Last Updated: October 27, 2025 

​

 The purpose of this Privacy Policy (“Privacy Policy”) is to describe how Vital Psychological Therapeutics, P.C. (“Provider”, “we,” or “us”) collects, uses and discloses information including personal data collected through our website www.vitalpsychtherapeutics.com (together with our client portal, telehealth/ telepsychology platform hosted by SimplePractice, our third-party Business Associate, and all other digital services and communications by email, text, phone, and other digital means, the “Platform”) in the process of providing telepsychology Services (as this term is defined in our Terms of Use). This Privacy Policy describes the types of gathered data, with whom it may be shared, what choices are available to patient regarding collection, use and distribution of data and our efforts to protect data patients provide to us through the Platform. If you have any questions or comments about this Privacy Policy or our privacy practices, please Contact Us (refer to the Contact Us section below for more information). 

​

By using the Platform, patient (“you” or “your”) hereby consents to allow us to process information in accordance with this Privacy Policy. Please also refer to our Terms of Use, available here info@vitalpsychtherapeutics.com, which are hereby incorporated as if fully recited herein. All capitalized terms used herein, if not defined, shall have the meaning assigned to them in the Terms of Use. 

We are committed to protecting the privacy and confidentiality of your protected health information and other personal data, as specified below. Our practices regarding the collection, use, disclosure, and protection of PHI are in compliance with: 

• The Health Insurance Portability and Accountability Act (“HIPAA”); 

• The Health Information Technology for Economic and Clinical Health Act (“HITECH”); 

• Applicable state privacy laws; and 

• Where applicable, the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Illinois Biometric Information Privacy Act (“BIPA”), Nevada Privacy of Information Collected on the Internet from Consumers Act as amended by Nevada Revised Statutes Chapter 603A (“Nevada Privacy Law” or “NPL”), and Texas Data Privacy and Security Act. ​

​

 Definitions 

“Protected Health Information” (“PHI”) has the meaning ascribed under 45 CFR §160.103 and includes any individually identifiable health information maintained or transmitted by us in any form. 

​

“Personal Information” (“PI”) or “Personal Data” includes any data that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual, including under state laws such as the CCPA and Texas DPA. 

 

“Sensitive Personal Information” (“SPI”) includes data such as racial or ethnic origin, sexual orientation, biometric information, and precise geolocation, as defined under CPRA and other applicable laws. 

​

“Business Associate” and “Business Associate Agreement” (“BAA”) have the meanings assigned to such terms under HIPAA. 

 

“Services” means the telepsychology and associated clinical services provided by Vital Psychological Therapeutics, P.C. via the Platform. 

​

1. Information We Collect 

We intend to record the absolute minimum of your Personal Data, and only as much of such other data as needed to deliver the best possible Services for all patients/users of the Platform; and to never share such data with anyone without the patient’s explicit consent. By using the Platform, you consent to our processing of your Personal Data. 

 

Data we collect on or through the Platform may include: 

a. Personal Information, such as: 

• Personal Identifiers: your name, address, date of birth, email, phone number; 

• Details of your visits to our Platform, your IP address, device ID, operating system, browser type, cookies data, and the resources that you access and use on the Platform; 

• Usage logs from our Platform; 

• Information submitted by you through contact forms. 

b. Protected Health Information, such as: 

• Health history: your diagnoses (including mental health diagnosis), treatment plans, therapy notes, medication history, and current psychiatrist or prescriber;

• Appointment data and clinical outcomes. 

c. Other Personal Information, including Sensitive Personal Information/Sensitive Data as defined by the CPRA and the Texas Data Privacy and Security Act with regard to California/Texas residents, such as: 

• Your racial or ethnic origin; 

• Your sexual orientation; 

• Your precise geolocation. 

​

We may use cookies, third-party analytics (e.g., Google Analytics) and other common tracking tools to enhance patient experience of our Platform and Services and improve Platform functionality. These tools may collect the following data from you: browser/device type, time spent on certain pages, and user preferences. This data is anonymized and used strictly for operational improvement. 

​

All data provided to us will be treated with the utmost care. We shall implement and maintain reasonable and appropriate technical, organizational, administrative and physical safeguards that are no less protective than industry standards. 

​

2. Who We May Disclose Your Data To 

When patient submits an inquiry to us, they may be required to provide certain information including their name, email, phone number and the inquiry, if applicable. Our staff may access and use such information to contact back the inquiring person. Moreover, Platform administrators may have the technical capability to access the submitted data (by directly inspecting the database or network requests, for example), but endeavor never to do so. Our staff will also ordinarily be prevented from being able to access patient data entirely unless their duties require such access. 

​

We will not share Personal Data except: (a) for the primary purposes for which it was provided to us, and as may reasonably or foreseeably be required to give effect to such primary purposes; (b) with your consent, or at your direction, including running analytics; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another), or when we are required to report abuse or neglect, or to prevent harm, if there is credible evidence of imminent risk to yourself or others, or in accordance with “duty to warn” obligations; or (d) with our clinical and administrative personnel bound by confidentiality agreements, whose duties require such access, or with persons or organizations with whom we contract to carry out internal operations or business activities (such as our security auditors). With your consent, we may share your Personal Data with our business partners including Third-Party Services providers (e.g., SimplePractice) under Business Associate Agreements that require them to safeguard your PHI, and/or other persons for whom disclosures are not explicitly permitted under applicable law. 

​

Finally, we may transfer your data to a third party, or our successor-in-interest, in relation to, or in the event of, a merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use such data in accordance with applicable law. 

​

We disclaim responsibility for the actions, errors, or data processing practices of such third parties, including any service outages, security breaches, or data loss resulting from their systems, except to the extent required under HIPAA or applicable law. Patients are encouraged to review the privacy policies and security practices of those third parties independently. 

​

3. For What Purposes We Collect and Process Data 

We will only collect patient data insofar as is necessary to achieve the purposes for which such data were collected. These purposes may include without limitation: 

• Rendering Services (including telepsychology services) through our Platform; 

• Monitoring patient activity at our Platform to improve the performance of the Platform and to ensure its security (necessary cookies); 

• Sending you notifications; 

• Detecting fraudulent activities; 

• Verifying your email, phone number, your identity and geolocation; 

• Informing you about other services (including Third-Party Services) in which you may be interested; 

• Sending news and updates of our Services, Terms of Use and this Privacy Policy; 

• Answering your incoming inquiries and technical support questions. 

​

4. Legal Bases of Data Processing 

We collect and process patient data under one or more of the following legal bases: 

• Processing of data is necessary for our legitimate interests (or those of a third party) and patient’s interests and fundamental rights do not override those interests; 

• To perform the contract that we are about to enter or have entered with patient (e.g. our Terms of Use); 

• To comply with our legal obligation, including where it is necessary to protect your vital interests or the same of third parties (e.g., risk of harm); and/or 

• If we have your explicit consent to do so. 

 

Data that we process to enter into a contract are necessary to provide patient with our Platform and the Services. If you choose not to provide us with such data, following obstacles may occur: 

• When data are processed to contact our team, we may be unable to provide you with information about our Platform or Services; 

• When data are processed to answer incoming technical support questions, we may not be able to effectively address your technical support inquiries, which could lead to delays in resolving issues or providing assistance; 

• When data are processed to contact patients who have left an application on the Platform, we may be unable to follow up on such application or inquiry, potentially resulting in missed communication regarding your request or interest; 

• When data are processed to perform intake procedures or sign contracts, non-provision of your data may hinder our ability to complete the intake procedure or contract formation process. 

​

5. Data Retention Periods 

We shall retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with applicable legal, regulatory, or contractual obligations. The retention periods for key data categories are as follows: 

 

• Financial and Transaction Data: 

  • Retention Period: Retained for six (6) years after the end of the financial year in which the transaction occurred, in accordance with tax and accounting regulations. 

  • Purpose: To meet regulatory requirements for financial reporting and audits. 

• Marketing Data: 

  • Retention Period: Retained until patient withdraws its consent or opts out of marketing communications. 

  • Purpose: To provide updates, service offers, and other relevant communications as per patient preferences. 

• Support and Inquiry Data: 

  • Retention Period: Retained for two (2) years following the resolution of the inquiry or support ticket.

  • Purpose: To ensure quality assurance.

• Cookie and Analytics Data: 

  • Retention Period: Retained for a maximum of thirteen (13) months, unless otherwise specified by applicable laws or regulations. 

  • Purpose: To analyze Platform user behavior and optimize the Platform/Services experience. 

• Legal and Compliance Data: 

  • Retention Period: Retained for seven (7) years from the date of collection or as required by applicable legal and regulatory obligations. 

  • Purpose: To respond to legal claims, prevent fraud, and ensure compliance with applicable laws. 

• PI and SPI: 

  • Retention period: until reasonably necessary to achieve the purposes for which the data was collected or processed. 

• PHI: 

  • Retention period is governed by state laws that apply to both Provider and patient, if not located within one and the same state. Provider shall comply with the most stringent of the applicable state laws. Usually, retention period for adults is at least 7 years from the last date of Services; and for minors, until age 21, or 7 years after the last date of Services, whichever is later. 

​

Provider implements automatic data deletion schedules and lifecycle policies to ensure that data is deleted or anonymized when no longer necessary. These include periodic review of stored patient data, user activity logs, and end-of-life backup purging. 

​

6. How We Use Your Data 

We may use your PHI and other Personal Data for the following purposes: 

• To provide you treatment and healthcare; 

• To provide clinical care, and for coordination with Third-Party Services providers; 

• For billing, payments, insurance claims, and patient invoicing; 

• For quality assurance, outcome measurement, personnel training, and internal auditing; 

• To communicate with you; 

• For scheduling, appointment reminders, and clinical follow-ups; 

• For regulatory compliance, legal and regulatory reporting; 

• For implementing security measures, monitoring and protecting our IT systems. 

 

We do not sell your PHI or other information, use your PHI or other data for marketing without your prior written consent, or share therapy session content for promotional purposes. 

 

When the retention period for specific data expires, we will securely delete, anonymize, or aggregate the data, ensuring it is no longer identifiable or linked to any individual. 

 

We may also use de-identified or aggregated data that does not identify individual patients for purposes such as quality assurance, service improvement, research (where allowed by law), and statistical reporting. 

​

7. Patient Rights 

Subject to applicable law, Patient has the right to access their data in electronic or paper form, request corrections to inaccurate data, restrict disclosures of PHI (e.g., to family or insurers), request confidential communications (e.g., via alternate phone or address), request accounting of disclosures of their data, request deletion of their data before the expiration of the specified retention periods, subject to certain legal or regulatory obligations, or withdraw authorizations for previously permitted uses of their data. You may also file complaints without fear of retaliation. To exercise these rights, please Contact Us or send us a message to info@vitalpsychtherapeutics.com, Attn: Privacy Officer. 

​

8. Data Protection for Minors 

The Platform and the Services are not intended for persons under the age of majority in their jurisdiction of residence. We do not knowingly collect data from such persons. If you become aware of any Personal Data collection from a child by our Platform, please Contact Us or send us a message to info@vitalpsychtherapeutics.com, Attn: Privacy Officer. If it is discovered 

​

9. Data Collection by Third Parties 

To the extent advertising is enabled on the Platform, advertisers may record information derived from Platform user viewing of their ads. This is governed by their own privacy policies. To prevent this, please disable advertising. We encourage patients to get acquainted with any third party’s privacy policies before accessing any of their services (including any Third-Party Services) or using products. 

​

We may also use third-party services to monitor the performance of our Platform (i.e. "application performance management" software) - in this case, any of patient data collected would also be controlled by their own privacy policies, but is ordinarily restricted to general performance data and should not include any patient PI or other Personal Data. 

 

We do not include any code from third-party web analytics services, so it should not be possible for any other party to track patient activity on our Platform. 

​

10. Data Breach Notification 

In the event of a data breach involving your PHI or other Personal Data, we will notify you as required by HIPAA, applicable state breach notification laws, and our internal incident response protocols. Notification will include the nature of the breach, the types of data involved, steps we have taken in response, and actions you may take to protect yourself. If required by law, we will also notify applicable regulators and law enforcement authorities. 

​

11. Disclaimer of Warranties and Limitations on Advice 

While our clinical staff are licensed healthcare professionals, the Platform is not intended to provide emergency services or crisis intervention. The information provided on or through the Platform, including blogs, resources, links, or other general materials, is for informational purposes only and does not constitute professional advice, diagnosis, or treatment unless explicitly provided in the context of a patient-provider relationship through formal intake and consent procedures. 

​

WE DISCLAIM ANY WARRANTIES FOR ANY INFORMATION OR GENERAL ADVICE OBTAINED THROUGH THE PLATFORM THAT IS NOT PART OF A FORMAL CLINICAL SERVICE. WE DISCLAIM ANY WARRANTIES FOR SERVICES RECEIVED THROUGH OR ADVERTISED IN THE PLATFORM THAT ARE PROVIDED BY THIRD PARTIES. 

​

Nothing on the Platform should be interpreted as a substitute for in-person evaluation, nor should it be used in lieu of appropriate crisis or emergency care. 

​

12. How Do We Store and Protect Personal Information? 

After receiving patient Personal Data, we will store it in HIPAA-compliant systems located on our servers within the United States, for future use. We have physical, technical and organizational procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect collected data, we cannot ensure or warrant the security of any data transmitted to or received from us or that we store on our or our service providers' systems. We urge you to avoid using public Wi-Fi for receiving telepsychology services, and to secure your devices. 

 

Please note that we encrypt any PHI, PI and other Personal Data in our possession using end-to-end encrypted telehealth and electronic health record (HER) systems. We also use role-based access control for staff and multi-factor authentication and device management. Further, all data transfers are through secure http protocol (HTTPS), and as such are encrypted. We also log all instances of access to PI or PHI. 

​

13. California Privacy Rights 

To the extent that the CCPA applies to our practices with respect to Personal Data, and patient currently resides in California, the CCPA provides them, as a consumer, with certain rights.

​​​

A. Right to Know/Right to Request Access to Collected Data. Consumers have the right to request that we disclose Personal Information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a 12-month period. In the previous 12 months, we have collected the following categories of Personal Information about patients: 

• Identifiers. Identifiers can be patient’s image, name, email address, unique personal identifiers (device identifier, IP Address, cookies), account names, and similar information; we collect the identifiers from the patients themselves and automatic means; 

• Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”); 

• Internet/Network Activity. Internet activity information includes browsing history, cookies, search history and a patient’s interaction with the Platform. 

 

We may collect Personal Information in any or all the above categories from the patients themselves, service providers and business partners, third parties, and by automatic means for the purposes described in this Privacy Policy, and as required to comply with applicable law. 

​

As a consumer, patient also has the right to request that we tell them which of their Personal Information we have disclosed for a business purpose, or Sold (as defined in the CCPA) in the previous 12 months. With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a 12-month period. For Personal Information being Sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. 

 

We disclose Personal Information to the consumers themselves, to third parties as the consumer may direct, Third-Party Services providers, and government/law enforcement agencies for the purpose it was provided/provision of Platform, to comply with applicable law, and as otherwise described above in this Privacy Policy. 

​

B. Right to Opt-Out. Patient has the right to opt out of the Sale of their Personal Information, if applicable, and from sharing it with third parties. We have not, in the past twelve (12) months, Sold any Personal Information and do not anticipate doing so during the time this version of the Privacy Policy is posted. IN THE PAST 12 MONTHS WE HAVE NOT SOLD, AND DURING THE PERIOD OF TIME DURING WHICH THIS PRIVACY POLICY IS POSTED WE SHALL NOT SELL, THE PERSONAL INFORMATION OF ANY CONSUMER. 

​

C. Right to Deletion. Patient also has the right to request the deletion of the Personal Information that we have collected from them at any time. However, we may not be required to comply with such request under certain circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes. 

​

D. Right to be Free from Discrimination. In the event that Patient shall exercise one of their rights under the CCPA, they will not be discriminated by us in any way, including by the denial of Services, providing a different level of Services, or charging different prices or rates for the Services, unless the change in price is reasonably related to the value they receive from their Personal Information. 

​

To exercise consumer rights under CCPA, please Contact Us or email us at info@vitalpsychtherapeutics.com with patient name and email address with “California Privacy Rights” in the subject line. 

​

14. Notice to Nevada Residents 

If patient is a Nevada resident, we do not “sell” their “covered information” as such terms are defined in the NPL. Though we do not sell their covered information, as someone that is subject to the NPL, patients have a right of access in relation to their covered information that we have or process, including why we process it, and other parties with whom we may share such information. If patient would like to tell us not to sell their information in the future, please Contact Us or email us at info@vitalpsychtherapeutics.com with patient name and email address with “Nevada Privacy Rights” in the subject line. 

​

15. Notice to Texas Residents 

If patient is a Texas resident, the Texas Data Privacy and Security Act grants them certain rights over their Personal Information, including: 

• Right to know whether we are processing their Personal Information and to obtain the Personal Information in a readable format; 

• Right to correct inaccuracies in their Personal Information, taking into account the nature of the data and the purposes for processing the data; 

• Right to delete Personal Information provided to us or obtained by us; 

• Right to opt out of the processing of Personal Information for purposes of targeted advertising, sale of Personal Information, or profiling that has legal or significant effects; 

• Right to not face retaliation or discrimination for exercising these rights; 

• SPI (e.g., biometric, PHI, or geolocation data) cannot be processed without their explicit consent. 

 

To exercise Texas resident rights, please Contact Us or send us an email to info@vitalpsychtherapeutics.com with patient name and email address with “Texas Privacy Rights” in the subject line. 

​

16. Profiling and Automated Decision-Making 

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects without meaningful human involvement. Where automated tools are used for technical analysis, data validation, or scheduling functionality, such tools do not make final clinical or eligibility decisions. Patients have the right to request human intervention and to contest automated decisions, if any are made. 

​

17. Exercising Privacy Rights 

We will acknowledge receipt of your request to exercise your privacy rights submitted or emailed at info@vitalpsychtherapeutics.com within 10 business days of receiving it, and will do our very best to respond within 30 calendar days of receipt of such request. If we are unable to provide our response within the 30 days, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond. Additional time for response may not exceed 45 days. 

​

Before we respond to any requests relating to Personal Data, we may take steps to reasonably verify the identity of the person making the request to make sure it’s you, or your authorized agent. We do this to avoid disclosing your data to third parties and bad actors, not to inconvenience you in any way. The more sensitive the information subject to the request, the more rigorous the verification may be. If the identity of the requestor cannot be reasonably verified, either as the patient or their agent, then in order to protect that patient, we shall not disclose the Personal Information requested. 

​

Our response to a request shall be free of charge, up to twice annually per patient, unless the request is unfounded, excessive, or repetitive, in which case requestor may be charged a reasonable administrative cost. 

​

If we decline your request, we will provide you with notice of that decision, including a justification for the declination. For Texas residents, instructions on how to appeal the decision shall be provided. 

​

18. Changes to This Privacy Policy 

We reserve the right to modify this Privacy Policy at any time in our sole discretion. If at any time in the future we plan to use consumer PHI or PI in a way that differs from this Privacy Policy, we will revise this Privacy Policy as appropriate. In the event of a change, we will post the revised Privacy Policy to the Platform in advance. Your continued use of the Platform following changes to this Privacy Policy shall mean acceptance of such changes. Please refer to the “Last Updated” above to see when this Privacy Policy was last updated. 

 

In the event of a merger, acquisition, or sale of assets, we will notify you via a prominent notice on our Platform of any changes to your data ownership and provide options for managing your Personal Information. 

​

19. Contact Us 

If you shall have any questions or concerns about this Privacy Policy, please Contact Us as follows: 

​

Vital Psychological Therapeutics, P.C.

Attn: Privacy Officer

8 Church Street, Basking Ridge, NJ 07938

Email: info@vitalpsychtherapeutics.com 

​

General enquires may be addressed to: info@vitalpsychtherapeutics.com 

Privacy Rights exercise requests may be addressed to: info@vitalpsychtherapeutics.com 

​

You acknowledge that by using our Services or interacting with our Platform, you agree to the terms of this Privacy Policy. 

​

Copyright © Vital Psychological Therapeutics, P.C. 2025 unless otherwise noted. All rights reserved. The Platform is the property of Vital Psychological Therapeutics, P.C., a New Jersey professional corporation, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Platform, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.