Privacy Policy

Effective Date: October 17, 2025
Contact: office@joyofbecoming.com | P.O. Box 342, Peterborough, NH 03458

This Policy explains how we collect, use, disclose, and protect information in connection with our Website, SimplePractice client portal, scheduling systems, payment processors, and communications. It also sets out key practice policies relevant to how your information is handled in care.

1. Acceptance of this Policy

By visiting or using the Website or any products or services that link to this Policy (collectively, the “Services”), you acknowledge that you have read and agree to be bound by this Policy. If we update this Policy, the “Effective Date” above will change. Your continued use after updates constitutes acceptance of the revised Policy. If you do not agree, you must not access or use the Services.

2. Scope; Clinical vs. Non-Clinical Services

This Policy applies to information collected online (Website forms, portal, telehealth) and offline (phone, paper forms).

• Licensed clinical services are rendered by qualified clinicians and are subject to HIPAA and state privacy laws.

• Faith-integrated/Biblical services are non-clinical and not rendered under a professional license.

For clinical services, our HIPAA Notice of Privacy Practices (NPP) governs PHI in detail. You will receive the NPP at intake and may request a copy at any time.

3. Information We Collect

You provide: name, email, phone, address, scheduling details, preferences, messages, purchase details, newsletter requests, workshop sign-ups, and clinical intake information you choose to share.
Automatically collected: IP address, browser/device type, pages viewed, time on site, referring URLs, and general usage data (typically aggregated).
Cookies & Pixels: We and our service providers may use cookies, pixels, and similar technologies to operate the Website, remember preferences, and measure performance (see Section 10).

4. When Health Privacy Laws Apply (HIPAA and State Law)

When you engage in clinical services, your information may constitute Protected Health Information (PHI) under HIPAA and applicable state law. We use and disclose PHI only as permitted by law and described in our NPP, which explains your rights to access, correction, restrictions, and disclosures. We are committed to the confidentiality, integrity, and security of your PHI.

5. How We Use Information

We use information to:

• Provide and improve the Services;

• Schedule and manage appointments;

• Process payments and issue invoices/Superbills;

• Communicate with you (e.g., reminders, updates);

• Personalize content and understand usage;

• Comply with legal/ethical obligations; and

• Protect our rights and the security of our systems.

Marketing: We may send newsletters or updates you request or consent to; you can opt out at any time (see Section 15).

6. Disclosures of Information (Non-PHI)

We do not sell personal information. We may disclose information (minimum necessary) to:

1. Service providers supporting EHR/telehealth/scheduling/billing/email/hosting/analytics under appropriate contracts;

2. Professional advisors (legal, accounting) under confidentiality;

3. Authorities when required by law, court order, or to protect rights/safety;

4. Successors/assignees in connection with mergers, acquisitions, restructuring, or dissolution, in accordance with this Policy; and

5. Enforcement of our terms and agreements, including billing and collection.

For PHI, disclosures follow HIPAA, state law, and our NPP.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards. Email and standard SMS are not fully secure—please limit such communications to logistics. Payment card data is handled by third-party processors; we do not store full card numbers on our systems. No method of transmission or storage is 100% secure.

8. Data Retention

We keep information as long as necessary to provide services, meet legal/ethical record-keeping obligations, resolve disputes, and enforce agreements. Clinical records are maintained per law and ethical standards (see Appendix D); when multiple states apply, we follow the longest applicable retention period.

9. Your Rights & Choices

• Marketing emails: Unsubscribe at any time via the link provided.

• Cookies/Tracking: Manage via your browser or device settings (some features may not function without cookies).

• Website/Marketing data requests: Email office@joyofbecoming.com; we respond within 48 hours.

• PHI requests: Submit a written request pursuant to our NPP; reasonable fees may apply where allowed by law.

10. Cookies, Web Beacons, and Analytics

We and our providers may use:

• Cookies to recognize your browser, improve usability, and remember preferences (including optional login convenience cookies).

• Pixels/web beacons to understand engagement, measure performance, and support marketing operations.

• Analytics (e.g., Google Analytics) to better understand usage and improve performance (e.g., pages visited, session duration, device type). See Google’s Privacy & Terms for details and opt-out options.

• Some providers may use Flash/local storage to store preferences (manage via your device settings if applicable).

You can control cookies in your browser settings; disabling some cookies may affect Website functionality. We do not currently respond to Do Not Track signals (see Section 20).

11. Comments & Social Media

If we enable Website comments, the comment and its metadata may be retained to streamline moderation. We may use your name/email/organization information associated with a comment solely to communicate with you about the comment or as required by law.
If you interact with us on social media, you may choose to disclose personal information publicly. We do not control how third parties use information you share on social platforms and are not responsible for their practices. Social media messaging is not secure and is not monitored for clinical purposes.

12. Children’s Privacy

Website: not directed to children under 18; we do not knowingly collect personal information from children under 18. If you believe a child has provided information without consent, contact us to request deletion (COPPA compliance).
Clinical services: not provided to minors without appropriate parental/guardian authorization consistent with state law. Our website is not intended for individuals under 18 without such authorization.

13. International Visitors

If you access the Services from outside the United States, your information may be processed in the U.S., where data protection laws may differ from those in your jurisdiction.

14. Visitors’ GDPR/UK GDPR Rights (EU/EEA/UK)

If you are located in the EU/EEA/UK, you may exercise rights to access, rectification, erasure, restriction, objection (legitimate interests), data portability, and withdrawal of consent (without affecting prior lawful processing). You may lodge a complaint with your local supervisory authority.
We process data under lawful bases such as consent, contractual necessity, legal obligation, vital interests (rare), public interest (rare), and legitimate interests (e.g., site security, service improvement, permitted marketing).
To exercise rights, contact office@joyofbecoming.com. We respond within 48 hours and complete requests within applicable legal timeframes.

PIPEDA (Canada): If you are in Canada and PIPEDA applies, we provide notice of why and how we collect, use, and disclose personal information, and you may request access and an accounting of uses/disclosures. We apply appropriate safeguards commensurate with the sensitivity of the data.

15. Email Marketing; Opt-Out

We comply with the CAN-SPAM Act and do not send misleading information. Our emails identify the sender, include contact information, and provide a clear unsubscribe link.

• EU/UK: We will send marketing emails only with your affirmative consent (opt-in).

• Outside EU/UK: If you opt to receive resources or purchase services, we may send relevant emails; you can unsubscribe anytime.

16. U.S. State Privacy Rights (Where Applicable)

U.S. state privacy laws (e.g., CA, CO, CT, VA, UT, IA, DE, NE, NH, NJ, TN, MN, MD, TX, NV) may grant residents additional rights, including to access, correct, delete, portability, and opt-out of targeted advertising/sale/sharing.

• We do not sell personal information and do not knowingly “share” it for cross-context behavioral advertising as defined in California law.

• To exercise state privacy rights (including authorized agent requests and appeal rights where applicable), email office@joyofbecoming.com with your name, email, mailing address, and request details. We will verify and respond within the legal timelines.

• California “Shine the Light”: You may request information about how we share certain categories of information with third parties for their own direct marketing. Submit requests to the email above.

• Do Not Track: We do not respond to DNT signals at this time (browser setting information is available within your browser’s help resources).

17. Practice Policies Affecting Your Information

These operational policies influence what data we collect and how we handle it:

A. Appointments & Cancellations

Cancel or reschedule at least 24 hours in advance; late cancellations/no-shows are charged the full session fee ($170). Standard sessions are 45–60 minutes. Late arrival may shorten your session, while the full fee applies.

B. Payment & Insurance

Payment is collected the day prior to your session. You receive an Invoice by email (your receipt). Upon request, we provide a Superbill for your records or HSA/FSA use. We do not accept or bill insurance.

C. Practice Fee Schedule

We charge industry-standard fees for individual psychotherapy, family psychotherapy, and agreed between-session professional services. A current Fee Schedule is available upon request. Letters are provided only in limited circumstances at clinician discretion.

D. Electronic Communication & Telehealth

Email, text, and voicemail are for scheduling/logistics only.
Telehealth is delivered via SimplePractice (HIPAA-compliant, encrypted). For confidentiality, use a private location, secure Wi-Fi, and updated devices. You may withdraw telehealth consent at any time without penalty to future care. You must be physically located in a state where your clinician is licensed (typically NH/MA/FL) during telehealth sessions.

E. Court/Legal Proceedings

We do not provide evaluations, court reports, or testimony, and are not expert witnesses. If you require forensic services, we can provide referrals. Please inform your attorney of this policy.

F. Termination of Services

We will plan termination collaboratively. We may terminate after discussion if therapy is not being effectively used or for non-payment. If no appointment/contact occurs for 90+ days (absent prior arrangement), we may consider the professional relationship discontinued and close your file. Referrals available upon request.

G. Notices to Clients (Boards & Complaints)

• New Hampshire: Office of Professional Licensure & Certification — Board of Mental Health Practice | (603) 271-2152 | https://www.oplc.nh.gov/

• Massachusetts: Board of Registration of Social Workers | (617) 624-6161 | swboard@mass.gov | https://www.mass.gov/orgs/board-of-registration-of-social-workers

• Florida: Board of Clinical Social Work, Marriage & Family Therapy, and Mental Health Counseling | Customer Contact: (850) 488-0595 | Board Office: (850) 245-4292 | Complaint Portal: https://complaint-portal.mqa.flhealthsource.gov/

18. Third-Party Links, Embedded Content, and Advertising

Our Website may include links to third-party sites and embedded content (e.g., videos). Those parties may collect data about you, use cookies, and track interactions independently. We do not control and are not responsible for third-party practices; your use of third-party sites is at your own risk.
We may use third-party advertising/remarketing tools and social media pixels in compliance with platform policies. You may see our ads on third-party sites after visiting our Website.

19. No Sale of Personal Information

We do not sell personal information and have not sold personal information in the previous 12 months. If our practices change, we will update this Policy and provide opt-out mechanisms as required by law.

20. Do Not Track (DNT)

California and Delaware law require us to state whether we honor DNT signals. We do not currently respond to DNT signals. You may control cookies and tracking technologies via your browser/device settings.

21. Changes to this Policy

We may update this Policy to reflect changes in operations, legal requirements, or best practices. The updated Policy is effective upon posting to the Website. Your continued use after posting indicates acceptance.

22. Contact

The Joy of Becoming, DBA Ashes Plus Grace, PLLC
Attn: Adaris Pickett, LICSW, Ed.S., RPT-S
P.O. Box 342, Peterborough, NH 03458
Email: office@joyofbecoming.com

APPENDIX

A. Good Faith Estimate (No Surprises Act)

Before your first session, we review a Good Faith Estimate outlining expected costs (session fees, estimated frequency/duration, optional add-ons). You have the right to receive it in writing and request an updated estimate if your plan or fees change.

B. Telehealth Platform & Security Statement

Telehealth is conducted via SimplePractice (HIPAA-compliant, encrypted). Clients are encouraged to use private spaces, secure Wi-Fi, and updated devices.

C. Limited Availability Disclosures

EMDR Intensives, retreats, and certain workshops are offered on a limited basis depending on clinician capacity and seasonality. Contact us for current openings.

D. Record Retention Policy Summary (State Laws)

We follow the longest applicable retention period and use secure destruction when the period ends.

• New Hampshire: N.H. Admin. Code §§ He-C 6340.13, He-C 6343.20 — retain ≥ 7 years after services end.

• Massachusetts: 258 CMR 22.02 — keep for 7 years after last contact, or for minors, 7 years or 3 years after reaching majority, whichever is longer.

• Florida: Rule 64B4-9.001, F.A.C. — retain 7 years after last contact; upon practice closure/relocation, retain 2 additional years and notify clients how to obtain records.

E. Email Marketing Compliance (CAN-SPAM)

All marketing emails clearly identify the sender, include our contact information, and provide a visible unsubscribe link. Opt-out requests are honored promptly.

© The Joy of Becoming, DBA Ashes Plus Grace, PLLC. All rights reserved.

VS

 🌿 Integrated Privacy & Practice Policy-LESS FORMAL

 Integrated Privacy & Practice Policy
Effective October 17, 2025
Contact: office@joyofbecoming.com | P.O. Box 342 Peterborough, NH 03458

1. Our Promise to You

At The Joy of Becoming, we value your privacy and trust. This policy explains—in plain language—how we protect your information, what we collect, how we use it, and your rights. Whether you meet with us for therapy, coaching, or faith-based guidance, your confidentiality matters.

2. The Kinds of Services We Offer

We provide both licensed clinical services (psychotherapy, counseling) and non-clinical, faith-integrated services (Biblical or spiritual guidance).
Clinical services follow federal and state health-privacy laws such as HIPAA, while faith-based services focus on spiritual care and are not a substitute for licensed mental-health treatment.

3. What Information We Collect

• Information you share: name, contact details, scheduling preferences, messages, or health information you choose to disclose.

• Automatically collected: limited technical data (IP address, device type, pages viewed) used for analytics and site improvement.

• Cookies: small files that help the site function smoothly. You can adjust cookie settings in your browser at any time.

4. How We Use Your Information

We use your information to:

• schedule and manage sessions,

• communicate with you,

• process payments,

• provide updates you request, and

• maintain safety, compliance, and good recordkeeping.

We never sell or trade your information, and we share it only with trusted service providers—like our secure electronic record system (SimplePractice)—as needed to serve you.

5. When Health-Privacy Laws Apply

If you are a clinical client, your information may qualify as Protected Health Information (PHI) under HIPAA and state privacy laws.
We keep your records confidential, use them only for your care, and follow the rules described in our Notice of Privacy Practices (NPP). You’ll receive a copy at intake and may request another anytime.

If you ever have questions about how your information is used, please ask—we’re always happy to explain in plain terms.

6. How We Keep Information Secure

We use secure, encrypted systems and follow professional standards to protect your information.
Email and standard text messaging are best used for scheduling—not for private or clinical details—because no electronic method is completely risk-free.

7. How Long We Keep Records

We retain records only as long as required by law and professional ethics:

• New Hampshire: 7 years after services end.

• Massachusetts: 7 years after last contact, or 3 years after a minor turns 18, whichever is longer.

• Florida: 7 years after last contact, plus 2 extra years if a practice closes or relocates.
  When multiple states apply, we keep records for the longest required time.

8. Your Rights and Choices

• Access or corrections: You may request a copy of your records or ask for corrections.

• Marketing emails: Every message includes an “unsubscribe” link.

• Cookies: You can manage cookie settings in your browser.

• GDPR/UK visitors: If you’re in the EU/UK, you also have rights to data access, correction, deletion, restriction, portability, and withdrawal of consent.
  We respond to all privacy requests within 48 hours.

9. Good Faith Estimate (No Surprises Act)

Before your first session, we’ll review a Good Faith Estimate that outlines expected costs so you know what to expect. It lists session fees, possible add-ons, and how often we might meet. You may request an updated estimate anytime your plan or fees change.

10. Telehealth & Technology

Sessions may take place online through Simple Practice, a HIPAA-compliant and encrypted platform designed for behavioral-health care.
To protect privacy, please join sessions from a private space using secure Wi-Fi and an updated device.
You can withdraw consent for telehealth at any time without affecting future care.

11. Payments & Insurance

Payment is collected the day before each session. You’ll receive an invoice by email, which serves as your receipt.
If you’d like to use your Health Savings Account (HSA), you may do so.
We don’t bill insurance directly, but we can provide a Superbill upon request for possible reimbursement.

12. Cancellations & Missed Sessions

If you need to cancel or reschedule, please do so at least 24 hours in advance.
Late cancellations or missed sessions are billed at the full session fee ($170).
If you’re late, the session will end at the scheduled time so we can honor the next client’s appointment.

13. Communication Boundaries

Email, text, or voicemail are for logistics only—never emergencies.
We aim to reply within 48 hours on business days.
If you ever feel unsafe or in crisis, please call 911 or 988 (Suicide & Crisis Lifeline) or go to your nearest emergency department.

14. Social Media & Online Boundaries

To protect your confidentiality, we don’t accept friend or follow requests from current or former clients on social media. Messages sent through social platforms are not secure or monitored for clinical use.

15. Limited Availability & Special Services

Programs like EMDR Intensives, retreats, and workshops are offered on a limited basis depending on clinician capacity and season. Contact us for the most current schedule.

16. Court & Legal Matters

We do not provide reports, evaluations, or testimony for court cases. If you need forensic or custody evaluations, we’re happy to refer you to qualified specialists. Protecting your confidentiality is our top priority.

17. Ending Therapy or Coaching

Ending any professional relationship can take time and care. We’ll plan this together.
If we haven’t heard from you for 90 days and no arrangements are made, your file may be closed. We’ll always provide referrals if you wish to continue care elsewhere.

18. State Licensure & Complaints

If you ever have concerns about your care, please talk with us first—we genuinely want to resolve them.
If needed, you may also contact:

• New Hampshire: Office of Professional Licensure & Certification — Board of Mental Health Practice | (603) 271-2152 | oplc.nh.gov

• Massachusetts: Board of Registration of Social Workers | (617) 624-6161 | swboard@mass.gov

• Florida: Board of Clinical Social Work, Marriage & Family Therapy and Mental Health Counseling | (850) 488-0595 | complaint-portal.mqa.flhealthsource.gov

19. International Visitors & Canadian Clients

If you’re outside the U.S., your information may be processed here, where privacy laws differ. If you’re in Canada, we comply with PIPEDA, meaning you can request access to and an accounting of how your data is used. We apply strict safeguards suitable to the sensitivity of the data.

20. Changes to This Policy

We occasionally update this Policy to reflect legal or operational changes. The “Effective Date” above shows the latest revision. We’ll always protect your privacy with the same care and integrity.

© The Joy of Becoming, DBA Ashes Plus Grace, PLLC. All rights reserved.

14. Contact Information

The Joy of Becoming, DBA Ashes Plus Grace, PLLC
Attn: Adaris Pickett, LICSW, Ed.S., RPT-S
P.O. Box 342, Peterborough, NH 03458
Email: office@joyofbecoming.com

We deeply value your trust. Please reach out anytime if you’d like more information about how your privacy and confidentiality are protected in therapy.