PRIVACY NOTICE
Last updated July 17, 2026
This Privacy Notice for Eastside EMDR PLLC (doing business as Eastside EMDR Therapy) ("we," "us," or "our") describes how and why we may access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
Visit our website at https://www.eastsideemdrtherapy.com, or any website of ours that links to this Privacy Notice
Use Eastside EMDR Therapy. Eastside EMDR Therapy is a mental health counseling practice operated by Angelica De Anda, LMHC, an EMDRIA Certified EMDR Therapist based in Kirkland, Washington. The practice provides individual psychotherapy services, including EMDR (Eye Movement Desensitization and Reprocessing) therapy and EMDR Intensives, for individuals experiencing anxiety, stress, burnout, and trauma. Services are offered in-person in Kirkland, WA, and virtually to clients throughout Washington State. Eastside EMDR Therapy also offers clinical consultation and supervision services for other mental health therapists. Through our website, visitors can learn about our services, schedule a free consultation, and access our secure client portal for booking and account management.
Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@eastsideemdrtherapy.com.
HIPAA Notice of Privacy Practices
As a mental health provider, we are also required by federal law (HIPAA) to maintain a separate Notice of Privacy Practices, which explains in detail how we may use and disclose your protected health information (PHI) for treatment, payment, and healthcare operations, and describes your specific rights regarding your health records. This Privacy Notice addresses our website and general data practices; our HIPAA Notice of Privacy Practices governs your clinical/therapy records specifically. You can view it on our HIPAA Disclosure page, linked in the footer of our website.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice — you can find full details on any topic in the numbered sections below.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us, the choices you make, and the features you use.
Do we process any sensitive personal information? Yes. Given the nature of our practice, we process health data and, where voluntarily shared, information such as racial or ethnic origin, sex life or sexual orientation, and religious or philosophical beliefs. We process this information only with your consent or as otherwise permitted by applicable law.
Do we collect any information from third parties? We may collect limited information from public databases and other outside sources.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security purposes, and to comply with law.
In what situations and with which parties do we share personal information? We share information only with specific service providers necessary to operate our practice — never for sale or third-party advertising. See Section 4 below.
How do we keep your information safe? We use reasonable organizational and technical safeguards, though no method of transmission or storage is 100% secure.
What are your rights? Depending on where you live, you may have rights to access, correct, or delete your personal information.
How do you exercise your rights? Contact us using the details in Section 15, or submit a data subject access request.
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our Services, participate in activities on the Services, or otherwise contact us.
Personal Information Provided by You. The personal information we collect may include:
names
phone numbers
email addresses
mailing addresses
job titles
usernames
passwords
contact preferences
billing addresses
debit/credit card numbers
health insurance information
emergency contact information
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
health data
data about a person's sex life or sexual orientation
information revealing race or ethnic origin
information revealing religious or philosophical beliefs
Payment Data. We may collect data necessary to process your payment, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe, including payments processed directly through us and payments processed through our client portal, Jane App, which also uses Stripe as its payment processor. You may find Stripe's privacy notice here:
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such information.
Information automatically collected
In Short: Some information — such as your IP address and browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, referring URLs, and general location. This information is primarily needed to maintain the security and operation of our Services and for internal analytics.
Log and Usage Data. Service-related, diagnostic, and performance information our servers automatically collect, such as your IP address, browser type, and activity on the Services.
Device Data. Information about the computer, phone, or tablet you use to access our Services, including hardware model and operating system.
Location Data. General, imprecise location data (based on IP address). You may opt out by disabling location sharing on your device, though this may limit certain features.
Information collected from other sources
In Short: We may collect limited data from public databases and other outside sources.
In order to enhance our ability to provide relevant information and services and to update our records, we may obtain limited information about you from other sources, such as public databases and professional directories.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security purposes, and to comply with law.
To deliver and facilitate delivery of the services you request, including scheduling and conducting therapy or consultation sessions.
To respond to your inquiries and offer support.
To send you administrative information, such as appointment reminders, changes to our terms or policies, and similar communications.
To enable secure communication between you and our practice through our client portal or messaging platforms.
To save or protect an individual's vital interest, such as to prevent harm.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we have a valid legal reason to do so, such as your consent, to fulfill a contract, to comply with law, or to protect vital interests.
If you are located in the EU or UK, we rely on the following legal bases: Consent, Performance of a Contract, Legal Obligations, and Vital Interests. You may withdraw consent at any time (see Section 15 for contact details).
If you are located in Canada, we may process your information with your express or implied consent, or in limited circumstances permitted by law without consent (e.g., fraud prevention, legal compliance).
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We share information only with the service providers necessary to operate our practice and deliver services to you.
We may share your data with the following third-party vendors, who perform services on our behalf and are contractually restricted from using your information for their own independent purposes:
Jane App — client portal, scheduling, and secure practice management records
Mentaya — insurance reimbursement/superbill processing, for clients who opt in
Spruce Health — HIPAA-compliant phone calls and secure messaging
Acuity Scheduling — used exclusively for scheduling professional consultation and supervision services (not used for client therapy appointments)
Squarespace — website hosting
Stripe — payment processing (used both directly by our practice and through Jane App, which also runs payments via Stripe)
We may also share your information in the following situations:
Business Transfers. In connection with a merger, sale of company assets, or acquisition of all or part of our practice.
Legal Obligations. Where we believe it is necessary to comply with law, cooperate with law enforcement or a regulatory agency, or protect the safety of you or others.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We use cookies to operate our website securely and, with your consent, to understand how visitors use our site.
We use cookies and similar tracking technologies to gather information when you interact with our Services. Some cookies are strictly necessary to operate our website and do not require your consent. Others — non-essential cookies used for analytics and site improvement — are restricted by default and will only be placed on your device if you provide consent.
When you visit our site, you'll see a cookie banner where you can:
Accept all cookies,
Manage cookies to customize your preferences, or
Decline all non-essential cookies.
We do not use cookies or tracking technologies for third-party advertising, ad targeting, or cross-site tracking. We do not currently use Google Analytics or similar third-party analytics services. If this changes, we will update this Privacy Notice accordingly.
Most web browsers accept cookies by default. You can usually set your browser to remove or reject cookies; doing so may affect certain features of our Services.
6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. Regardless of your location, your information may be transferred to, stored by, and processed by us and by the third parties listed in Section 4, including facilities in the United States and other countries. If you are located in the EEA, UK, or Switzerland, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless otherwise required by law.
We will only keep your personal information for as long as necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by law (such as recordkeeping requirements for mental health providers, or tax and accounting requirements). When we no longer have a legitimate need to process your information, we will delete or anonymize it, or, if that is not possible, securely isolate it from further processing until deletion is possible.
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the personal information we process, including working exclusively with HIPAA-compliant vendors for services involving protected health information. However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee absolute security. Transmission of personal information to and from our Services is at your own risk.
9. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit, or market to children under 18 years of age. By using the Services, you represent that you are at least 18, or that you are the parent or guardian of a minor and consent to that minor's use of the Services. If we learn that personal information from a user under 18 has been collected, we will take reasonable steps to promptly delete that data. If you become aware of any such data, please contact us at angelica@eastsideemdrtherapy.com.
10. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your state or region of residence, you have rights that give you greater access to and control over your personal information.
In some regions (the EEA, UK, Switzerland, and Canada), you have the right to access, correct, or erase your personal information, restrict or object to its processing, request data portability, and avoid being subject to solely automated decision-making that produces legal or similarly significant effects. You can exercise these rights by contacting us using the details in Section 15.
Withdrawing your consent: If we are relying on your consent to process your information, you may withdraw it at any time by contacting us. This will not affect the lawfulness of processing conducted before your withdrawal.
Opting out of marketing communications: You may unsubscribe at any time by clicking the unsubscribe link in our emails, replying "STOP" to text messages, or contacting us directly. We may still send you non-marketing, service-related communications.
Cookies: See Section 5 above for how to manage your cookie preferences.
11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most browsers include a Do-Not-Track ("DNT") feature. Because no uniform technical standard for recognizing DNT signals currently exists, we do not respond to DNT browser signals at this time.
Global Privacy Control: We recognize and honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request under applicable state privacy laws, including the CCPA, and apply it automatically.
12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of a state with a comprehensive privacy law (including California and Washington), you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain processing.
Washington My Health My Data Act
Because our practice involves health-related information, Washington residents have specific rights under the My Health My Data Act, including the right to confirm whether we process your health data, to access and delete that data, and to withdraw consent for its collection or sharing. We do not sell health data, and we do not use geofencing around healthcare facilities for advertising or tracking purposes.
Categories of Personal Information We Collect
Over the past twelve months, we have collected identifiers (name, contact information); personal information as defined under the California Customer Records statute; protected classification characteristics (where voluntarily provided); internet or network activity information; geolocation data (general, not precise); professional information (for consultation/supervision clients); and sensitive personal information, including health data.
Will your information be shared with anyone else?
We have not sold or shared your personal information with third parties for cross-context behavioral advertising or targeted advertising purposes in the preceding twelve (12) months, and we do not do so.
We have disclosed the following categories of personal information to our service providers (listed in Section 4) strictly to deliver our services to you — not in exchange for money or other valuable consideration, and not for the service providers' own independent use:
Category A: Identifiers (name, contact information)
Category C: Protected classifications (where voluntarily provided)
Category F: Internet/network activity (limited to website functionality)
Category G: Geolocation (general location only, not precise tracking)
Category I: Professional information (for consultation/supervision clients only)
Category L: Sensitive personal information, including health data (disclosed only to HIPAA-compliant service providers necessary to deliver therapy services)
These disclosures were made under written contracts that restrict our service providers from using this information for any purpose other than providing services to us.
Your Rights
Depending on your state of residence, your rights may include the right to know, access, correct, delete, and obtain a copy of your personal data; the right to non-discrimination for exercising your rights; and the right to opt out of the sale or sharing of personal data or its use for targeted advertising or profiling. Some states also provide the right to limit the use of sensitive personal data.
How to Exercise Your Rights
To exercise these rights, contact us by submitting a data subject access request, by emailing us at info@eastsideemdrtherapy.com, or by using the contact details in Section 15. We honor opt-out preferences signaled through Global Privacy Control (GPC).
California "Shine The Light" Law
California residents may request, once a year and free of charge, information about categories of personal information we disclosed to third parties for direct marketing purposes in the prior calendar year. To make such a request, contact us using the details in Section 15.
13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: You may have additional rights based on the country you reside in.
Australia and New Zealand: We process personal information under Australia's Privacy Act 1988 and/or New Zealand's Privacy Act 2020, as applicable. You may request access to or correction of your information, or file a complaint with the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.
Republic of South Africa: You may request access to or correction of your information at any time. If unsatisfied with our response, you may contact The Information Regulator (South Africa) at enquiries@inforegulator.org.za.
14. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by a revised "Last updated" date at the top of this notice. If we make material changes, we may notify you by prominently posting a notice or by direct notification. We encourage you to review this notice periodically.
15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may contact our Data Protection Officer by email at angelica@eastsideemdrtherapy.com, by phone at 425.386.7910, or by post at:
Eastside EMDR PLLC
Data Protection Officer
608 State St #100A
Kirkland, WA 98033
United States
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on applicable law in your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we've processed it, correction of inaccuracies, or deletion of your information. You may also have the right to withdraw your consent to our processing. These rights may be limited in some circumstances by applicable law. To make a request, please submit a data subject access request.
This Privacy Policy was created using Termly's Privacy Policy Generator and customized for Eastside EMDR Therapy.