PRIVACY POLICY — West Oak Therapy & Consultation PLLC (2026)

Update: 6/22/2026

A clear, transparent explanation of how your information is handled when you visit this website or reach out for support.

Effective Date: January 1, 2026 Legal Business Name: West Oak Therapy & Consultation PLLC Business Email: jen@westoaktherapy.comBusiness Phone Number: 253-235-3002 Business Mailing Address: PO Box 194 Eatonville, WA 98328 Governing Law: HIPAA, RCW 70.02, RCW 19.255, COPPA, WAC 246‑809

Why This Policy Exists

This policy exists to:

  • Explain what information this website collects

  • Clarify what I do with that information

  • Tell you what I won’t do with it

  • Help you understand the difference between website privacy and clinical privacy

  • Show you how your information is protected

  • Outline your rights

  • Keep my practice compliant with federal and Washington State law

This is not your HIPAA Notice of Privacy Practices (NPP). That document is provided when you become a client and covers your clinical rights in detail.

This policy is specifically about website interactions — what happens before you ever become a client.

1. No Therapeutic Relationship Is Formed Through This Website

Visiting this website, reading content, or contacting me through a form or email does not create a therapeutic relationship.

A therapeutic relationship begins only after:

  • We both agree to work together

  • You complete the intake process

  • All required documents are signed

  • A clinical record is created in my HIPAA‑compliant EHR

This protects both of us and ensures your information is handled appropriately.

2. What Information This Website Collects — and Why

This website collects only the information needed to function well and respond to you if you reach out.

A. Information you intentionally share

If you fill out a form, request a consultation, or send an email, I receive:

  • Your name

  • Your email address

  • Any message you choose to include

Why this matters: I use this information only to respond to you. I do not store it long‑term, add you to marketing lists, or share it with anyone outside the systems needed to run the practice.

B. How I handle unsolicited or sensitive information

Sometimes people share more than they intend in a contact form or email.

If you choose to share personal or sensitive information through this website, I will treat it with respect and confidentiality — but it will not be added to your clinical record unless you become a client and we discuss it in session.

C. Information collected automatically

Like most websites, this site collects basic, non‑identifying information such as:

  • Browser type

  • Device type

  • Pages visited

  • Time spent on the site

  • General location (non‑identifying)

This helps me understand how the website is being used so I can improve it. It does not identify you personally.

D. Cookies & analytics (if enabled)

If I enable analytics in the future, the site may use cookies to track anonymous usage patterns.

What I will NOT do:

  • I do not use advertising trackers

  • I do not use retargeting pixels

  • I do not sell or share data with advertisers

If analytics are ever enabled, this policy will be updated.

3. What This Website Does Not Collect

This website does not collect:

  • Clinical information

  • Insurance information

  • Payment information

  • PHI (Protected Health Information)

  • Social Security numbers

  • Sensitive personal identifiers

Your clinical information is protected by HIPAA and is only collected inside my secure EHR, Sessions Health — never through this website.

4. Email Is Not Secure for PHI

Email is not a secure method for sharing personal or clinical information.

Please do not send sensitive or health‑related details through email or website forms. Clinical information is only collected and stored in my HIPAA‑compliant EHR.

5. No Emergency Communication

This website and email are not monitored for emergency or crisis communication.

If you are in crisis or immediate danger, call 988, 911, or go to your nearest emergency room.

6. How Your Information Is Used

Any information you share through this website is used only to:

  • Respond to your inquiry

  • Schedule a consultation

  • Improve the website’s functionality

  • Maintain security

What I will NOT do:

  • I will not sell your information

  • I will not share your information with advertisers

  • I will not use your information for marketing without your consent

  • I will not use your information for automated decision‑making

7. Third‑Party Services That Support This Practice

To run a secure and functional practice, I use trusted third‑party services:

  • Squarespace — website hosting

  • Google Workspace — business email

  • Sessions Health — HIPAA‑compliant EHR

  • Optional analytics tools — if enabled in the future

These services may process limited information on my behalf, but they do not have permission to use your information for their own purposes.

8. HIPAA & Clinical Privacy (What Happens Once You Become a Client)

Once you become a client, your information is protected by:

  • HIPAA Privacy Rule

  • HIPAA Security Rule

  • RCW 70.02

  • WAC 246‑809

  • AAMFT/WAMFT ethical standards

All clinical information is stored in Sessions Health, a secure, encrypted, HIPAA‑compliant EHR.

Your full clinical rights are explained in your HIPAA Notice of Privacy Practices (NPP), which you receive during intake.

9. Data Security (How Your Information Is Protected)

I use:

  • Encrypted transmission

  • Secure servers

  • Password‑protected systems

  • Limited access controls

If a data breach ever occurs, I will notify affected individuals as required by RCW 19.255.

10. Data Retention & Destruction

  • Website form submissions are kept only as long as needed to respond.

  • Analytics data (if enabled) is anonymized.

  • Clinical records are retained for a minimum of 5 years per Washington law.

  • Data is securely destroyed when no longer needed.

11. Children’s Online Privacy

This website is not intended for children under 13. I do not knowingly collect information from minors without parental consent. Parents may request deletion of any inadvertently collected information.

12. Consultation Boundaries

Requesting a consultation does not create a therapeutic relationship. Consultations are informational and are not a guarantee of ongoing services.

13. Social Media Boundaries

I do not use social media messaging for clinical communication. If you contact me through social media, I will not respond there and will redirect you to email or my secure EHR.

14. Your Rights

You may request:

  • Access to your website‑submitted information

  • Correction of inaccurate information

  • Deletion of non‑clinical website data

Clinical rights are governed by your HIPAA NPP.

15. Business Identity Disclosure

West Oak Therapy & Consultation PLLC is a Washington‑registered Professional Limited Liability Company. This website is operated solely by Jennifer Weinmann, LMFT.

16. Contact for Privacy Concerns

If you have questions or concerns about this policy, you can contact me directly:

Email: jen@westoaktherapy.com

17. Changes to This Policy

This policy may be updated periodically. The effective date will be revised when changes occur. Continued use of the website indicates acceptance of updated terms.

Summary

  • I collect only the information you choose to share.

  • I don’t sell or share your information.

  • Clinical information is protected by HIPAA and Washington law.

  • You can request access or corrections anytime.

  • This policy applies to the website, not therapy services.