Privacy Policy
The Couples Room · couplesroom.com
Effective Date: March 9, 2026 · Last Updated: March 14, 2026
Part A
Clinical Practice Privacy
This section describes how personal health information is collected, used, and protected in the course of providing psychotherapy services, in accordance with Ontario's Personal Health Information Protection Act (PHIPA).
Who I Am
Kavon Banejad, Registered Psychotherapist (Qualifying) (CRPO #21734), is the health information custodian responsible for the personal health information collected through this practice, The Couples Room, located in Toronto, Ontario, Canada.
What I Collect
I collect the following personal and health information in the course of providing psychotherapy services:
- Name, email address, phone number, and mailing address
- Date of birth
- Emergency contact information
- Health history and information relevant to treatment
- Session notes and clinical records
- Payment and billing information
- Information you provide through intake forms, session discussions, or correspondence
How I Collect It
Information is collected directly from you through:
- Intake forms and consent forms
- Therapy sessions (in-person and virtual via Jane App)
- Email, phone, and online booking through Jane App
- This website when you submit a contact or booking form
I use Jane App as my practice management and telehealth platform. Jane App stores clinical records, scheduling data, and billing information on servers located in Canada and is designed to comply with PHIPA requirements.
Why I Collect It
Your personal health information is collected and used to:
- Provide psychotherapy services
- Schedule and manage appointments
- Process payments and issue receipts
- Communicate with you about your care
- Meet legal and regulatory obligations under PHIPA and the College of Registered Psychotherapists of Ontario (CRPO)
Consent
I obtain your express consent before collecting, using, or disclosing your personal health information, except where permitted or required by law under PHIPA.
You may withdraw your consent at any time by notifying me in writing. Withdrawing consent may limit my ability to continue providing services. Withdrawal of consent does not apply retroactively.
Implied consent may apply in limited circumstances as permitted under PHIPA, such as when sharing information within your circle of care for the purpose of providing or assisting in providing health care.
Disclosure
I do not sell, rent, or share your personal health information with third parties for marketing or commercial purposes.
Your information may be disclosed only in the following circumstances:
- With your express consent
- Within your circle of care, as defined under PHIPA, for the purpose of providing or assisting in providing health care
- When required or permitted by law, including: reporting a child in need of protection under the Child, Youth and Family Services Act; complying with a court order or subpoena; responding to a regulatory investigation by the CRPO; where there is a risk of serious bodily harm to you or another person
How I Protect It
I take reasonable steps to protect your personal health information from theft, loss, unauthorized access, copying, modification, use, disclosure, and disposal. These steps include:
- Secure, encrypted storage of electronic records through Jane App
- Password-protected devices and accounts
- Locked storage for any paper records
- Limiting access to your information to those who need it to provide your care
- Secure virtual sessions conducted through Jane App's integrated telehealth
Clinical Record Retention
Clinical records are retained for a minimum of 10 years following the last date of service, consistent with CRPO requirements. For clients who were minors at the time of service, records are retained for 10 years after the client turns 18.
After the retention period, records are securely destroyed.
Your Rights Under PHIPA
Under PHIPA, you have the right to:
- Access your personal health information held by this practice
- Request correction of information you believe is inaccurate or incomplete
- Withdraw consent for the collection, use, or disclosure of your information (subject to legal exceptions)
- Be informed of how your information has been used and disclosed
- File a complaint with me or with the Information and Privacy Commissioner of Ontario
To make an access or correction request, contact me using the information at the bottom of this page. I will respond within 30 days.
You will not be penalized or retaliated against for exercising any of your rights under PHIPA or for filing a complaint.
Breach Notification
In accordance with PHIPA, if your personal health information in my custody or control is stolen, lost, or used or disclosed without authority, I will notify you at the first reasonable opportunity. This obligation applies regardless of whether the breach is likely to cause you harm. The notification will include a description of the breach, the personal health information involved, the date or time period of the breach, steps I have taken to reduce the risk of harm, and steps you can take to protect yourself. I will also notify the Information and Privacy Commissioner of Ontario as required under PHIPA.
Where HIPAA applies, I will notify affected individuals within 60 days of discovering a breach of unsecured protected health information. The notification will include a description of the breach, the types of information involved, steps individuals should take to protect themselves, what I am doing to investigate and mitigate the breach, and contact information for follow-up. The U.S. Department of Health and Human Services will be notified as required by law.
Business Associates and Agents
Third-party service providers who handle personal health information on behalf of this practice operate under written agreements that require them to protect your information in accordance with PHIPA and, where applicable, HIPAA. Jane App, which stores clinical records, scheduling data, and billing information, operates under a Business Associate Agreement and stores data on servers located in Canada. No personal health information is shared with service providers beyond what is necessary to support the delivery of care and the operation of this practice.
HIPAA Notice (United States Clients)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you are located in the United States or your care is otherwise subject to the Health Insurance Portability and Accountability Act (HIPAA), the following additional rights, protections, and disclosures apply to you, in addition to the protections described above under PHIPA.
Uses and Disclosures of Your Health Information
Your protected health information (PHI) may be used and disclosed for the following purposes:
Treatment: To provide, coordinate, or manage your psychotherapy services. For example, I may use your health information during a session to develop your treatment plan, or disclose relevant information to another provider involved in your care with your consent.
Payment: To obtain payment for services provided. For example, I may include your diagnosis and treatment information on a billing statement or insurance claim.
Healthcare Operations: To support the business activities of this practice. For example, I may use your information to evaluate the quality of care provided or to conduct professional training and supervision.
Other Uses Permitted or Required by Law: Your PHI may be used or disclosed without your authorization in the following limited circumstances: when required by law; for public health activities; to report abuse, neglect, or domestic violence; for health oversight activities; in response to a court order or subpoena; to avert a serious threat to health or safety; for workers' compensation as required by law; and for specialized government functions as required.
Uses Requiring Your Written Authorization: Any use or disclosure of your PHI not described in this notice will be made only with your written authorization. You may revoke any authorization you provide, in writing, at any time. Revocation will not affect any uses or disclosures made in reliance on the authorization before it was revoked.
Substance Use Disorder Records: If your treatment includes services related to substance use disorder, records of that treatment are subject to additional federal protections under 42 CFR Part 2. These records may not be used to investigate or prosecute you. Disclosure of substance use disorder records for treatment, payment, or healthcare operations requires your written consent, and redisclosure of these records is restricted.
Your Rights Under HIPAA
Under HIPAA, you have the following rights regarding your protected health information:
Right to Access: You may request to inspect and obtain a copy of your PHI maintained by this practice. I will respond within 30 days of your request.
Right to Amend: You may request that I amend your PHI if you believe it is incorrect or incomplete. I will respond within 60 days and provide a written explanation if the request is denied.
Right to an Accounting of Disclosures: You may request a list of certain disclosures I have made of your PHI. This accounting covers disclosures made in the six years prior to your request, excluding disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized.
Right to Request Restrictions: You may request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations. I am not required to agree to such restrictions, but will honor any restriction I agree to.
Right to Request Confidential Communications: You may request that I communicate with you about your health information by a specific means or at a specific location. I will accommodate reasonable requests.
Right to a Paper Copy of This Notice: You may request a paper copy of this notice at any time, even if you have previously agreed to receive it electronically.
Right to Be Notified of a Breach: You have the right to be notified if a breach of your unsecured PHI occurs.
My Duties Under HIPAA
I am required by law to maintain the privacy and security of your protected health information. I am required to abide by the terms of this notice as currently in effect. I reserve the right to change the terms of this notice and to make new provisions effective for all PHI I maintain. If this notice is revised, I will make the updated notice available on this website and will provide a copy upon request.
Minimum Necessary Standard
I access, use, and disclose only the minimum amount of protected health information necessary to accomplish the intended purpose, as required by HIPAA.
Filing a Complaint
If you believe your privacy rights under HIPAA have been violated, you may file a complaint with me using the contact information at the bottom of this page, or with the U.S. Department of Health and Human Services, Office for Civil Rights, at www.hhs.gov/ocr/privacy/hipaa/complaints. You will not be retaliated against for filing a complaint.
Part B
Website Privacy
This section explains what information is collected when you visit couplesroom.com, how we use and protect it, and the choices you have.
Important Notice About This Website
This website is not a secure patient portal, electronic health record system, or telehealth platform. While the clinical practice maintains compliance with PHIPA and HIPAA, this website serves as an informational resource only.
Please do not submit protected health information (PHI) — including details about your mental health, diagnoses, treatment history, medications, or other sensitive health data — through this website, including through any contact forms, email links, or chat features that may be available on the Site.
If you are an existing client, please use our secure client portal for all clinical communications. If you are not yet a client and wish to share sensitive information, please call us directly.
Information We Collect on the Website
Information You Provide Voluntarily
If you choose to contact us through the Site, we may collect:
- Your name
- Your email address
- Your phone number
- The contents of your message or inquiry
- Any other information you voluntarily include in a form submission
We do not require you to provide any personal information to browse the Site.
Information Collected Automatically
When you visit the Site, certain information is collected automatically by our hosting provider and, if enabled, our analytics tools. This may include:
- IP address (may be anonymized depending on configuration)
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Referring URL
- Pages visited and time spent on each page
- Date and time of your visit
- General geographic location (city/region level, derived from IP address)
Cookies and Similar Technologies
Cookies are small text files stored on your device when you visit a website. We may use the following types of cookies:
| Cookie Type | Purpose | Required? |
|---|---|---|
| Strictly Necessary | Enable basic site functionality (e.g., page navigation, security) | Yes — the Site cannot function without these |
| Analytics | Help us understand how visitors use the Site so we can improve it | No — you may opt out |
| Functional | Remember your preferences (e.g., display settings) | No — but may reduce functionality |
| Functional | Enables embedded scheduling widget on the booking page (Calendly) | No — but may reduce functionality |
We do not use advertising cookies, retargeting pixels, or tracking technologies that follow you across other websites.
How We Use Website Information
We use the information we collect for the following purposes:
- Responding to your inquiries — If you contact us through the Site, we use your name and email to reply.
- Improving the Site — We use anonymized analytics data to understand which pages are visited most and where we can improve the experience.
- Ensuring security — Our hosting provider logs basic access data to protect the Site from malicious activity.
- Legal compliance — We may process data as required by applicable law.
We do NOT use your information for:
- Advertising or ad targeting
- Building behavioral profiles
- Selling or renting to third parties
- Automated decision-making or profiling
- Remarketing or retargeting campaigns
How We Share Website Information
We do not sell, rent, trade, or otherwise share your personal information with third parties for their own marketing purposes.
We may share limited data with the following categories of service providers, solely to operate and maintain the Site:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Netlify (hosting) | Hosts and serves the Site | Server access logs (IP address, pages requested, timestamps) |
| Let's Encrypt (SSL/TLS) | Provides encryption certificates | Domain name only (no visitor data) |
| Google Analytics (GA4) | Website traffic analysis | Usage data (pages visited, session duration, general location, device type) |
| Google Workspace (email) | Processes email inquiries | Your name, email, and message content if you contact us |
We require all service providers to handle your information in accordance with this Privacy Policy and applicable law.
We may also disclose information if required to do so by law, court order, subpoena, or government regulation.
Website Data Retention
| Data Type | Retention Period |
|---|---|
| Contact form submissions | Up to 12 months after your last communication |
| Server access logs (Netlify) | Typically 30 days (per Netlify policy) |
| Analytics data (Google Analytics) | Up to 14 months (GA4 default) |
Third-Party Services and Links
Services We Use
The following third-party services may operate on or in connection with the Site:
- Netlify — netlify.com/privacy
- Google Analytics (GA4) — policies.google.com/privacy
- Google Workspace — workspace.google.com/terms
- Calendly — calendly.com/privacy — Embedded scheduling widget on our booking page; may set cookies and collect visitor data.
- Google Fonts — policies.google.com/privacy — Fonts loaded from Google servers; Google receives visitor IP addresses.
Services We Do NOT Use
Given the sensitive nature of our practice, we intentionally do not use:
- Meta/Facebook Pixel — We will never associate your visit to a therapy website with your social media profile.
- Remarketing/retargeting tools — No technology that would show you therapy-related ads after leaving.
- Session recording tools (e.g., Hotjar, Clarity, FullStory) — We do not record your mouse movements, clicks, or screen activity.
- Third-party chat widgets — We do not use live chat tools that could capture sensitive information.
Links to Other Websites
Our Site may contain links to external websites. We are not responsible for their privacy practices and encourage you to review their privacy policies.
Data Security
We take reasonable measures to protect information collected through the Site, including:
- Encryption in transit — All data is encrypted using TLS (HTTPS) with HSTS enforced.
- Secure hosting — Netlify maintains SOC 2 compliance with DDoS protection and automated patching.
- Email security — SPF, DKIM, and DMARC authentication to prevent spoofing.
- Data minimization — We collect only what is necessary for the purposes described in this policy.
- Access controls — Access to personal information is restricted to authorized personnel only.
No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, and you use the Site at your own risk.
Your Rights and Choices
All Visitors
- Opt out of analytics cookies — Adjust your browser settings to disable cookies, or install a browser extension like uBlock Origin.
- Request information — Ask us what personal information we hold about you.
- Request deletion — Ask us to delete any personal information you have provided.
- Withdraw consent — You can withdraw consent at any time.
California Residents (CCPA/CPRA)
- Right to Know — Request disclosure of what personal information we have collected in the past 12 months.
- Right to Delete — Request deletion of personal information, subject to exceptions.
- Right to Opt Out of Sale/Sharing — We do not sell or share your personal information.
- Right to Non-Discrimination — We will not discriminate against you for exercising your rights.
We respond to verifiable consumer requests within 45 days.
Children's Privacy
Our Site is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date. If a change is significant, we will make reasonable efforts to notify you directly.
Your continued use of the Site after any changes constitutes your acceptance of the updated policy.
Contact
Kavon Banejad, Registered Psychotherapist (Qualifying) | CRPO #21734
The Couples Room
Toronto, Ontario, Canada
Email: kavon@couplesroom.com
We aim to respond to all privacy-related inquiries within 30 days.
You also have the right to file a complaint with the Information and Privacy Commissioner of Ontario at www.ipc.on.ca.
Therapy Services Disclaimer
The information provided on this website is for general informational purposes only and does not constitute therapy, counseling, medical advice, diagnosis, or treatment. Browsing this website does not create a therapist-client relationship.
If you are in crisis or experiencing a mental health emergency, please contact:
- 988 Suicide & Crisis Lifeline — Call or text 988
- Crisis Text Line — Text HOME to 741741
- Emergency Services — Call 911
- SAMHSA National Helpline — 1-800-662-4357
© 2026 The Couples Room. All rights reserved.