Privacy Policy

Effective Date: March 1, 2025  |  Last Updated: March 1, 2025

1. Information We Collect

1.1 Information You Provide Directly

When you use our contact forms, intake request form, provider referral form, or newsletter subscription, we may collect:

• Your name and the name of the child or patient you are inquiring about
• Email address, phone number, and mailing address
• Missouri county of residence
• Child's age range and, if applicable, diagnosis or ICD-10 code
• Insurance carrier and coverage information
• Preferred service type (in-home, center-based, telehealth)
• Clinical notes or reason for referral (provider referrals)
• How you heard about us
• Any other information you voluntarily include in a message or form field

1.2 Information Collected Automatically

When you visit our Site, certain information is collected automatically by our analytics provider (Google Analytics). This may include:

• IP address (anonymized)
• Browser type and version
• Device type and operating system
• Pages visited and time spent on each page
• Referring URL (how you arrived at our Site)
• General geographic region (city/state level, not precise location)

We do not collect precise geolocation data. See Section 6 for details on Google Analytics.

1.3 Information We Do Not Collect Through This Site

Our public website does not collect, store, or transmit formal Protected Health Information (PHI) as defined under HIPAA. Clinical and treatment records are maintained in separate, HIPAA-compliant systems used directly with active clients and their authorized caregivers. See Section 4 for more on HIPAA.

2. How We Use Your Information

We use the information we collect to:

• Respond to intake requests, provider referrals, and general inquiries
• Contact you regarding your interest in Archways ABA services
• Verify insurance eligibility and coordinate the onboarding process
• Send the newsletter you requested (you may unsubscribe at any time)
• Improve the content, functionality, and user experience of our Site
• Monitor and analyze Site traffic and usage patterns (via Google Analytics)
• Prevent fraud and ensure the security of our Site
• Comply with applicable law, regulations, and legal process

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following limited circumstances:

3.1 Service Providers

We work with a small number of trusted third-party service providers who process data on our behalf, including:

• Formspree — processes form submissions on our behalf (see Section 7)
• Google LLC — provides website analytics (see Section 6)
• Web hosting and content delivery providers

These providers are contractually bound to protect your information and may only use it to perform services for us.

3.2 Legal Obligations

We may disclose your information if required to do so by law, court order, subpoena, or government authority, or if we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or enforce our legal rights.

3.3 Business Transfers

If Archways ABA is acquired by or merged with another entity, your information may be transferred as part of that transaction. We will notify you via a prominent notice on our Site if this occurs and your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for any other purpose with your explicit prior consent.

4. HIPAA Notice

Nonetheless, inquiry forms submitted through our Site may contain health-related information (such as a diagnosis or insurance carrier). We treat all such information with the same level of care and discretion required under HIPAA, including:

• Limiting access to intake information to authorized staff only
• Using secure, encrypted connections (HTTPS) for all data transmission
• Not using health-related inquiry information for marketing purposes without consent
• Retaining inquiry records only as long as necessary for their original purpose

For questions about your rights under HIPAA with respect to your active treatment records, please contact our Privacy Officer at info@archwaysaba.com.

5. COPPA — Children's Privacy

Archways ABA provides services to children; however, our website is directed at parents, guardians, and healthcare providers — not at children themselves.

We do not knowingly collect personal information directly from children under the age of 13. All information submitted through our intake and referral forms must be provided by a parent, legal guardian, or licensed healthcare professional acting on behalf of a patient.

If you believe we have inadvertently collected personal information from a child under 13 without verifiable parental consent, please contact us immediately at info@archwaysaba.com and we will delete such information promptly.

This policy is consistent with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC's COPPA Rule, 16 C.F.R. Part 312.

6. Google Analytics

Our Site uses Google Analytics 4 (GA4), a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies and similar tracking technologies to collect and report aggregate, anonymized information about how visitors use our Site.

What Google Analytics Collects

• Pages visited, click paths, and session duration
• General device and browser information
• Approximate geographic region (not precise location)
• Traffic source (e.g., organic search, direct, referral)

IP Anonymization

We have configured Google Analytics with IP anonymization enabled, meaning the last octet of your IP address is masked before any data is stored. We do not use the advertising or demographic features of Google Analytics.

Opting Out

You may opt out of Google Analytics tracking by:

• Installing the Google Analytics Opt-out Browser Add-on
• Enabling "Do Not Track" signals in your browser (note: not all sites honor this signal)
• Using a browser extension that blocks analytics scripts

Google's privacy policy is available at policies.google.com/privacy.

7. Formspree — Contact Forms

Our contact, intake, and provider referral forms are processed by Formspree, Inc., a third-party form submission service. When you submit a form on our Site, your submission data is transmitted to Formspree's servers and then forwarded to our team.

Formspree may store submitted data temporarily on its servers in accordance with its own privacy policy, available at formspree.io/legal/privacy-policy. We have a data processing agreement with Formspree governing its handling of any personal data submitted through our forms.

We use a honeypot field on all forms to detect and discard automated spam submissions. This field is invisible to human users and captures no personal information.

8. Cookies and Tracking Technologies

Our Site uses the following types of cookies and similar technologies:

Strictly Necessary Cookies

These cookies are required for the Site to function and cannot be disabled. They do not store personally identifiable information and are typically set in response to user actions such as submitting a form.

Analytics Cookies

Set by Google Analytics to collect aggregate, anonymized data about how visitors use our Site. These cookies help us understand which pages are most popular and where visitors come from, allowing us to improve our content.

Key analytics cookies include:

• _ga — Distinguishes unique users. Expires after 2 years.
• _ga_[ID] — Maintains session state. Expires after 2 years.

Managing Cookies

Most web browsers allow you to control cookies through browser settings. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Note that disabling certain cookies may affect the functionality of our Site. For more information on managing cookies, visit allaboutcookies.org.

9. Data Retention

We retain the information you submit through our contact and intake forms for as long as necessary to respond to your inquiry and fulfill the purpose for which it was collected, or as required by applicable law.

• Intake and referral inquiries — Retained for up to 3 years or until the inquiry is resolved, whichever is later.
• Newsletter subscriptions — Retained until you unsubscribe.
• Google Analytics data — Retained for 14 months in accordance with our GA4 data retention settings.

Records related to active clients are governed by our HIPAA policies and applicable Missouri state law, which may require longer retention periods for medical records.

10. Security

We take the security of your information seriously and implement a variety of technical and administrative measures to protect it, including:

• TLS/SSL encryption for all data transmitted between your browser and our Site (HTTPS)
• Restricting access to personal information to authorized employees and contractors only
• Using reputable third-party service providers with their own security certifications
• Regularly reviewing and updating our security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially reasonable means, we cannot guarantee its absolute security. If you believe your information has been compromised, please contact us immediately.

11. Third-Party Links

Our Site may contain links to external websites, including provider directories, insurance company portals, and professional resources. These third-party sites have their own privacy policies, and we have no responsibility or liability for their content, practices, or policies. We encourage you to review the privacy policy of any third-party site you visit.

12. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

Access and Correction

You may request access to the personal information we hold about you and ask us to correct any inaccuracies. To make such a request, contact us at info@archwaysaba.com.

Deletion

You may request that we delete personal information we have collected from you, subject to certain exceptions (such as legal obligations or active client records). We will respond to deletion requests within 30 days.

Opt-Out of Marketing

You may opt out of marketing or newsletter emails at any time by clicking the "unsubscribe" link in any email we send or by contacting us directly. We will process your request within 10 business days.

Do Not Sell My Information

We do not sell personal information. We have not sold personal information in the past 12 months, and we do not intend to do so in the future.

HIPAA Rights

If you are an active client or the parent/guardian of an active client, you have specific rights under HIPAA with respect to your Protected Health Information, including the right to access, amend, and receive an accounting of disclosures. These rights are described in the Notice of Privacy Practices provided to you at intake.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically to stay informed about how we protect your information.

Your continued use of the Site after any changes to this Policy constitutes your acceptance of the updated terms.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Archways ABA, LLC
Privacy Officer
info@archwaysaba.com
(XXX) XXX-XXXX
Missouri, United States

We will respond to all privacy-related requests within 30 days of receipt.