Privacy Policy

The Mindful Garden — Privacy Policy

Effective date: November 7, 2025

Thank you for visiting The Mindful Garden (the “Practice,” “we,” “us,” or “our”). We respect your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with your use of our website (the “Site”) and related online services that link to this Policy (collectively, the “Services”).

Important: This Privacy Policy covers our website and general business operations. It is not the Practice’s HIPAA Notice of Privacy Practices (NPP). When we create, receive, maintain, or transmit Protected Health Information (PHI) in our role as a health care provider (e.g., during therapy or through our client portal/telehealth platform), our use and disclosure of PHI is governed by HIPAA and applicable state laws. You will be provided with our NPP, which explains your rights with respect to PHI.

1) Who We Are & How to Contact Us

The Mindful Garden
228 Park Ave S PMB 873428
New York, NY 10003
914-862-8837
Email: themindfulgarden@hotmail.com

If you have questions about this Policy or our privacy practices, please contact us.

2) Scope

This Policy applies to information collected through the Site and Services that link to it. It does not apply to third‑party websites, platforms, or services that we do not control.

3) Information We Collect

We collect the following categories of information:

A. Information you provide directly

Contact details (e.g., name, email address, phone number) when you submit a contact form, request an appointment, sign up for updates, or otherwise communicate with us.
Message content you include in forms or emails.
Insurance or scheduling preferences if you voluntarily provide them via an intake or contact form on the Site. (For clinical intake, we use secure systems governed by HIPAA—see Section 7.)

B. Information collected automatically

Usage data: IP address, device and browser type, pages visited, referring/exit pages, and timestamps.
Cookies and similar technologies (see Section 6) to operate and improve the Site, keep you signed in (if applicable), measure performance, and understand how the Site is used.

C. Information from third parties

If you interact with our social media pages, we may receive aggregated analytics or your publicly available profile information consistent with platform policies.
If you schedule via a third‑party tool (e.g., client portal), we may receive information needed to manage your appointment.

We do not knowingly collect sensitive identifiers such as Social Security numbers via the public Site.

4) How We Use Information

We use information to:

Provide, maintain, secure, and improve the Site and Services.
Respond to inquiries, schedule appointments, and communicate with you.
Send administrative messages about your inquiries or requested Services.
Analyze Site performance and user engagement.
Meet legal, regulatory, and compliance obligations; prevent fraud, security incidents, and misuse.

We do not sell your personal information. We do not use PHI for marketing without the authorizations required by HIPAA.

5) Cookies, Analytics & “Do Not Track”

We may use cookies and similar technologies to operate the Site and understand usage. You can manage cookies via your browser settings. Blocking cookies may impact Site functionality. We do not currently respond to browser “Do Not Track” signals.

If we use analytics services, they may collect pseudonymous usage data to help us understand Site performance. Such vendors are contractually restricted from using data for their own purposes beyond supporting our analytics, subject to their posted policies.

6) PHI, Client Portals & Telehealth

When you become a client, certain information becomes PHI. PHI is handled pursuant to HIPAA, applicable New York law, and our Notice of Privacy Practices.

We use HIPAA‑aligned platforms for client intake, secure messaging, electronic health records, and telehealth, each under a Business Associate Agreement (BAA) as required by HIPAA.
Do not submit clinical details via unencrypted email or public Site forms. Use our client portal or the method we specify.
In emergencies, call 911 or go to the nearest emergency room. Do not rely on the Site’s messaging for urgent situations.

7) How We Share Information

We share information only as necessary to operate the Site, deliver requested Services, or comply with law:

Service providers/Business Associates that host our Site, provide analytics, email, scheduling, EHR/telehealth, and security services under confidentiality obligations (and BAAs where applicable to PHI).
Legal and safety: to comply with law, court orders, or enforceable governmental requests; to protect rights, safety, or property of you, us, or others; and to investigate or prevent suspected wrongdoing.
Business transfers: in connection with a merger, acquisition, or other reorganization, subject to this Policy’s protections.

We do not sell personal information. We do not share PHI for marketing without your written authorization as required by HIPAA.

8) Data Retention

We retain information for as long as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Clinical records are retained according to HIPAA and New York record‑retention requirements for healthcare providers.

9) Data Security (NY SHIELD Act)

We employ administrative, technical, and physical safeguards appropriate to the sensitivity of the information we process. While no method is 100% secure, we maintain a data security program designed to protect against unauthorized access, use, or disclosure and to meet applicable standards under New York’s SHIELD Act for safeguarding private information.

10) Your Rights & Choices

You may opt out of non‑essential email communications at any time.
HIPAA rights apply once you become a therapy client. These rights are explained in our Notice of Privacy Practices.

11) Children’s Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the public Site. Clinical services for minors are handled in accordance with HIPAA and applicable New York state consent laws.

12) Changes to This Policy

We may update this Policy over time. The effective date at the top shows when it was last revised.

13) Contact

For questions or requests regarding this Policy, contact: