Privacy Policy
Effective Date: April 24, 2026Mindfulous Inc. ("Mindfulous," "we," "us," or "our") is committed to protecting the privacy of our website visitors and users of our online services. This Privacy Policy explains how we collect, use, share, and protect information about you when you visit mindfulous.com (the "Website"), interact with our online services, or communicate with us. By using our Website, you consent to the practices described in this Policy.
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- How Long We Keep Your Information
- Cookies and Tracking Technologies
- Your California Privacy Rights (CCPA / CPRA)
- Sensitive Personal Information
- We Do Not Sell or Share Your Personal Information
- Security
- Children's Privacy
- Third-Party Websites
- Changes to This Policy
- Contact Us
1. Information We Collect
We may collect the following categories of personal information when you interact with our Website:
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email address, phone number, postal address, IP address | You, your device |
| Commercial information | Services you've inquired about or booked | You |
| Internet or electronic activity | Pages viewed, browser type, device type, operating system, referring URL, dates and times of visits | Your device, cookies, analytics tools |
| Geolocation data | Approximate city/state (from IP address) | Your device |
| Professional / demographic | Information you voluntarily provide in contact forms or comments | You |
| Sensitive personal information | Health-related inquiries you submit via contact forms (before becoming a patient) | You |
Once you become a Mindfulous patient, any health information you provide during treatment is Protected Health Information (PHI) governed by our Notice of Privacy Practices and HIPAA/CMIA, not this Privacy Policy.
2. How We Use Your Information
- To provide and improve our services: respond to your inquiries, schedule appointments, and provide information about our services. We also use your information to improve the content and functionality of our Website.
- To communicate with you: with your consent, we may send you newsletters, updates, and information about our services. You can opt out at any time.
- To analyze Website usage: we may analyze aggregated data to better understand how visitors use our Website and improve its effectiveness.
- To comply with legal obligations: we may use your information to comply with applicable law, respond to legal process, or protect the rights, property, or safety of Mindfulous, our patients, or the public.
3. How We Share Your Information
We may share your information in the following limited circumstances:
- Service providers: third-party providers performing functions on our behalf (website hosting, analytics, email delivery, customer support). These providers have access only to the information needed to perform their services and are contractually required to protect your information.
- Legal requirements: when required by law, court order, subpoena, or other lawful request.
- Protection of rights: to protect the rights, property, or safety of Mindfulous, our patients, or others; to prevent fraud; or to enforce our policies.
- Business transactions: in connection with a merger, acquisition, or sale of assets, with appropriate safeguards.
We do NOT sell your personal information. See Section 8 for more detail.
4. How Long We Keep Your Information
We retain personal information only as long as necessary for the purposes described in this Policy:
- Contact form submissions: up to 3 years, or until you request deletion, whichever comes first
- Marketing email subscribers: until you unsubscribe, plus 12 months for compliance records
- Analytics data: up to 26 months (default Google Analytics retention)
- Server logs: up to 90 days for security purposes
- Legal or compliance records: as required by applicable law (generally 7 years)
Patient medical records (PHI) are retained per our Notice of Privacy Practices and California law — minimum 7 years from last encounter, longer for minors and certain conditions.
5. Cookies and Tracking Technologies
Our Website uses cookies and similar technologies:
- Essential cookies: required for the Website to function (e.g., maintaining your session). Cannot be disabled.
- Analytics cookies: help us understand how visitors use our Website. We may use services such as Google Analytics.
- Preference cookies: remember your preferences (e.g., language, display settings).
You can control cookies through your browser settings. Disabling certain cookies may affect Website functionality. We do not use third-party advertising cookies or cross-site tracking for marketing purposes.
Do Not Track (DNT) signals: our Website does not currently respond to DNT signals because no universal standard exists, but we honor CCPA-based opt-out preference signals (Global Privacy Control / GPC) where technically supported.
6. Your California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the following rights:
A. Right to Know
You have the right to know what personal information we collect, use, disclose, and sell or share about you. You may request:
- The categories of personal information we have collected about you
- The categories of sources from which the information was collected
- The business or commercial purposes for collecting, selling, or sharing personal information
- The categories of third parties with whom we share personal information
- The specific pieces of personal information we have collected about you
B. Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (including legal retention requirements).
C. Right to Correct
You have the right to request correction of inaccurate personal information we maintain about you.
D. Right to Opt Out of Sale or Sharing
You have the right to opt out of the sale or sharing of your personal information. Mindfulous does not sell or share personal information — see Section 8.
E. Right to Limit Use and Disclosure of Sensitive Personal Information
You have the right to direct us to limit our use and disclosure of your sensitive personal information to only those uses necessary to perform the services or provide the goods reasonably expected by an average consumer.
F. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Exercising these rights will not affect your access to services, pricing, or quality of service.
G. Right to Data Portability
When exercising the Right to Know, you have the right to receive your personal information in a portable and, to the extent technically feasible, readily usable format.
How to Exercise Your Rights
To exercise any of these rights, please contact us:
- Email: hello@mindfulous.com with subject line "CCPA Request"
- Phone: (415) 375-0892
- Mail: 2021 Fillmore St, #2142, San Francisco, CA 94115
We will verify your identity before responding to your request. We will respond within 45 days (with one 45-day extension if reasonably necessary). Authorized agents may submit requests on your behalf with valid written authorization.
7. Sensitive Personal Information
We may collect sensitive personal information as defined by CPRA when you voluntarily submit health-related inquiries through our contact forms before becoming a patient. We use this information solely to respond to your inquiry and do not use it for profiling or inferring characteristics.
Under CPRA, you have the right to limit our use of this information. To exercise this right, contact us using the methods in Section 6.
8. We Do Not Sell or Share Your Personal Information
Mindfulous does not sell your personal information for money or other valuable consideration. We do not share your personal information for cross-context behavioral advertising purposes. We have not done so in the preceding 12 months.
We also do not knowingly sell or share the personal information of consumers under 16 years of age.
9. Security
We take reasonable technical, administrative, and physical precautions to protect your information from unauthorized access, disclosure, alteration, or destruction. These include encryption in transit (TLS), access controls, regular security reviews, and staff training. No method of Internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.
Patient PHI is maintained in HIPAA-compliant systems with additional safeguards described in our Notice of Privacy Practices.
10. Children's Privacy
Our Website is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will promptly delete the information.
11. Third-Party Websites
Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised Policy on our Website with an updated Effective Date. Material changes will be highlighted and, where required by law, we will obtain your consent. We encourage you to review this Policy periodically.
13. Contact Us
For questions about this Privacy Policy or to exercise your rights:
2021 Fillmore St, #2142, San Francisco, CA 94115
Email: hello@mindfulous.com
Phone: (415) 375-0892 · Fax: (866) 305-3569