Waves of Change Privacy Policy

1. Important Legal Separation of Services

Waves of Change Collective operates as an integrated ecosystem providing two distinct types of services. The data collected for each is handled according to different legal standards:

  • Virtual Clinical Care (Mental Health Counseling): Protected Health Information (PHI) collected during clinical therapy services is strictly governed by the Health Insurance Portability and Accountability Act (HIPAA), state licensing boards, and federal privacy regulations. Clinical records are maintained in a secure, separate, and fully encrypted Electronic Health Record (EHR) system.

  • Somatic Wellness & Community (Studio Offerings): Information collected for yoga classes, sound baths, Common Ground circles, workshops, or studio rentals is managed as standard business and e-commerce data and is governed by general consumer privacy laws.

2. Information We Collect

A. Personal Information You Provide Voluntarily

We collect information that you personally provide to us when registering for a class, booking an appointment, filling out a contact form, or signing up for a newsletter. This may include:

  • Identity Data: First name, last name, date of birth.

  • Contact Data: Email address, phone number, billing address.

  • Account & Booking Data: Usernames, passwords, and scheduling histories managed through our third-party scheduling platforms (such as Arketa or our clinical EHR).

  • Clinical Intake Data: For counseling clients, this includes medical histories, intake assessments, insurance details, and clinical notes securely uploaded to our encrypted EHR portal.

B. Information Collected Automatically

When you navigate our website, we may automatically collect certain technical information via cookies, pixels, and tracking technologies, including:

  • Your IP address, browser type, and operating system.

  • Pages viewed, time spent on pages, and links clicked.

  • Device type (mobile, desktop, tablet) and general location data.

3. How We Use Your Information

We use the data we collect to provide a seamless, secure experience. Specifically, we use your data to:

  • Schedule, manage, and deliver virtual telehealth therapy sessions.

  • Process registrations, check-ins, and payments for studio classes and community events.

  • Send transaction receipts, appointment reminders, and automated class notifications.

  • Send marketing communications, updates about the collective, or promotional offers (only if you have explicitly opted in; you may opt out at any time).

  • Improve website performance, local search engine visibility, and user experience.

  • Maintain the safety, security, and ethical integrity of our community and digital spaces.

4. How We Share and Disclose Information

We do NOT sell, rent, or trade your personal information to third parties. We only share your data under the following strict conditions:

  • Third-Party Service Providers: We share non-clinical data with trusted software platforms that help us operate our business. This includes website hosting (Squarespace), scheduling and marketing automation (Arketa), payment processing (Stripe/Wave Financial), and communication tools. These providers are contractually obligated to keep your data secure.

  • Legal & Ethical Obligations (Clinical Limits to Confidentiality): For clinical counseling clients, communication with your therapist is strictly confidential. However, by law, confidentiality must be broken if there is a clear intent to harm yourself or someone else, suspicion of abuse or neglect of a child or vulnerable adult, or a formal court order/subpoena.

  • Business Operations: We may share non-clinical, aggregated data internally among collective practitioners to coordinate general studio programming and scheduling.

5. Data Security

We implement robust technical and organizational security measures to protect your data. Clinical portals utilize bank-grade encryption, secure login credentials, and are fully HIPAA-compliant. For studio and website transactions, we use secure socket layer (SSL) technology and encrypted payment gateways to ensure your financial details are protected.

Please note that while we take every reasonable precaution, no method of transmission over the internet or electronic storage is 100% secure.

6. Your Rights and Choices

Depending on your location and relationship with the collective, you have the right to:

  • Access, update, or correct the personal data we hold about you.

  • Request the deletion of your non-clinical account data, subject to legal or financial retention requirements.

  • Opt out of receiving marketing emails by clicking the "unsubscribe" link at the bottom of any email communication.

  • For clinical clients, inspect and request copies of your medical and billing records as outlined in your initial clinical disclosure and HIPAA notice.

7. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, technology, or legal requirements. Any changes will be posted directly to this page with an updated "Effective Date." We encourage you to review this policy periodically.

8. Intellectual Property & Website Use Disclaimer

All content, logos, graphics, design elements, and copy displayed on this website are the exclusive property of Waves of Change Collective and are protected by copyright laws; they may not be reproduced, copied, or redistributed without our express written permission. Additionally, the informational content provided on this website—including blog posts, event descriptions, and general text—is for educational and wellness purposes only. It does not constitute medical or clinical mental health advice, and interacting with this website does not establish a therapist-client relationship.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please reach out to us at: