Legal
Website Privacy Policy
Last updated: May 1, 2026
1. Introduction
This Website Privacy Policy describes how the Institute for Self-Determined Relationships, PLLC ("ISDR," "we," "us," or "our") collects, uses, and protects information gathered through this website (selfdeterminedrelationships.com).
This policy applies to website visitors and governs data collected through website interactions only — contact forms, cookies, and analytics. It does not govern Protected Health Information (PHI) collected in the course of providing clinical services. That information is governed by our Notice of Privacy Practices, a separate document required by federal law.
2. Information We Collect
Information you provide voluntarily: When you fill out a contact or consultation request form, we collect your name, email address, phone number, and any message content you submit.
Information collected automatically: When you visit this website, we may automatically collect your IP address, browser type and version, referring URLs, pages visited, and the time and date of your visit.
Site analytics: We use Umami Cloud, a privacy-focused, cookieless analytics service, to understand aggregate visitor patterns. See Section 4 for details.
3. How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and schedule consultations
- Improve website performance, usability, and content
- Conduct internal research and quality improvement to better understand how visitors use this site and what services people are seeking
- Comply with applicable legal obligations
- Protect the security and integrity of our website
We do not sell your personal information. We do not use it for advertising purposes.
Research: We may use aggregated, de-identified website data for internal research and practice improvement. We may also share de-identified, aggregated data with external research partners or for publication — for example, to contribute to knowledge about mental health service access and utilization. De-identified data contains no name, email address, IP address, or any other information that could reasonably be used to identify you. We will not share identifiable personal information for research purposes without your consent or as otherwise authorized by applicable law.
4. Site Analytics
We use Umami Cloud for cookieless site analytics — aggregate counts (page views, referring sources, visitor totals) that cannot be re-identified to a person. We also use your browser's session storage to maintain a per-session reference code that helps us understand which page led to a consultation request; it stays in your tab and clears when you close it.
We do not use cookies for advertising, advertising trackers (Meta Pixel, Google Ads tags, etc.), cross-site tracking, or session replay.
Do Not Track: Our practices already align with DNT regardless of whether the signal is sent.
5. Third-Party Services
We use the following third-party services to operate this website:
- Umami Cloud — privacy-focused, cookieless site analytics (see Section 4).
- Google Workspace (Google Forms) — for our consultation and contact intake forms, under a signed Business Associate Agreement (BAA).
- Cloudflare Pages — for website hosting and content delivery.
- SimplePractice — a HIPAA-compliant practice management platform used for clinical scheduling and records.
These vendors may have access to information necessary to perform their functions but are not permitted to use it for other purposes. Any vendor who accesses Protected Health Information (PHI) on our behalf is required to sign a Business Associate Agreement (BAA) as required by HIPAA.
6. Digital Communications
Standard email, text messages, and online contact forms are not fully secure means of communication. While we make reasonable efforts to protect information you send through this website, we cannot guarantee the confidentiality of information transmitted over the internet.
For this reason, we recommend that you avoid sharing sensitive personal health information through website contact forms or email. Once a clinical relationship is established, we encourage you to use your secure client portal for all confidential clinical communications.
By contacting us through this website, you acknowledge and accept the inherent limitations of internet-based communications.
7. Social Media
ISDR maintains professional social media accounts for educational and community outreach purposes. The following practices govern how we and our clinicians interact on social media platforms.
Public interactions: If you like, comment on, share, or otherwise interact with ISDR's public social media content, that interaction is subject to the privacy policy of the platform you are using — not this policy. We do not collect or store information about your activity on third-party platforms outside of our own pages.
Client connections: To protect your confidentiality and maintain professional boundaries, ISDR clinicians will not send friend or follow requests to current or former clients on any personal or professional social media account. Clinicians will not follow clients' personal accounts. You may choose to follow ISDR's public professional accounts; doing so does not create or imply a clinical relationship.
Messaging: Social media direct messages, @replies, public wall posts, and similar interactions are not confidential and are not appropriate for clinical matters. We ask that clients not contact clinicians through social media channels. If you send ISDR a message through a social media platform, that message is visible to and stored by the platform and is not subject to HIPAA protections. For all clinical or sensitive communications, please use your secure client portal.
Newsletter and email list: If you subscribe to any ISDR mailing list, you may unsubscribe at any time using the link in any email. We do not share or sell subscriber information to third parties.
8. Data Security
This website uses SSL/TLS encryption (HTTPS) to protect data transmitted between your browser and our servers. We implement reasonable administrative, technical, and physical safeguards to protect information against unauthorized access, disclosure, alteration, or destruction.
No method of internet transmission or electronic storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.
9. Data Retention
Identifiable information: We retain personally identifiable website visitor data — including contact form submissions containing your name, email, or phone number — for the period reasonably necessary to respond to your inquiry and for internal administrative records. We do not retain identifiable information indefinitely for purposes beyond those stated in this policy.
De-identified and aggregated data: Data that has been de-identified or aggregated such that it cannot reasonably be used to identify you may be retained for internal research, quality improvement, and analytics purposes without a fixed retention period.
Clinical records are subject to separate retention requirements under HIPAA and applicable state law, as described in our Notice of Privacy Practices.
10. Legal Process & Disclosures
We may disclose personal information when required by law, court order, or valid legal process (such as a subpoena). If we receive a subpoena or other legal demand for information about a website visitor, we will comply with applicable law. Where legally permissible, we will provide reasonable notice before disclosing information in response to a third-party legal demand.
We may also disclose information when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ISDR, our clients, or the public, as permitted by law.
Clinical records and Protected Health Information are subject to separate and more stringent disclosure requirements under HIPAA and applicable state law. Those rules are described in our Notice of Privacy Practices.
11. Children's Privacy
This website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.
12. California Residents
Protected Health Information (PHI) collected in the course of providing clinical services is expressly exempt from the California Consumer Privacy Act (CCPA, as amended by the California Privacy Rights Act, "CPRA") under Cal. Civ. Code §1798.145(c)(1)(B), which excludes PHI governed by HIPAA. That information is governed by our Notice of Privacy Practices.
Non-clinical website visitor data (such as information collected through contact forms or website analytics) may be subject to rights under the CCPA/CPRA for California residents, including:
- The right to know what personal information is collected about you and how it is used
- The right to request deletion of your personal information
- The right to correct inaccurate personal information we hold about you
- The right to non-discrimination for exercising any of these rights
To make a request, contact us using the information in Section 16.
13. HIPAA and Clinical Records
This Website Privacy Policy does not govern your Protected Health Information as a patient or prospective patient. Your clinical records and health information are protected by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws.
For information about how we handle your clinical records, your rights as a patient, and how to file a complaint, please review our Notice of Privacy Practices.
14. Third-Party Links
This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any external sites you visit.
15. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of this website after any changes constitutes your acceptance of the updated policy.
16. Contact Us
If you have questions about this policy or wish to make a data request, please contact us:
Institute for Self-Determined Relationships, PLLC
Privacy Officer: Dr. Brady Eisert
Email: [email protected]
Phone: (801) 648-9664