Close this search box.

Privacy Policy: Your Data Protection at Bay Area CBT Center

Last updated: 2023

This Privacy Policy applies to our website: operated by Bay Area CBT Center (“we,” “us,” or “our”). This Privacy Policy outlines how we collect, use, disclose, and manage the personal information of visitors, users, and clients (“you” or “your”) in connection with our website and services. Bay Area CBT Center is a psychotherapy clinic located in San Francisco, offering in-person and online evidence-based therapy. We also offer in-person and online trainings, workshops, and courses, CBT resources and tools, in-person and online retreats, webinars, and continuing education credits for psychologists. We are an S-corp organization and our NPI number is 1528728300.

This Privacy Policy outlines how we collect, use, disclose, and manage the personal information of visitors, users, and clients (“you” or “your”) in connection with our website and services.

  1. Information We Collect 

We highly value your privacy and are committed to safeguarding any information you provide. We want to assure you of our practices regarding the collection, use, and protection of your personal information.

The only information we utilize is the data you voluntarily provide us directly on our website. It’s important to note that we do not utilize any personal information submitted through our contact form to schedule an initial consultation at any point. We may use information that you fill out concerning website content, such as quizzes, online courses, trainings, subscriptions, groups, or workshops. Your personal information from the contact form is explicitly excluded from this usage.

In the event you book a free consultation with us, rest assured that none of your personal information is employed or accessed for any purpose whatsoever. Your information remains secure and untouched. Should you provide us with your email directly for the purposes mentioned above (e.g., quizzes, online courses, trainings, subscriptions) we may use it for marketing communications. However, we do not utilize your email for contacting us or scheduling consultations.

We rely on the Simple Practice Electronic Health Record (EHR) to manage all your personal information. This EHR system fully complies with the Health Insurance Portability and Accountability Act (HIPAA) and ensures complete confidentiality. While we endeavor to adhere to all HIPAA compliance guidelines diligently, it’s important to note that we cannot guarantee the absolute security of your personal information on the Internet. We recommend reviewing our full Privacy Policy to understand how your information is handled comprehensively. Your continued use of our services indicates your acceptance of these practices.

We may collect personal information directly from you or through automated means when you visit our website, use our services, or communicate with us. The types of information we may collect include but are not limited to:

When we refer to “personal information” in this Privacy Policy, we mean any data or information that can directly or indirectly identify a specific individual.

  1. How We Use Your Information

We may use the information collected for the following purposes:

  1. Quizzes and Research Participation

Our website offers users the opportunity to complete quizzes. These quizzes aim to provide users with insights into their relationships, behavioral patterns, symptoms, and interpersonal dynamics. It’s important to note that these questionnaires are for informational purposes only and are not intended to be used as a psychological assessments or clinical diagnosis. Users seeking further understanding of their quiz results should consult a qualified health professional. The quizzes serve as a tool for self-reflection and is not a diagnostic instrument. Additionally, we conduct anonymous research with the quiz results. By opting in to our quizzes, users consent to contribute to our anonymous research studies and will be asked a few additional demographic questions for research purposes. Your participation in these studies is entirely voluntary, and any data collected is 100% anonymous and confidential. The results data will be used strictly for research purposes. If you choose to participate in our research studies, please note that your personal information will not be disclosed or used for identification purposes. All data used in our research will be anonymized and aggregated to protect user privacy. We highly value your participation and contribution to our research initiatives, which help us gain insights into psychological patterns and behaviors. If you have any concerns or questions about our research practices or wish to learn more about how your data is utilized, please contact us. By choosing to engage with our quizzes or participate in our research studies, you acknowledge and agree to the terms outlined in this Privacy Policy and our research procedures.

  1. Information Sharing and Disclosure

We understand the importance of protecting your information. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share or disclose your information in the following circumstances:

– With Third-Party Service Providers. We may engage trusted third-party service providers to assist us in delivering our services or conducting business operations. These service providers are contractually obligated to maintain the confidentiality and security of your information and are restricted from using it for any purpose other than providing services to us.

– Compliance with Laws and Legal Requests. We may disclose your information when required to comply with applicable laws, legal processes, or governmental requests. This includes responding to lawful requests by public authorities, such as court orders or law enforcement agencies, to protect our rights, property, or safety, or the rights, property, or safety of others.

– Business Transfers or Corporate Changes. In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred or disclosed as part of the transaction. We will ensure the continued confidentiality of your personal information and provide notice before your information is transferred or becomes subject to a different privacy policy.

– With Your Consent. We may share your information with third parties if we have obtained your consent to do so.

  1. Your Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your personal information, including the right to:

To exercise your rights, please contact us by sending request to

  1. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This retention period is determined by our legitimate business interests, in compliance with applicable laws. In some cases, we might need to keep personal information for longer periods to meet legal, tax, or accounting requirements mandated by legislative, regulatory, or government authorities. Factors we consider in determining the appropriate retention duration include the nature, sensitivity, and volume of the personal information, along with potential risks from unauthorized use or disclosure. Once the purposes for retaining your personal information are fulfilled, we take steps to either delete or de-identify it. However, if complete deletion or de-identification is not possible due to technical reasons, we securely store the information, ensuring it’s isolated from further processing until its eventual deletion or de-identification becomes possible.

  1. Links to Third Party Websites 

Our website and services may contain links to third-party websites or services that are not operated by us. These links are provided for your convenience or informational purposes only. Please note that we have no control over the content, privacy policies, or practices of any third-party sites or services. We do not endorse, monitor, or assume any responsibility for the accuracy, relevance, legality, or adequacy of the information, products, services, or policies of these third-party websites or services. Your interactions with such websites or services are subject to their respective terms of use and privacy policies, and we encourage you to review those policies before providing any personal information or engaging in transactions. We cannot be held liable for any damages, losses, or actions resulting from your use of third-party websites or services accessed through links on our platform. It is your responsibility to exercise caution and make informed decisions when accessing external sites or services linked to our platform. Please be aware that when you leave our website or services via a link to another website or service, our Privacy Policy no longer applies. Your browsing and interaction on any other website or service, including those linked from our platform, are subject to the terms and policies of that website or service. We encourage you to read the privacy policies and terms of service of any third-party websites or services that you visit.

 8. Procedure for Dealing with DSARs (Data Subject Access Requests)

If you wish to exercise your rights to access, correct, update, or request the deletion of your personal information, you can make a Data Subject Access Request (DSAR). To initiate a DSAR, please contact us by sending an email to Please note that we may require specific information from you to verify your identity and ensure the security of your personal information. This may include details such as your name, contact information, and any relevant account or transaction identifiers.

Upon receiving a valid DSAR, we will acknowledge your request and respond within the timeframe specified by applicable privacy laws. We will make every effort to provide you with access to your personal information or take action based on your request. Please note that in certain situations, legal or regulatory requirements may prevent us from fulfilling your request in its entirety. There might be circumstances where we are unable to comply with your request, such as instances where fulfilling the request would infringe upon the rights of others, jeopardize the privacy of others, or contravene legal obligations. Please be aware that we may update this DSAR procedure from time to time to reflect changes in our practices or legal requirements. Any modifications will be posted on our website, and we encourage you to review this section periodically.


We do not sell your personal information to third parties for monetary consideration. However, we may share your information as outlined in Section 3.  Please note that we highly value the privacy and security of your personal information. We want to reassure our consumers and customers that we do not and will not sell, rent, or lease your personal information to third parties. We believe in maintaining the confidentiality of your data and are committed to upholding the highest standards of privacy protection. We collect and process personal information solely for the purposes outlined in this Privacy Policy. These purposes may include, but are not limited to, providing requested services, improving user experience, communicating important updates, and complying with legal obligations. Under no circumstances will we engage in the sale of your personal information without your explicit consent. Our commitment to safeguarding your data extends to ensuring that we do not trade or exchange your personal information for monetary or other valuable consideration. We respect your right to control your information and will not compromise your privacy by engaging in practices that involve the sale of your data.

We encourage you to review this Privacy Policy regularly for any updates or changes regarding how we handle your personal information. If you have any questions or concerns about our data practices or wish to exercise your rights under applicable privacy laws, please contact us at

  1. Children’s Privacy Statement​​

Our website and services are not intended for individuals under the age of 16, and we do not knowingly collect or solicit personal information from children under this age. If you are under 16 years old, please refrain from using the website and services or providing any personal information to us directly or through any other means. If we become aware that we have inadvertently collected personal information from a child under the age of 16, we encourage the child’s parent or guardian to contact us immediately. Upon receiving such notification, we will take prompt steps to delete the personal information from our systems. We are committed to protecting the privacy of all individuals, especially children. If you believe that personal information belonging to a child under 16 has been provided to us, please contact us so that we can promptly address and rectify the situation

  1. Cookies 

Our website may use cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device that may collect information such as your IP address, browser type, and pages visited. These cookies help us analyze website traffic, customize content, and improve our services. You can manage or disable cookies through your browser settings; however, please note that certain features of the website may be affected by disabling cookies.

  1. Data Security

We implement technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is completely secure.

Embedded content from other websites

This site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics and Ads

Google Analytics and Google Ads collects data from visitors. We use this information to enhance our website.

  1. Compliance with Data Protection Laws

We are committed to complying with all applicable data protection laws and regulations that govern the collection, use, storage, and transfer of personal information. This includes, but is not limited to, laws such as the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and any other relevant local, state, national, and international regulations. We strive to ensure that your personal information is handled in a manner consistent with these laws. Our practices are designed to safeguard your privacy rights and provide transparency regarding the collection and processing of your data.

  1. Updates to this Privacy Policy

We reserve the right to update or modify this Privacy Policy periodically. Whenever changes are made to this Privacy Policy, we will revise the “Last updated” date at the beginning of this Privacy Policy to reflect the most recent update. If there are material changes to this Privacy Policy that significantly affect how we handle your personal information, we will provide notice through means that can reasonably be deemed appropriate, such as sending an email to your registered email address or posting the changes on our website. We may also use other suitable communication channels to ensure you are informed about the modifications. Please note that any alterations to this Privacy Policy will be effective immediately upon their publication on our website unless otherwise specified. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information. By continuing to use our website or services after any modifications to this Privacy Policy, you acknowledge and agree to the updated terms outlined herein.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at

  1. Additional U.S. State Privacy Disclosures

For residents of the States of California, Colorado, Connecticut, Nevada, Utah, and Virginia, the following disclosures (“U.S. Disclosures”) supplement our Privacy Policy and detail additional information about our processing practices regarding personal information for individuals in these states. For a comprehensive understanding of our data practices, please refer to our Privacy Policy. All terms defined in our Privacy Policy retain the same meaning in these U.S. Disclosures.

For the purpose of these U.S. Disclosures, “personal information” excludes publicly available information or de-identified, aggregated, or anonymized data that cannot be associated with you.

Under applicable privacy laws, depending on your state of residence, you may have certain rights concerning your personal information:

Depending on your state of residency, exercising these rights may not result in discriminatory treatment. However, differences in price, rate, or service quality may be permitted by law based on the impact of exercising these rights. For detailed information or to exercise your rights, please refer to the relevant sections in our Privacy Policy or contact us using by sending email to


If you are in a life threatening situation – don’t use this site. Call +1 (800) 273-8255 or use these resources to get immediate help.