Steady Compass Counseling Services  ·  The Gentle Paw

Privacy Policy

Effective Date: January 1, 2024  |  Last Updated: May 2026
Your privacy matters to us. Steady Compass Counseling Services and its DBA The Gentle Paw ("we," "us," or "our") are committed to protecting the privacy of everyone who visits our websites, contacts our practice, or receives services from us. This policy describes how we collect, use, store, and protect information across our websites — including steadycompasscounseling.com and all associated pages — and through our telehealth and in-person clinical services.

01 Who We Are

Steady Compass Counseling Services (a New York S-corp operating as The Steady Compass Counseling, LCSW) is a licensed behavioral health group practice providing individual, family, and group therapy services. Our principal offices are located in Nyack, NY and Stamford, CT.

We also operate under the DBA The Gentle Paw, which specializes in animal-assisted therapy, grief counseling related to pet and animal loss, and related services.

Licensed states and telehealth service areas

New York New Jersey Connecticut Florida Virginia Massachusetts

Our practice accepts clients across all of the above states through HIPAA-compliant telehealth platforms, in addition to in-person services at our New York and Connecticut offices.

02 HIPAA and Protected Health Information

Important notice As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), we are required by law to maintain the privacy and security of your Protected Health Information (PHI). Your clinical information — including diagnoses, treatment records, session notes, and billing data — is governed separately by our HIPAA Notice of Privacy Practices, which you will receive at the time of intake.

This website Privacy Policy addresses information collected through our website and general communications. It does not supersede or replace our HIPAA Notice of Privacy Practices. If you have questions about how your clinical records are handled, please contact us directly or request a copy of the Notice of Privacy Practices.

PHI we collect in a clinical context

  • Name, address, date of birth, and contact information
  • Insurance information, including Member ID and group numbers
  • Diagnoses, presenting concerns, and treatment goals
  • Session notes, progress notes, and treatment plans
  • Emergency contact and release of information designees
  • Payment and billing records

We use HIPAA-compliant electronic health record (EHR) and billing systems. Our telehealth sessions are conducted on HIPAA-compliant video platforms. Unauthorized access to or disclosure of PHI is strictly prohibited and may be subject to civil and criminal penalties under federal law.

03 Information Collected on Our Website

Website hosting — Squarespace

Our websites are hosted on Squarespace, a third-party website platform. Squarespace automatically collects certain technical data from visitors, including IP addresses, browser type, referring URLs, and pages visited, as part of standard website hosting and analytics functions. This data is collected by Squarespace in accordance with their own privacy policy, available at squarespace.com/privacy.

Squarespace and HIPAA Squarespace does not offer a HIPAA Business Associate Agreement (BAA) and is not a HIPAA-compliant platform. Our websites are used for general information, marketing, and initial contact purposes only. Please do not submit protected health information (PHI) — such as diagnoses, symptoms, medications, or clinical history — through any Squarespace-hosted page, form, or comment feature. Clinical intake and sensitive communications are handled through our HIPAA-compliant systems.

Contact and inquiry forms

When you submit a contact form, a new client inquiry, or an appointment request through our website, we collect the information you voluntarily provide, which may include your name, email address, phone number, and a brief description of what you are looking for. This information is used solely to respond to your inquiry and facilitate scheduling.

Cookies and tracking technologies

Our website may use cookies — small data files stored on your device — to support website functionality, remember your preferences, and gather basic analytics about how visitors use our site. Squarespace may also place cookies as part of its hosting and analytics infrastructure. We do not use third-party advertising cookies or behavioral tracking for marketing purposes.

You may configure your browser to decline cookies; however, some features of the site may not function properly if cookies are disabled.

Analytics

We may use tools such as Google Analytics and Squarespace's built-in analytics to understand how visitors find and navigate our site. These tools collect anonymized, aggregate data (e.g., page views, session duration, general geographic region) and do not collect individually identifying health information. Analytics data is used to improve our website and online presence.

Embedded content

Our website may include embedded content from third-party sources (such as videos, maps, or social media posts). Embedded content from other websites behaves as if the visitor has visited those websites directly and may use their own cookies and tracking practices. We are not responsible for the privacy practices of third-party sites.

04 How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to inquiries, scheduling appointments, and onboarding new clients
  • Providing and documenting behavioral health services in compliance with professional and legal standards
  • Processing insurance claims, verifying benefits, and managing billing through authorized billing personnel and systems
  • Coordinating care with other treatment providers when you have provided written authorization
  • Meeting mandatory reporting obligations under state and federal law (e.g., duty to warn, child or elder abuse reporting)
  • Improving our website, clinical documentation processes, and service delivery
  • Sending practice-related communications such as appointment reminders and policy updates

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

05 Information Sharing and Disclosure

Authorized disclosures

We may share information in the following limited circumstances:

  • With your written consent — for care coordination, school-based communications, or other purposes you authorize via a signed Release of Information
  • Insurance and billing — we share clinically necessary information (diagnosis codes, CPT codes, session dates) with your insurance carrier, including Medicaid, Medicare, TRICARE, and commercial payers, as required to process claims
  • Business associates — we work with vendors who have signed HIPAA Business Associate Agreements (BAAs) committing them to protect your information. These include our EHR platform, billing services, and Google LLC (via our Google Workspace subscription, which covers Google Forms, Google Drive, Gmail, and related tools used in our practice operations)
  • Legal and safety requirements — we may disclose information as required by law, court order, or when necessary to prevent serious harm to you or others
  • Supervisory and training purposes — clinicians in supervised licensure positions (such as MFT interns or LMSW interns) receive supervision from licensed staff; clinical material is handled in accordance with HIPAA and our supervisory protocols

What we do not share

We do not sell your personal data. We do not share your contact information or clinical records for marketing purposes. We do not disclose identifying information from the website to data brokers or advertising networks.

06 Data Security

We take reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, and destruction. These include:

  • Use of HIPAA-compliant EHR and telehealth platforms with encrypted data transmission and storage
  • Role-based access controls limiting clinical record access to authorized personnel
  • Secure email and document handling practices for clinical and administrative communications
  • Staff training on privacy, confidentiality, and HIPAA obligations
Google Forms and Google Workspace Our intake and contact forms are powered by Google Forms through our Google Workspace subscription. Google LLC has signed a HIPAA Business Associate Agreement (BAA) with our practice, and data submitted through these forms is handled in accordance with HIPAA requirements. If you have questions about what to include in any form, please contact us directly before submitting.
Important notice — The Gentle Paw scheduling (YouCanBookMe) Appointment booking on The Gentle Paw website is facilitated through YouCanBookMe (YCBM), a third-party scheduling platform. YouCanBookMe is not HIPAA-compliant and does not sign Business Associate Agreements (BAAs). It complies with the UK Data Protection Act and EU/UK GDPR, but it does not meet the standards required under U.S. HIPAA law. As a result, please do not submit any protected health information (PHI) through the YouCanBookMe booking form — including diagnoses, medications, symptoms, or clinical history. Use the booking form only to provide your name, contact information, and the general type of service you are requesting. If you need to share clinical information prior to your appointment, please contact us directly by phone or through our HIPAA-compliant intake forms. You can review YouCanBookMe's privacy practices at youcanbook.me/privacy.

07 Data Retention

We retain clinical records in accordance with applicable state and federal requirements, which generally require retention of adult mental health records for a minimum of seven (7) years from the last date of service, and records for minor clients until seven years after they reach the age of majority (18), or as otherwise required by applicable law in New York, Connecticut, New Jersey, Florida, Virginia, or Massachusetts.

Website contact inquiries and non-clinical email correspondence are retained for a reasonable period to support service continuity and may be deleted after the matter is resolved.

If you have an account on our scheduling or client portal, you may request an export or deletion of certain personal data we hold, except where retention is required by law, regulatory compliance, or ethical obligations.

08 Your Rights

Depending on your state of residence, you may have the following rights with respect to your personal information:

Under HIPAA (for clinical clients)

  • The right to access and request copies of your health records
  • The right to request amendments to your records
  • The right to an accounting of disclosures
  • The right to request restrictions on certain uses or disclosures
  • The right to receive communications by alternative means or at alternative locations
  • The right to file a complaint with the U.S. Department of Health and Human Services if you believe your rights have been violated

Under applicable state law (website visitors and all individuals)

  • The right to know what categories of personal data we collect and how it is used
  • The right to request deletion of personal data we hold (subject to legal retention obligations)
  • The right to opt out of the sale of personal data (we do not sell personal data)
  • The right not to be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us using the information in Section 10 below. We will respond to requests within 30 days or as otherwise required by applicable law.

09 Minors

We provide clinical services to children and adolescents under the age of 18 in accordance with applicable consent and confidentiality laws, which vary by state. We do not knowingly collect personal information through our website from children under the age of 13 without verifiable parental consent. Our website is not directed to children under 13.

If you believe a minor has submitted personal information through our website without appropriate consent, please contact us and we will promptly review and address the matter.

10 Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your information is handled, please contact us:

Practice

Steady Compass Counseling Services
The Steady Compass Counseling, LCSW (S-corp)
DBA: The Gentle Paw

Offices

Nyack, New York
Stamford, Connecticut
Telehealth: NY · NJ · CT · FL · VA · MA

Website

steadycompasscounseling.com

Privacy complaints

To file a complaint with the U.S. Department of Health and Human Services, visit hhs.gov/hipaa/filing-a-complaint. Filing a complaint will not affect your access to services.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website or services after changes are posted constitutes your acceptance of the revised policy.