correct inaccurate or incomplete information
  • Delete: Request deletion of your personal information (subject to legal exceptions)
  • Portability: Receive your data in a structured format
  • Withdraw Consent: For processing based on consent
  • Non-Discrimination: We will not discriminate against you for exercising your rights

B. California Residents (CCPA/CPRA Rights)

California residents have additional rights:

  • Right to Know: Detailed information about data collection and use
  • Right to Delete: Request deletion with specific exceptions
  • Right to Correct: Fix inaccurate personal information
  • Right to Opt-Out: We don’t sell data, but you can opt out of sharing
  • Right to Limit: Restrict use of sensitive personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Sensitive Personal Information: We may collect sensitive information (health data, precise geolocation) only with your explicit consent and for specific purposes.

C. Other State Privacy Rights

Residents of Colorado, Virginia, Utah, Connecticut, and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out of certain data uses.

D. How to Exercise Your Rights

To exercise your privacy rights:

  1. Email us: thecerebralcanvas0@gmail.com
  2. Include: Your full name, email address, and specific request
  3. Verification: We may ask for additional information to verify your identity
  4. Response Time: We will respond within 45 days (extendable to 90 days for complex requests)
  5. No Charge: Most requests are processed free of charge

10. Marketing and Communications

A. Email Communications

We may send you:

  • Service emails: Account updates, appointment reminders (cannot opt out)
  • Marketing emails: Newsletters, wellness tips, promotions (can opt out)
  • Educational content: Mental health resources and information (can opt out)

B. Opt-Out Options

You can opt out of marketing communications by:

  • Clicking “unsubscribe” in any email
  • Updating your account preferences
  • Contacting us directly
  • Using our communication preference center

C. Text Messages

If you provide your phone number:

  • We may send appointment reminders and important updates
  • Standard message and data rates may apply
  • Reply “STOP” to opt out of text messages

11. Children’s Privacy and Age Requirements

A. Age Restrictions

  • Our services are intended for individuals 18 years of age and older
  • We do not knowingly collect information from children under 18
  • If you are under 18, please have a parent or guardian contact us to discuss appropriate services

B. Parental Consent

If we discover we have collected information from a child under 18:

  • We will delete the information immediately
  • We will not use or share the information
  • We will implement additional safeguards to prevent future collection

C. Teen Services

For users aged 16-17 seeking mental health support:

  • Parental consent is required
  • Special protections apply to sensitive information
  • Services are provided in accordance with state minor consent laws

12. Third-Party Links and Services

A. External Links

Our website may contain links to third-party websites or services:

  • We are not responsible for their privacy practices
  • We encourage you to read their privacy policies
  • Third-party sites may have different privacy standards

B. Integrated Services

We may integrate with third-party services (social media, scheduling tools):

  • These integrations are governed by their respective privacy policies
  • You can disconnect these services at any time
  • We only access information necessary for service functionality

13. Changes to This Privacy Policy

A. Updates and Notifications

  • We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements
  • The “Effective Date” at the top indicates the most recent version
  • Material changes will be prominently posted on our website
  • We may also notify you via email or account notification for significant changes

B. Continued Use

Your continued use of our services after policy changes constitutes acceptance of the updated policy.

14. Contact Information and Complaints

A. Privacy Questions

For privacy-related questions or concerns:

  • Email: thecerebralcanvas0@gmail.com
  • Subject Line: “Privacy Policy Inquiry”
  • Response Time: We aim to respond within 5 business days

B. Complaints and Disputes

If you believe we have violated your privacy rights:

  • Contact us first to resolve the issue directly
  • You may file a complaint with relevant regulatory authorities
  • California residents can contact the California Attorney General
  • EU residents can contact their local Data Protection Authority

C. Privacy Contact

For privacy-related matters, please contact our designated privacy contact by emailing us with “Attention: Privacy Inquiry” in the subject line.

15. Legal Basis and Jurisdiction

This Privacy Policy is governed by the laws of the United States and the state where our business is incorporated. Any disputes will be resolved in accordance with applicable federal and state privacy laws.

This Privacy Policy is effective as of [6th September 2025] and supersedes all previous versions.

Thank you for trusting The Cerebral Canvas with your personal information. Your privacy and mental wellness are our top priorities.