Legal

Privacy Policy

How we collect, use, share, and protect the information you provide through this website.

Website privacy — not clinical privacy. This Privacy Policy applies only to information collected through this website (mindfulsolutionstherapynv.com). It is separate from our HIPAA Notice of Privacy Practices, which governs how your Protected Health Information (PHI) is used and disclosed inside the therapy relationship. If you become a client, you will receive and acknowledge the Notice of Privacy Practices (NPP) at your first session. See the HIPAA Notice of Privacy Practices for clinical privacy.

Effective date: April 12, 2026  ·  Last updated: April 12, 2026  ·  Version: 1.0

1. Summary (Plain Language)

We are a small, solo therapy practice. We only collect what you send us through the contact form or by email, plus a small amount of standard technical data (like your IP address) that our hosting provider sees whenever anyone loads a web page. We do not sell your information. We do not run advertising trackers. We do not share your information with marketers. We use it only to reply to your question or schedule a session. Once the matter is resolved, we keep the record for a short, reasonable time and then delete it. You can ask us to delete your data at any time by emailing Mindfulsolutionstherapy33@gmail.com.

2. Who We Are (Data Controller)

This website is operated by Mindful Solutions Therapy LLC, a Nevada limited liability company owned and operated by Robyn Mendiola, LCSW, MSW (Nevada License #6452-C, licensed since 2012). Our office is located at 2620 Regatta Drive, Suite 102, Las Vegas, NV 89128. In this policy, "we," "us," and "our" refer to Mindful Solutions Therapy LLC. "You" refers to the visitor or user of this website.

For the purposes of the General Data Protection Regulation (GDPR), Mindful Solutions Therapy LLC is the data controller of information collected through this website.

3. Legal Frameworks That Apply

Depending on where you live, one or more of the following laws may give you rights over the information we collect:

  • California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA) — for California residents. See Section 10.
  • Nevada Senate Bill 220 (codified in NRS 603A) — for Nevada residents. See Section 11.
  • EU General Data Protection Regulation (GDPR) and UK GDPR — for visitors in the European Economic Area, the United Kingdom, and Switzerland. See Section 12.
  • Health Insurance Portability and Accountability Act (HIPAA) — HIPAA applies to clinical protected health information (PHI) handled inside the therapy relationship. HIPAA does not cover general website contact-form submissions sent by people who are not yet clients. See Section 8 and our Notice of Privacy Practices for HIPAA coverage.

4. Information We Collect

We collect only the information you voluntarily provide, plus limited technical data your browser sends to our hosting provider.

4.1 Information you send us through the contact form

Our contact form (on /contact) collects:

  • First name and last name (required)
  • Email address (required)
  • Phone number (optional)
  • Interest area (optional dropdown — for example, "Trauma / EMDR," "Couples")
  • Session preference (optional dropdown — in-person, telehealth, or either)
  • Message (optional free-text field, up to 2,000 characters)
  • PHI acknowledgment (a required checkbox named phiAcknowledge confirming you have read and understood that the form is not a HIPAA-secure channel; we record the fact that the box was checked at submission)
  • Hidden technical fields processed by our form vendor FormSubmit.co: _next (thank-you redirect URL), _subject (email subject line), _captcha (spam-check flag), _template (email layout), and _honey (an anti-spam honeypot that is always empty for real humans)
4.2 Information you send us by direct email

If you email us at Mindfulsolutionstherapy33@gmail.com, we receive whatever you include: your email address, your name if shown, and the full content and any attachments. Gmail stores that message on Google's servers under Google's terms.

4.3 Technical / server data

The site is hosted on Cloudflare Pages. Like every website on the internet, Cloudflare's edge servers automatically record a request log each time any page, image, or script is requested. That log typically includes:

  • Your IP address
  • Your browser user-agent string (browser, OS, device type)
  • The page requested and HTTP status code
  • The referring URL (if any)
  • A timestamp

We do not download or store these logs ourselves. Cloudflare retains this information according to its own retention schedule (typically around 30 days for standard access logs). See the Cloudflare Privacy Policy.

4.4 Cookies and browser storage

This website currently uses essential cookies and local-storage items only. We do not run Google Analytics, Meta Pixel, or any advertising tracker at this time. Specifically, your browser may store:

  • cookieConsent — a small JSON object in localStorage recording your cookie-consent choice (Accept / Manage / Reject), the version of the banner you saw, and a timestamp. This is stored on your device only; it is not sent to us. It exists so we do not re-ask every page load.
  • Session / state flags used by the site's own scripts (for example, a one-time dismiss flag for the mobile call-to-action bar).

If we ever add analytics (such as Google Analytics 4 or Microsoft Clarity) or any advertising pixel, we will update this policy before activating it and will require opt-in consent through the cookie banner for non-essential categories.

4.5 Information we do NOT collect
  • We do not collect Social Security numbers, government IDs, insurance IDs, or dates of birth through this website.
  • We do not collect payment-card information through this website; billing is handled by Alma (helloalma.com) under its own policies.
  • We do not collect precise geolocation data.
  • We do not use fingerprinting or cross-site tracking scripts.
  • We do not knowingly collect information from children under 13.

5. How We Use Your Information

We use the information you submit for the following limited purposes:

  • To respond to your inquiry and answer your questions.
  • To schedule a consultation or first session.
  • To follow up on a previous conversation or scheduling request.
  • To prevent spam, abuse, and fraud (for example, the honeypot field and captcha).
  • To comply with legal obligations and respond to lawful requests.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your contact-form data for advertising targeting. We do not run automated profiling or automated decision-making with legal effect.

6. Third-Party Services (Who Else Touches Your Data)

To run a working website, we use a small number of third-party services. Each has its own privacy practices, which we encourage you to review. We have chosen vendors that limit data use to providing the service we signed up for.

  • Cloudflare (hosting, DNS, edge cache, access logs) — receives every HTTP request to this site, including IP, user-agent, and path. Privacy policy.
  • FormSubmit.co (contact-form processor) — receives the full content of any contact form you submit (name, email, phone, interest, session preference, message, PHI acknowledgment value) and forwards it to our Gmail inbox. Website.
  • Google Gmail (our inbox) — stores forwarded form submissions and any direct emails. Google Privacy Policy.
  • Google Fonts (typography) — serves web-font files. Google's font CDN logs IP addresses when fonts are requested. Privacy policy.
  • Google Maps (embedded map iframe on the Contact page) — when the map iframe loads, Google receives your IP and may set its own cookies under its own terms. Privacy policy.
  • rss2json.com (blog feed reader) — when you load our Blog page, your browser calls rss2json to convert Robyn's Substack RSS feed into JSON. rss2json sees your IP and the feed URL. Website.
  • jsDelivr CDN (serves the DOMPurify JavaScript library used to sanitize blog content) — sees your IP when the script loads. Privacy policy.
  • Substack (source of Robyn's blog posts) — if you click through to a Substack article, Substack's own cookies and policies apply. Privacy policy.
  • Alma (helloalma.com) (scheduling, insurance, billing) — we link to Alma for scheduling. We do not pass any data from this site to Alma. If you click through and create an Alma account, Alma's own privacy policy and HIPAA Business Associate Agreement govern that relationship. Privacy policy.
  • Google Analytics 4 (site usage analytics, measurement ID G-P8241T67E3) — loads only after you accept the Analytics cookie category. Collects anonymized page views, referrer, device type, approximate geographic region (country / state level), session duration. IP addresses are anonymized (truncated) before Google stores them. On pages that discuss specific conditions or modalities (Services, FAQ, Blog, Resources), we actively scrub the page title before sending so that condition names never reach Google's servers. We do not enable Google Signals, demographics, advertising personalization, or cross-device tracking. Privacy policy.
  • Microsoft Clarity (user-experience insights, project ID wb6j7qucse) — loads only after you accept the Analytics cookie category, and only on non-clinical pages (Home, About, Contact, Privacy, Terms, Accessibility, 404). Clarity records anonymized session replays and heatmaps so we can see where the site is confusing. Clarity is disabled entirely on Services, FAQ, Blog, and Resources pages so no session recording ever captures therapy-content browsing. Clarity masks form inputs by default. Privacy statement.

Global Privacy Control (GPC): if your browser sends the GPC signal (e.g. Firefox with GPC enabled, DuckDuckGo browser, or certain privacy extensions), we automatically treat it as an opt-out from Analytics and Marketing cookies, even if you previously accepted them. No action needed on your part.

We do not control, and are not responsible for, the privacy practices of these third parties beyond selecting reputable providers.

7. How Long We Keep Your Information

We keep information only as long as we reasonably need it:

  • Contact-form submissions and related emails: kept until your inquiry is resolved, plus up to 12 months as a buffer for follow-up questions or a reasonable statute-of-limitations window. After that we delete or archive.
  • Server access logs (Cloudflare): retained by Cloudflare according to its default schedule (typically around 30 days). We do not extend this.
  • Cookies and local-storage items: stay on your device until you clear your browser storage, revoke consent through the cookie banner, or they expire.
  • Clinical records (for actual therapy clients) are kept separately under our clinical records policy, per Nevada law and our professional licensure requirements, as described in the Notice of Privacy Practices. That retention is longer than website data and governed by different rules.
  • We may keep information longer where required by law, to resolve disputes, to enforce agreements, or to defend against legal claims.

8. Security (And Honest Limits of Email/Forms)

We take reasonable steps to safeguard information submitted through this website. The site is served over HTTPS/TLS, and we have chosen vendors that support encryption in transit. However, no method of transmitting or storing data over the internet is 100% secure.

Important — the contact form is NOT HIPAA-secure. Contact-form submissions travel through FormSubmit.co and land in a standard Gmail inbox. That pipeline does not meet HIPAA's end-to-end encryption and Business Associate Agreement requirements for Protected Health Information. Please do not include diagnoses, medication lists, detailed trauma history, or other sensitive clinical details in the contact form or in unencrypted email. When you check the PHI acknowledgment checkbox on the contact form, you are confirming that you understand this limitation. If you need a HIPAA-secure channel, call us at (725) 290-3009 or wait until your first session, where clinical communications are protected under HIPAA.

9. Children's Privacy

This website is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. We also do not provide therapy services to children; our practice serves adults (18+). If you believe a minor has submitted information through this site, please contact us at Mindfulsolutionstherapy33@gmail.com and we will delete it promptly.

10. Your Rights Under California Law (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories and specific pieces of personal information we collect about you, where we got it, why we collect it, and who we share it with.
  • Delete personal information we have collected from you (subject to legal exceptions, such as records we must keep to comply with law).
  • Correct inaccurate personal information we hold about you.
  • Opt out of "sale" or "sharing" of your personal information as those terms are defined by the CCPA. We do not sell or share personal information.
  • Limit use of sensitive personal information. We do not use sensitive personal information for any purpose beyond what is strictly necessary.
  • Non-discrimination — we will not deny you service, charge you a different price, or provide a different level of service because you exercised a CCPA right.

How to exercise these rights: email Mindfulsolutionstherapy33@gmail.com with the subject line "California Privacy Request," or call (725) 290-3009. We may need to verify your identity (for example, by confirming details in your prior submission) before we act on a request. We will respond within 45 days, with a possible 45-day extension if reasonably needed. You may also designate an authorized agent to make a request on your behalf with written permission.

11. Your Rights Under Nevada Law (SB 220 / NRS 603A)

Nevada residents have the right to submit a verified request directing us not to make any sale of covered personal information that we have collected or will collect about them. We do not sell covered personal information as defined by NRS 603A. To submit a "do not sell" request, or any privacy request under Nevada law, email Mindfulsolutionstherapy33@gmail.com with the subject line "Nevada Privacy Request." We will respond within the 60-day window required by law.

12. Your Rights Under GDPR (EU / UK / EEA Visitors)

If you access this website from the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR and UK GDPR, including:

  • The right to access the personal data we hold about you.
  • The right to rectification of inaccurate data.
  • The right to erasure ("right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing based on legitimate interests.
  • The right to withdraw consent at any time, where processing is based on consent.
  • The right to lodge a complaint with your local data protection authority.

Our legal bases for processing are: (a) your consent when you submit the contact form or email us; and (b) our legitimate interest in responding to your inquiry, keeping the site secure, and preventing abuse. We do not use data for automated decision-making with legal effect, and we do not transfer personal data outside of its country of origin except through standard, reputable U.S. vendors (our hosting and email providers) who follow industry-standard safeguards. Exercise any GDPR right by emailing Mindfulsolutionstherapy33@gmail.com.

13. Third-Party Links

This site contains links to third-party websites (for example, the Resources page, Alma for scheduling, and external articles from Robyn's blog feed). We are not responsible for the privacy practices or content of those sites. Please review their policies before providing any information.

14. "Do Not Track" Signals

Some browsers send a "Do Not Track" (DNT) or Global Privacy Control (GPC) signal. Because we do not currently run any advertising trackers or cross-site analytics, there is nothing to turn off based on these signals. If we ever add such trackers, we will honor valid GPC signals as an opt-out under California law.

15. How to Contact Us About Privacy

To exercise any of the rights described above, or to ask a question about this policy, contact us:

Mindful Solutions Therapy LLC
Attn: Privacy Request
2620 Regatta Drive, Suite 102
Las Vegas, NV 89128
Email: Mindfulsolutionstherapy33@gmail.com
Phone: (725) 290-3009

We will respond to verified requests within the time frames required by applicable law (typically 45 days under CCPA, 60 days under Nevada SB 220, 30 days under GDPR).

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new services, or legal requirements. When we do, we will revise the "Last updated" date at the top of this page and increment the version number. If we make a material change (for example, beginning to use analytics cookies or sharing data with a new category of vendor), we will post a prominent notice on the site and, where required, obtain your consent before the change takes effect.

For clinical privacy (how your PHI is used and disclosed inside therapy), see the HIPAA Notice of Privacy Practices, which is also provided to you at your first session. See our Terms of Use and Accessibility Statement for other site policies.
📅 Schedule Free Consultation