Legal

Privacy Policy

Effective Date: April 26, 2026  ·  Last Updated: April 26, 2026

Bold Brown Mental Health Counseling PLLC, operating under the name Bold Brown Therapy ("we," "our," or "us"), is committed to protecting the privacy of everyone who visits our website at boldbrowntherapy.com (the "Site"). This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

This policy applies to information collected through this website only. It does not govern the collection or use of health information you share with us in the context of a therapeutic relationship, which is addressed separately in our Notice of Privacy Practices (provided at the start of treatment and available upon request).

1. Who We Are

Bold Brown Mental Health Counseling PLLC is a New York State licensed professional service limited liability company (DOS ID: 7882172) providing virtual therapy services to clients in New York and Pennsylvania. Our practice is owned and operated by Shruthi Nair, LMHC-D (NY License #017084), LPC (PA License #PC020013).

Our principal business address is 90 Broad Street, 2nd Floor, New York, NY 10004. You can reach us at shruthi@boldbrowntherapy.com or (201) 305-0733.

2. Information We Collect

We collect two types of information through this Site:

Information You Provide Directly

When you complete the contact form on our Site, you may submit your:

• Name
• Email address
• Phone number
• Any additional details you choose to include in your message

We collect only the information you voluntarily choose to provide. You are never required to share information you are not comfortable sharing.

Information Collected Automatically

When you visit our Site, certain technical and behavioral data is collected automatically through cookies and analytics tools, including:

• Your IP address (which may indicate your approximate geographic location)
• Browser type and version
• Device type and operating system
• Pages visited on our Site and time spent on each page
• Referring URLs (the website that brought you to ours)
• Date and time of your visit

This data is collected via Squarespace Analytics (our website platform's built-in analytics) and Google Analytics. See Section 5 for details on these third-party services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to your inquiry. When you submit the contact form, we use your name, email, and phone number to follow up with you about scheduling a free 15-minute consultation or answering your questions.
• To understand how our Site is used. Analytics data helps us identify which pages are most helpful, improve the content and structure of our Site, and better serve prospective clients.
• To maintain the security of our Site. Technical data such as IP addresses may be used to identify and address unauthorized access or other security issues.
• To comply with legal obligations. We retain certain records as required by applicable law or professional licensing standards.

We do not use your information for targeted advertising, and we do not sell, rent, or trade your personal information to any third party.

4. Cookies

Our Site uses cookies — small text files stored on your device — to enable website functionality and support analytics. The cookies placed on our Site are used by Squarespace (for website operation and analytics) and Google Analytics (for traffic and behavioral analytics). These cookies do not collect personally identifying information on their own; they collect aggregate, anonymized usage data.

You may control or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of certain features on our Site. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies (note: this may break some website features)
• Delete all cookies when you close your browser

You may also opt out of Google Analytics data collection by installing the Google Analytics Opt-Out Browser Add-On.

5. Third-Party Services

Our Site works with the following third-party services. Each operates under its own privacy policy, which we encourage you to review:

• Squarespace, Inc. — Our website hosting and analytics platform. Squarespace may collect site usage data on our behalf. See the Squarespace Privacy Policy.
• Google Analytics (Google LLC) — We use Google Analytics to understand how visitors interact with our Site. Google Analytics collects anonymized usage data using cookies. See Google's Privacy Policy and the Google Analytics Opt-Out Add-On.
• SimplePractice — If you click a link from our Site to our client portal or scheduling system, you will be directed to SimplePractice, a HIPAA-compliant practice management platform. Any information you provide within the SimplePractice portal is subject to their Privacy Policy and our HIPAA Notice of Privacy Practices.

We are not responsible for the privacy practices of these third-party platforms.

6. HIPAA and Federal Law

HIPAA — Protected Health Information

Bold Brown Mental Health Counseling PLLC is a HIPAA-covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA, 45 C.F.R. Parts 160 and 164). This means that any protected health information (PHI) you share with us once a therapeutic relationship has begun — such as your diagnosis, treatment notes, billing records, or appointment history — is governed by HIPAA and our separately provided Notice of Privacy Practices (NPP), not by this website Privacy Policy.

This website Privacy Policy governs only the general visitor data collected through this Site (contact form submissions, analytics, and cookies). Website visitors who have not yet established a therapeutic relationship with us are not clients, and the information submitted through our contact form is not PHI for HIPAA purposes.

HIPAA and Online Tracking Technologies

The U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) has issued guidance indicating that HIPAA-covered entities must carefully evaluate their use of online tracking technologies — such as Google Analytics — to ensure they do not result in the impermissible disclosure of PHI. We have reviewed our use of tracking tools on this Site in light of that guidance and take reasonable steps to limit data shared with third-party analytics providers. If you are an existing client and are concerned about the privacy of your visit to this Site, you may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On.

FTC Act

The Federal Trade Commission Act (15 U.S.C. § 45) prohibits unfair or deceptive acts or practices in commerce, including misrepresentations about how consumer health information is used or disclosed. This requirement applies to all businesses, including HIPAA-covered entities. This Privacy Policy accurately represents our actual data practices. We do not misrepresent how your information is collected, used, or shared, and we do not engage in deceptive or unfair data practices.

Children's Online Privacy Protection Act (COPPA)

This Site is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. This is consistent with COPPA (15 U.S.C. §§ 6501–6506). If you believe a child under 13 has submitted personal information through our Site, please contact us at shruthi@boldbrowntherapy.com and we will promptly delete that information.

7. Data Security

We take reasonable administrative, technical, and physical measures to protect the personal information you share with us from unauthorized access, disclosure, alteration, or destruction. These measures are consistent with the requirements of the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (N.Y. Gen. Bus. Law § 899-aa et seq., as amended December 2024) and Pennsylvania's Breach of Personal Information Notification Act (BPINA) (73 P.S. § 2301 et seq., as amended 2024).

While we work diligently to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and we encourage you to be thoughtful about the personal information you share through any online platform.

8. Data Breach Notification

In the event of a data breach that exposes your personal information, we will notify you in accordance with applicable law:

• HIPAA (federal — for PHI): If a breach involves unsecured protected health information (PHI) of current or former clients, we will notify affected individuals, the Secretary of the U.S. Department of Health and Human Services (HHS), and, where required, local media, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414). HIPAA requires such notification within 60 days of discovery of a breach.
• New York residents: We will notify affected individuals within 30 days of discovering a breach involving personal information, consistent with the NY SHIELD Act (N.Y. Gen. Bus. Law § 899-aa et seq., as amended December 2024). We will also notify the New York State Attorney General, Department of State, State Police, and Department of Financial Services as required.
• Pennsylvania residents: We will notify affected individuals without unreasonable delay (generally within 60 days), consistent with Pennsylvania's BPINA (73 P.S. § 2301 et seq., as amended 2024). If a breach affects more than 500 Pennsylvania residents, we will also notify the Pennsylvania Attorney General.

9. Links to Other Websites

Our Site may contain links to third-party websites, including but not limited to our client portal (SimplePractice), professional directories, and resources we recommend. Once you leave our Site, this Privacy Policy no longer applies. We are not responsible for the privacy practices or content of any external websites. We encourage you to review the privacy policy of any site you visit.

10. Retention of Information

We retain information collected through our contact form for as long as necessary to respond to your inquiry and for a reasonable period thereafter, consistent with our professional and legal obligations. Analytics data collected by Squarespace and Google Analytics is retained according to those platforms' respective data retention policies. You may request deletion of your personal information at any time by contacting us (see Section 12).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our Site after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

This Privacy Policy was last updated on April 26, 2026. It is provided for informational purposes and does not constitute legal advice. Bold Brown Mental Health Counseling PLLC recommends consulting with a licensed attorney for advice specific to your legal situation.