Privacy Policy

1. Introduction and Scope

CounselorFit ("we," "us," or "our"), operated by Exponent Group, a registered 501(c)(3) nonprofit organization (EIN: 83-2293642), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our platform at counselor.fit (the "Service").

This policy applies to all users of the Service, including individuals seeking therapy ("Clients"), licensed mental health professionals ("Therapists"), and organizations accessing the platform on behalf of their employees ("Enterprise Clients").

By using the Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, please do not use the Service. This Privacy Policy should be read in conjunction with our Terms of Service.

2. Information We Collect

2a. Personal Information You Provide

Clients: Name, email address, phone number, location (city/state/zip), therapy preferences (specialties sought, insurance information, scheduling preferences), and any information you include in inquiry messages to therapists.

Therapists: Name, email address, phone number, practice address, professional credentials (licensure type, license number, issuing state), educational background, clinical specialties, years of experience, professional liability insurance details, biographical information, headshot/photo, session rates, and insurance panels accepted.

Enterprise Clients: Organization name, contact person name, email address, phone number, employee count, and billing information.

2b. Usage Data

We automatically collect information about how you interact with the Service, including pages visited, search queries (e.g., specialty searches, location filters), time spent on pages, referring URLs, browser type, device type, operating system, and IP address.

2c. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to improve your experience, analyze usage patterns, and deliver relevant content. See Section 7 for detailed cookie information.

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the CounselorFit directory and marketplace
• Facilitate connections and matching between Clients and Therapists based on specialty, location, insurance, and preference criteria
• Process Therapist applications, verify credentials, and maintain our vetting standards
• Display Therapist profiles in the directory and in search results
• Process subscription payments and platform service fees
• Generate aggregated, de-identified utilization reports for Enterprise Clients
• Send transactional communications (inquiry confirmations, account updates, payment notifications)
• Send marketing communications where you have opted in (you may opt out at any time)
• Analyze usage patterns and trends to improve user experience and platform functionality
• Detect, prevent, and address fraud, security issues, and technical problems
• Comply with legal obligations

4. Information Sharing

We do not sell your personal information. We share your information only in the following circumstances:

4a. Between Clients and Therapists

When a Client submits an inquiry to a Therapist through the platform, the Therapist receives the Client's name, contact information, and the content of the inquiry message. Therapist profile information (name, credentials, specialties, location, biography, rates) is displayed publicly in the directory.

4b. With Enterprise Clients

Enterprise Clients receive ONLY aggregated, de-identified utilization data. This includes metrics such as total connections made, aggregate satisfaction ratings, and utilization rates. Enterprise Clients will NEVER receive: individually identifiable information about which employees used the platform, which therapists employees connected with, session content, diagnoses, treatment details, or any other Protected Health Information.

4c. With Service Providers

We share information with third-party service providers that help us operate the platform, including hosting (Vercel), analytics (Google Analytics), email services, and payment processing ([PAYMENT PROCESSOR]). These providers are contractually obligated to use your information only as necessary to provide services to us.

4d. For Legal Compliance

We may disclose your information when required by law, in response to a valid subpoena or court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. HIPAA Notice

CounselorFit is NOT a covered entity under the Health Insurance Portability and Accountability Act (HIPAA).

CounselorFit operates as a directory and marketplace platform. We do not:

• Provide healthcare services, diagnoses, or treatment
• Access, store, or transmit Protected Health Information (PHI) related to therapy sessions, clinical notes, treatment plans, diagnoses, or therapeutic content
• Process insurance claims or health plan transactions
• Have access to or visibility into the therapeutic relationship between Clients and Therapists

Therapist HIPAA Responsibilities: Each Therapist listed on CounselorFit is an independently licensed healthcare provider and is solely responsible for their own HIPAA compliance, including: maintaining appropriate safeguards for PHI, providing Notice of Privacy Practices to their clients, executing Business Associate Agreements with their own service providers, and complying with breach notification requirements.

Enterprise BAA: Where required or requested, CounselorFit will enter into a Business Associate Agreement with Enterprise Clients. The scope of any such BAA is limited to the specific data elements processed through the platform (e.g., employee contact information used for therapist matching) and does not extend to session content or clinical data, which CounselorFit never accesses. [ATTORNEY TO REVIEW BAA SCOPE AND NECESSITY]

6. Enterprise Client Data

When an Enterprise Client provides access to CounselorFit as an employee benefit, we collect and process employee data as follows:

6a. Data We Collect from Enterprise Employees

Employee name, work email (for account creation), and therapy preferences provided by the employee during their use of the platform. We may also receive employee eligibility lists from Enterprise Clients for the purpose of verifying benefit access.

6b. Aggregated Reporting

Enterprise Clients receive only aggregated, de-identified reports. Example metrics include: total number of employees who created accounts, total number of therapist connections made, and aggregate satisfaction scores. Reports are only generated when the employee population is large enough to prevent individual identification (minimum [MINIMUM REPORTING THRESHOLD — e.g., 25 EMPLOYEES]).

6c. No Individual Identification

CounselorFit will never share with an Enterprise Client: which specific employees used the platform, which therapists they contacted, the content of any inquiries or communications, any information about sessions, diagnoses, or treatment, or any other individually identifiable usage information. An employee's use of CounselorFit through an employer benefit is confidential.

7. Cookies and Tracking

We use the following tracking technologies:

7a. Essential Cookies

Required for the platform to function (session management, authentication, security). These cannot be disabled.

7b. Analytics

We use Google Analytics 4 (GA4) and Google Tag Manager (GTM) to understand how users interact with the platform. GA4 collects aggregated usage data including page views, session duration, demographics (age range, general location), and traffic sources. Google Analytics data is governed by Google's Privacy Policy.

7c. Managing Cookies

You can control cookies through your browser settings. Disabling non-essential cookies will not affect core platform functionality but may limit our ability to improve the Service. [ATTORNEY TO ADVISE ON COOKIE CONSENT BANNER REQUIREMENTS — GDPR/ePrivacy IF APPLICABLE]

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and monitoring
• Secure hosting infrastructure with [HOSTING PROVIDER — e.g., VERCEL / AWS]

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods:

• Active accounts: Data is retained for the duration of your account plus [RETENTION PERIOD AFTER ACCOUNT CLOSURE — e.g., 3 YEARS]
• Therapist credential records: Retained for [CREDENTIAL RETENTION PERIOD — e.g., 7 YEARS] after delisting for compliance and audit purposes
• Payment and subscription records: Retained for [FINANCIAL RECORD RETENTION — e.g., 7 YEARS] as required by tax and financial regulations
• Analytics data: Aggregated analytics data is retained indefinitely; individual usage logs are purged after [USAGE LOG RETENTION — e.g., 26 MONTHS]

You may request deletion of your account and personal data at any time (see Section 10). Certain data may be retained as required by law or for legitimate business purposes (e.g., financial records, dispute resolution).

10. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete personal information
• Deletion: Request that we delete your personal information, subject to legal retention requirements
• Portability: Request a copy of your data in a structured, commonly used, machine-readable format
• Opt-out:Opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or contacting us directly
• Restriction: Request that we restrict processing of your personal information in certain circumstances

To exercise any of these rights, contact us at hello@counselor.fit. We will respond to verified requests within [RESPONSE TIMEFRAME — e.g., 30 DAYS / 45 DAYS AS REQUIRED BY APPLICABLE LAW].

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• No Sale of Personal Information: CounselorFit does not sell personal information as defined by the CCPA.

To submit a CCPA request, contact us at hello@counselor.fit or [TOLL-FREE NUMBER IF REQUIRED — ATTORNEY TO ADVISE]. We will verify your identity before processing requests. You may also designate an authorized agent to make requests on your behalf. [ATTORNEY TO REVIEW CCPA APPLICABILITY BASED ON REVENUE/DATA THRESHOLDS]

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at hello@counselor.fit and we will take steps to delete such information.

Note: While minors may receive therapy services from Therapists listed on our platform, accounts and inquiries must be created and managed by a parent or legal guardian. The therapeutic relationship, including consent for treatment of minors, is governed by the Therapist's own policies and applicable state law.

13. International Users

CounselorFit is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your information to the United States. [ATTORNEY TO ADVISE ON GDPR COMPLIANCE REQUIREMENTS IF APPLICABLE — STANDARD CONTRACTUAL CLAUSES, DATA PROCESSING AGREEMENTS, ETC.]

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this page
• Sending email notification to registered users for material changes
• Posting a prominent notice on the platform for [NOTICE PERIOD — e.g., 30 DAYS] prior to changes taking effect

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

15. Contact Information

If you have questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us:

[ATTORNEY TO ADVISE ON WHETHER A DEDICATED DATA PROTECTION OFFICER OR PRIVACY CONTACT IS REQUIRED]