EMDR Training
EMDR Basic Training EMDR Advanced Training EMDR Certification EMDR Consultant Training EMDR & IFS Practitioner Program Polyvagal Informed EMDR Practitioner Program Somatic EMDR Practitioner Program Consultation Course Catalog
Trauma Training
Trauma Trainings Consultation Course Catalog
Membership

Privacy Policy

Trauma Therapist Institute

Privacy Policy 

Rebecca K. Wilson, LLC d/b/a Trauma Therapist Institute (“us”, “our”, or “we”) institutes the terms of this Privacy Policy to ensure that personally identifiable information (“PII”) is maintained in a safe, secure, and responsible manner. The following describes how we collect, use, and share the PII obtained from and about individuals who use our Trauma Therapist Institute mobile application, the website located at traumatherapistinstitute.com, and our other online products or services (collectively, the “Services”) or when you otherwise interact with us or receive a communication from us. This Privacy Policy applies only to information collected through the Services and does not apply to information that we may collect outside the use of the Services such as over the phone or by email or mail. By using these Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, including the collection, use, and disclosure of information as described herein. If you do not agree to this Privacy Policy, you must not access or use the Services. Please read this entire Privacy Policy to make sure you understand our practices fully.

For avoidance of doubt, the “Services” include, without limitation, all educational programs, professional trainings, classes, workshops, clinical discussions, “Clinical Conversations,” continuing education offerings, community forums, membership-based communities (including our Community platform), interactive features, and related content offered by us, whether free or paid, whether accessed synchronous or asynchronous through our website, Application, third-party platforms such as Kajabi, or other online learning or community platforms.

This Privacy Policy applies to all individuals who access, register for, participate in, or otherwise engage with the Services, including visitors, registered users, training participants, community members, and subscribers.

This Privacy Policy describes information that we currently collect and information that we may collect in the future in connection with the Services, including as our offerings, features, technologies, pricing models, or platforms evolve. 

Where the Services include community, social, or interactive features, including the Community platform, you understand and agree that certain information you voluntarily choose to share, including your name, username, screen name or other identifier (which may be real-name based or system generated), profile information, posts, comments, or other content, may be visible to other registered users in accordance with the design and functionality of the Services. Such visibility is an inherent aspect of participation in these features and does not constitute disclosure by us outside the scope of this Privacy Policy.

The Services are educational and professional in nature and are not healthcare services. We do not provide medical or mental health treatment through the Services. While we do not intend to collect protected health information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), you should not share any health information, including mental health information, through the Services. To the extent any health information is inadvertently shared through community features or interactive components, such information will be handled in accordance with this Privacy Policy and applicable law, and we will take reasonable steps to remove or restrict access to such information upon becoming aware of it. Any information collected through the Services is collected in connection with training, education, community participation, or related business purposes, and not for the provision of healthcare services.

Information Collected. We may collect PII for purposes related to our business, to improve the content of the Services, or for any other commercial purpose. PII collected from you is voluntarily submitted and provided to us through your use of the Services or in response to requests for information, except for certain information that may be automatically collected as described in this Privacy Policy. We may collect and process such data as necessary for providing the Services, for compliance with legal obligations, and for other legitimate business interests as described in this Privacy Policy, subject to your rights under applicable law. Depending on how you access or use the Services, we may collect different categories of information, including information that we currently collect and information that we may collect in the future as our Services evolve.

  1. User-provided Information. 
    1. When you use the Services, you may provide, and we may collect, PII. The types of information that we may collect include but are not limited to: name, address, email address, certification information, and phone number. PII also includes other information, such as geographic areas or preferences, when any such information is linked to information that identifies a specific individual. 
    2. If you register for or participate in trainings, classes, Clinical Conversations, Community features, or other interactive offerings, we may collect additional information that you voluntarily provide, which may include professional credentials, licensure status, certifications, areas of practice, course enrollment and completion information, attendance records, participation history, profile information, photographs, and other content you choose to upload or share. If we record any sessions, trainings, or interactive features in which you participate, we will provide you with clear notice and obtain your affirmative consent before such recording begins, and you will have the opportunity to decline participation in recorded sessions without penalty or loss of access to non-recorded alternatives where reasonably available. Recordings will be retained only for the period necessary to fulfill the stated purpose and will be securely deleted thereafter in accordance with our data retention policies.
    3. If you participate in Community features or other interactive or social components of the Services, you understand that information associated with your account—such as your name or other identifier—and content you voluntarily submit may be visible to other registered users in accordance with the design and functionality of the Services.
  2. Automatically Collected Information. 
    1. When you use the Services, we may automatically record certain information from your device by using various types of technology, including cookies. This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, device settings, user-agent string, the pages or content you view or interact with on the Services, and the dates and times of your access or use of the Services. 
    2. If the Services are accessed through third-party platforms such as Kajabi or other hosting, learning management, or community platforms, automatically collected information may also include platform-generated usage data, engagement metrics, session information, and interaction logs, subject to the functionality of such platforms. Information collected by third-party platforms is also subject to those platforms' privacy policies, and we encourage you to review the privacy practices of any third-party platform through which you access the Services. While we are not responsible for the privacy practices of third-party platforms, we will use commercially reasonable efforts to select third-party service providers that maintain adequate data protection standards, and we will enter into appropriate data processing agreements with such providers where required by applicable law.
  3. Derivative Data. 
    1. We may automatically collect data when you access the Services, such as your native actions that are integral to the Services, actions taken when creating entries, editing entries, and uploading media to the Services. Any media uploaded in this fashion will be collected and stored on our servers. 
    2. Derivative data may also include participation metrics, progress indicators, completion status, timestamps, engagement activity, and interaction history associated with courses, trainings, Clinical Conversations, Community participation, or other interactive components of the Services.
  4. Location Information. 
    1. We may receive and process information about your location. For example, with your express consent obtained through your device settings or through the Services, we may collect information about the specific location of your mobile device (for example, by using GPS or Bluetooth). You may withdraw this consent at any time through your device settings. We may also receive location information from you when you choose to share such information on the Services, including by associating your content with a location, or we may derive your approximate location from other information about you, including your IP address.
    2. Location information may also be inferred or processed through third-party platforms used to provide the Services, including learning management or community platforms, and through contextual information associated with your participation in trainings, events, or Community features.
  5. Information from Other Sources. 
    1. We may obtain information, including PII, from third parties and sources other than the Services. If information from other sources is combined or associated with PII collected through the Services, this combined information will be treated as PII in accordance with this Privacy Policy. We may also receive information about you, including log and usage data and cookie information, from third-party sites that integrate our services, including embeds and advertising technology.
    2. We may also obtain information from third-party platforms and service providers used to host, deliver, administer, or support the Services, including learning management systems, community platforms, payment processors, and credential or eligibility verification sources. When we obtain information from credential or eligibility verification sources, we will do so only for legitimate verification purposes related to your participation in professional trainings or programs, and only to the extent permitted by applicable law and professional regulations. 

How Collected Information is Used. We may use the information that is collected in the following ways in providing the Services. We will not use your information in ways that are materially different from those described in this Privacy Policy without providing you with notice and, where required by law, obtaining your consent:

  1. Operations. 
    1. We may use PII to operate, maintain, enhance, and provide all features of the Services, to provide the services and information that you request, to respond to comments and questions, and to provide user support. 
    2. Operational uses may include, if applicable, administering registrations and accounts; providing access to courses, trainings, Clinical Conversations, and Community features; verifying eligibility or credentials for particular offerings; processing payments; managing subscriptions or memberships; facilitating participation in interactive features; moderating Community activity in accordance with our Terms of Use; and enforcing our Terms of Use and related policies. Our moderation practices may include reviewing user-generated content for compliance with our policies, but we do not undertake any obligation to monitor all Community activity. However, we reserve the right to remove content or suspend access to users who violate our Terms of Use, and we will cooperate with law enforcement when required by applicable law or legal process.
  2. Improvements. 
    1. We may use collected PII to understand and analyze usage trends and preferences, to improve the Services, and to develop new services, features, and functionality. 
    2. This may include analyzing engagement with educational content, Community features, or interactive offerings; evaluating the effectiveness of trainings or programs; and developing new or enhanced educational, professional, or community-based services.
  3. Communications. 
    1. We may use PII to communicate with you for administrative purposes such as customer service, updates on policies or terms, and communication relating to services, via the communication method chosen by you. You may opt out of receiving certain non-essential communications at any time via a link in the email you receive, by replying STOP to SMS or text messages, or by contacting us as provided in the “Contact” section. You understand and acknowledge that certain features of the Services rely on communications and by opting out of non-essential communications you may lose the availability and functionality of some aspects of the Services. We may still send you transactional or legally required communications even if you opt out of marketing communications.  
    2. Communications may also include notices regarding trainings, classes, Clinical Conversations, Community activity, account-related updates, reminders, confirmations, and information related to your participation in the Services.
  4. Advertisements. 
    1. We may use third-party programmatic ad exchanges to show advertisements relevant to your interests. In providing those ads, those third parties may collect information, including log and usage data and information from cookies, subject to your browser settings and applicable privacy controls. These third parties will not receive PII from your account, though they may receive de-identified or aggregated information. You may opt out of interest-based advertising by adjusting your browser settings or using industry opt-out tools. 
    2. Advertising-related uses may include promoting our educational offerings, trainings, and Services to prospective users, subject to applicable law and your communication preferences.
  5. Cookies and Tracking Technology. 
    1. We may use automatically collected information and other information collected on the Services through cookies and similar technologies to: (I) personalize the Services; (II) monitor and analyze the effectiveness of the Services; and (III) monitor aggregate site usage metrics such as number of visitors and pages viewed. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiration date, unless deleted by you prior to the expiration date; a session cookie will expire at the end of your use of the Services when the web browser is closed. 
    2. Cookies and similar technologies may also be used, where applicable, in connection with third-party platforms that host or support the Services, including learning management systems or community platforms, subject to your browser and device settings.
  6. Eligibility Review. 
    1. Certain administrators will review information uploaded by you to verify authenticity of licenses and certifications and determine eligibility for particular trainings. 
    2. Eligibility review may also be used to determine access to certain courses, trainings, Community features, or other offerings that require professional credentials or qualifications.

How Information is Shared. Except as described in this Privacy Policy, we will not intentionally disclose your PII to third parties without your explicit consent. We may disclose information to third parties with your consent, as well as in the following circumstances:

  1. Unrestricted Information. 
    1. Content generated by you and posted to the Services, or any of our associated social media sites, is your sole and exclusive responsibility and we have no responsibility or liability for such content. Any information you voluntarily display to the public on the Services will be available to any individual who has access to that content. We cannot and will not guarantee the safety or security of your user generated content. Further, search engines may index your user generated content such that it may be found on and through common search engines. We cannot and will not guarantee the safety or security of your user generated content.
    2. For clarity, content shared within Community features, discussion forums, Clinical Conversations, or other interactive components of the Services may be visible to other registered users in accordance with the design and functionality of those features. Information displayed to other registered users is considered user-generated content for purposes of this section, even if access is limited to logged-in or enrolled users.
  2. Service Providers. 
    1. In some events we may work with service providers who provide website, application development, hosting, maintenance, and other services. These third parties may have access to or process PII as part of providing such services. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions. 
    2. Service providers may include, if applicable, learning management systems, community platforms, hosting providers, payment processors, analytics providers, customer support tools, and communication service providers used to support or administer the Services. Such service providers may process PII on our behalf only pursuant to written contracts that include confidentiality and data protection obligations consistent with the Colorado Privacy Act, including requirements that service providers: (I) process personal data only according to our documented instructions; (II) maintain the confidentiality and security of personal data; (III) provide reasonable assistance in responding to consumer rights requests; and (IV) delete or return personal data upon completion of services, unless retention is required by law.
  3. Non-Personally Identifiable Information. 
    1. We may make certain automatically-collected, aggregated, or otherwise de-identified information that cannot reasonably be used to identify you available to third parties for various purposes, including: (I) compliance with reporting obligations; and (II) business or marketing purposes. Such information may include aggregated usage data related to trainings, courses, Community participation, or engagement with the Services. We maintain technical and administrative controls designed to ensure that de-identified data cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. We commit not to attempt to re-identify such de-identified data and will contractually prohibit recipients of de-identified data from attempting to re-identify it.
  4. Legal Compliance. 
    1. We may disclose PII or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other government agencies. 
    2. We also reserve the right to disclose PII or other information that we believe, in good faith, is appropriate or necessary to: (I) take precautions against liability; (II) protect from fraudulent, abusive, or unlawful uses or activity; (III) investigate and defend against any third-party claims or allegations; or (IV) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others. This may include disclosure in connection with enforcement of our Terms of Use, Community guidelines, or other policies governing participation in the Services.
  5. Change in Structure/Ownership. 
    1. Information, including PII, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. In such circumstances, we will require the recipient of the PII to commit to a privacy policy that has terms substantially consistent with this Privacy Policy, and we will provide you with notice of any such transfer and, where required by applicable law, obtain your consent or provide you the opportunity to opt out of the transfer. 

Your Rights. 

    1. Colorado Privacy Act. We respect your privacy rights and provide you with reasonable access to the PII that you may have provided through your use of the Services. Under the Colorado Privacy Act, you have the right to: (i) confirm whether we are processing your personal data and access such data; (ii) correct inaccuracies in your personal data; (iii) delete personal data that you have provided; (iv) obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance; (v) opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects; and (vi) appeal our decision regarding a consumer rights request. If you wish to exercise any of these rights or access or amend any information or PII we hold about you, you may contact us as set forth in the “Contact” section. 
    2. Sale and Profiling. We do not sell personal data, as that term is defined under the Colorado Privacy Act, or engage in targeted advertising. We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. Accordingly, the right to opt out of the sale of personal data or targeted advertising does not apply to our processing activities.
    3. Verification. To protect your personal data and confirm that a request is made by the consumer to whom the data relates, we may require reasonable verification of your identity before processing a request to exercise your privacy rights. The verification method used will be reasonably appropriate to the nature of the request and the sensitivity of the personal data at issue. If we are unable to verify your identity using commercially reasonable efforts, we may decline to act on the request and will notify you of the reason for denial. We will use personal data provided in a request solely for purposes of identity verification and request processing. 
    4. Authorized Agent. You may designate an authorized agent to submit a request to exercise your privacy rights on your behalf. We may require the authorized agent to provide proof of authorization, including a written and signed permission from you, and may also require you to verify your identity directly with us or confirm that you provided the authorized agent permission to submit the request. For Utah residents, we may deny a request from an authorized agent if the agent does not submit proof that they have been authorized by you to act on your behalf. For Colorado residents, we may deny a request from an authorized agent if we are unable to confirm proper authorization or verify your identity, and will notify you and the authorized agent of the reason for denial.

Control. You may further control your PII in the following ways:

    1. Retention. At your request, we will delete or de-identify personal data concerning you from our records, subject to certain exceptions. We may retain personal data to the extent reasonably necessary to: (i) complete the transaction for which the personal data was collected; (ii) detect security incidents or protect against malicious, deceptive, fraudulent, or illegal activity; (iii) debug to identify and repair errors; (iv) comply with legal obligations; (v) enable solely internal uses reasonably aligned with your expectations based on your relationship with us; or (vi) otherwise use the personal data internally in a lawful manner compatible with the context in which you provided it. Deletion or blocking of information from our records does not necessarily result in the removal of content that you have voluntarily shared with other users through Community features, discussion forums, or other interactive components of the Services, to the extent such content remains visible to or was copied by other users in accordance with the functionality of the Services. 
    2. Deletion. You may delete your PII at any time. You may also submit a request to delete the PII we maintain about you by contacting us as set forth in the “Contact” section below. When you delete your account, we will delete or de-identify your PII within 45 days of receiving and verifying your request, subject to applicable legal retention requirements and the exceptions described in this Privacy Policy. Your profile will no longer be visible to other users and will be dissociated from content you posted under that account. Please note that the posts, comments, and messages you submitted prior to deleting your account may still be visible to others unless you first delete the specific content.
    3. Copies. You have the right to obtain a copy of the personal data we maintain about you in a portable, readily usable format that allows you to transmit the data to another entity without hindrance, where technically feasible.
    4. Cookies. You may control the Services’ use of cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject first- and third-party cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of some aspects of the Services.
    5. Declination. You may, at any time, decline to share certain PII with us, in which case we may not be able to provide to you some of the features and functionality of the Services. 
    6. Objection. Subject to certain exceptions under applicable law, you may object to the processing of your personal information. You always have a right to lodge a complaint with the Colorado Attorney General if you believe your privacy rights under the Colorado Privacy Act have been violated. 
    7. Unsubscribing and Opting-Out. If you receive commercial emails, text messages, or notifications from us, you may unsubscribe or opt-out at any time by contacting us as set forth in the “Contact” section. Please be aware that it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages, you may continue to receive administrative messages regarding the Services.
    8. Push Notifications and Alerts. With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
    9. Location Information. You can control how we use location information inferred from your IP address and mobile device by changing the settings in your mobile device and web browser.
    10. Mobile Access or Permissions. We may request access or permission to certain features from your mobile device, including your mobile device’s storage. If you wish to change our access or permissions, you may do so in your device’s settings.
    11. Appeals. If we decline to take action on your request, you may appeal our decision by submitting an appeal request using the contact information set forth in the “Contact” section. We will respond to your appeal within 45 days of receipt. If your appeal is denied, we will provide you with a written explanation of the reasons for the denial and information on how you may submit a complaint to the Colorado Attorney General.
    12. Response. We will respond to verifiable consumer requests to exercise privacy rights under applicable law within 45 days of receipt. Where reasonably necessary, we may extend the response period once by an additional 45 days, provided we inform you of the extension and the reason for it within the initial response period.

Administrator Access. You understand and agree that administrators connected with your particular facility, as applicable, may have limited access to view your PII, including but not limited to, name, email, and such information shared by you in connection with uploading licenses and certification for verification. Administrators are bound by contractual obligations regarding the confidentiality and protection of such information, and we require administrators to maintain appropriate safeguards consistent with this Privacy Policy and applicable law.

Third Party Websites and Applications/ This Privacy Policy applies only to the Services and not to the websites or applications of partners, affiliates, or other third parties. You may be required to accept additional policies prior to your use of links accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Services. We encourage you to learn about third parties’ privacy and security policies before providing them with information.  

Third Party Servers. Certain information stored or transmitted by us hereunder, including PII, may be stored, managed, or otherwise handled by third parties. You understand and agree that we are not liable, accountable, or otherwise responsible for information communicated to or through third-party servers and you hereby release us from any associated liability or responsibility consistent with the indemnifications, liability limitations, and privacy policy included herein. We work with third-party service providers who may store or process your information. We implement appropriate contractual safeguards with third-party service providers who handle your information to ensure they maintain security standards consistent with this Privacy Policy and applicable law. 

Data Security. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. We maintain reasonable administrative, technical, and physical safeguards to protect PII against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the PII in our possession. This may include, for example, firewalls, SSL technology, application-layer security features, password protection, and other access and authentication controls. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we maintain reasonable safeguards designed to protect your information. If you believe your PII has been compromised, please contact us at the address provided in the “Contact” section. If we learn of a security breach that affects your personal data, we will inform you and the appropriate authorities of the occurrence of the breach in accordance with applicable law, including Colorado's data breach notification statute and other applicable requirements. 

Data Retention. We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law. If you would like to delete your personal information, you can delete your account at any time. It may take additional time for your personal data to be de-indexed from search engines, depending on those search engines’ practices, over which we may have limited or no control. We will retain and use information as necessary to comply with legal obligations, resolution of disputes, and enforcement of our agreements. 

EU-US Privacy. We make all best reasonable efforts to comply with the EU General Data Protection Regulation framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. We adhere to the requirements of notice, choice, onward transfer, security, data integrity, access, and enforcement. We are hosted in the United States. By using the Services, you acknowledge that your personal data will be transferred to, stored, and processed in the United States and any other country where we operate. Users in the European Economic Area have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised by contacting us as set forth in the “Contact” section. 

California Residents – The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA" or "CPRA"), provides California residents with the following rights.

  1. Right to Know. You have the right to know and see what data we have collected about you over the past 12 months, subject to our data retention practices, including:
    1. The categories of personal information we have collected about you;
    2. The categories of sources from which the personal information is collected;
    3. The business or commercial purpose for collecting your personal information;
    4. The categories of third parties with whom we have shared your personal information; and
    5. The specific pieces of personal information we have collected about you.

The categories of personal information we collect and the purposes for which they are used are described in the sections titled “Information Collected” and “How Collected Information Is Used” in this Privacy Policy.

  1. Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
    1. Complete a transaction;
    2. Provide you a good or service:
    3. Perform a contract between us and you;
    4. Protect your security and prosecute those responsible for breaching it;
    5. Fix our system in the event of a bug, virus, or malware;
    6. Protect the free speech rights of you or other users;
    7. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.);
    8. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
    9. Comply with a legal obligation; or
    10. Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
  2. Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes for which it is processed.
  3. Sensitive Personal Information. We do not use or disclose sensitive personal information, as defined under the CPRA based on our current business practices, for purposes other than those permitted by applicable law and consistent with our service operations. Accordingly, the right to limit the use or disclosure of sensitive personal information does not apply to our processing activities.
  4. Sale or Sharing of Personal Information. We do not sell personal information or share personal information for cross-context behavioral advertising, as those terms are defined under the CPRA. Accordingly, California residents do not have the right to opt out of the sale or sharing of personal information under this Privacy Policy.
  5. Other Rights. You can request certain information about any disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.
  6. Response Timing. We will respond to verifiable consumer requests to exercise rights under California law within 45 days of receipt. Where reasonably necessary, we may extend the response period once by an additional 45 days, provided we inform you of the extension and the reason for it within the initial response period.
  7. Authorized Agents. California residents may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide proof of your written authorization, and we may require you to verify your identity directly with us. Authorized agents may submit requests using the same methods available to consumers, as described in the “Contact” section. We will not deny a request from an authorized agent solely because the agent is not an attorney.
  8. Exercising your California Privacy Rights. To request access to or deletion of your PII, or to exercise any other data rights under California law, please contact us as set forth in the “Contact” section.
  9. Right to Appeal and Complaints. If we deny your request, you may appeal our decision by contacting us using the information in the “Contact” section. If your appeal is denied, you may submit a complaint to the California Privacy Protection Agency or the California Attorney General.

Colorado Residents. The Colorado Privacy Act (“CPA”) provides Colorado residents with the following rights. If we deny your request in whole or in part, you may appeal our decision by contacting us using the information in the "Contact" section. Within 45 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to the Colorado Attorney General through the Attorney General’s website at coag.gov.

    1. Right to Confirm and Access. You have the right to confirm whether we are processing your personal data and to access such personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance.
    2. Right to Delete. You have the right to request that we delete the personal data we have collected from you, subject to certain exceptions as permitted by law. We will honor your deletion request unless an exception applies, such as when the data is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights.
    3. Right to Correct. You have the right to request that we correct inaccurate personal data.
    4. Right to Opt Out of Targeted Advertising, Sale of Personal Data, and Profiling. You have the right to “opt out” of (i) “targeted advertising," (ii) the “sale” of your “personal data," and (iii) "profiling in furtherance of decisions that produce legal or similarly significant effects" (as such terms are defined under Colorado law).
    5. Exercising your Colorado Privacy Rights. To exercise any of your rights under Colorado law, including rights to access, delete, correct, data portability, or opt out, please contact us as set forth in the "Contact" section. We will not discriminate against you for exercising your rights under the CPA.

Connecticut Residents. The Connecticut Data Privacy Act (“CTDPA”) provides Connecticut residents with the additional rights listed below. 

    1. Right to Access. You have the right to know and see what personal data we have collected about you in a usable format.
    2. Right to Delete. You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.
    3. Right to Correct. You have the right to request that we correct inaccurate personal data.
    4. Right to Data Portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
    5. Right to Opt Out of Targeted Advertising and Sale of Personal Data. You have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Connecticut law) and profiling in furtherance of decisions that produce legal or similarly significant effects.
    6. Exercising your Connecticut Privacy Rights. To request access to or deletion of your personal data, or to exercise any other data rights under Connecticut law, please contact us as set forth in the “Contact” section.
    7. Right to Appeal. If we deny your request, you may appeal our decision by contacting us using the information in the “Contact” section. 

Oregon Residents. The Oregon Consumer Privacy Act (“OCPA”) provides some Oregon residents with the additional rights listed below.

    1. Right to Correct. You have the right to request that we correct inaccurate personal data. 
    2. Right to Access. You have the right to know and see what personal data we have collected about you in a usable format.
    3. Right to Delete. You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.
    4. Right to Copy. You have the right to receive a copy of the personal data you have provided to us.
    5. Right to Disclosure Regarding Third-Parties. You have the right to request disclosure of specific third parties to whom your personal data has been disclosed. 
    6. Right to Opt Out of Targeted Advertising and Sale of Personal Data. You have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Oregon law) and profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
    7. Exercising your Oregon Privacy Rights. To request access to or deletion of your personal data, or to exercise any other data rights under Oregon law, please contact us as set forth in the “Contact” section.
    8. Right to Appeal. If we deny your request, you may appeal our decision by contacting us using the information in the “Contact” section. 

Utah Residents – The Utah Consumer Privacy Act (“UCPA”) provides some Utah residents with the additional rights listed below.

      1. Right to Know and Access. You have the right to confirm whether we are processing your personal data and to access such personal data.
      2. Right to Delete. You have the right to request that we delete the personal data that you have provided to us, subject to certain exceptions as permitted by law.
      3. Right to Data Portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
      4. Right to Opt Out. You have the right to opt out of the processing of your personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.
      5. Sensitive Data. Under Utah law, "sensitive data" includes personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status, genetic or biometric data processed for the purpose of uniquely identifying an individual, personal data collected from a known child, or precise geolocation data. We do not intentionally collect sensitive data as defined by Utah law, through the Services. Given the nature of our Services, which involve mental health professionals and clinical discussions, we strongly discourage participants from sharing any information that would constitute sensitive data, including any mental or physical health information.
      6. Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the UCPA, including by denying goods or services, charging different prices or rates for goods or services, or providing a different level or quality of goods or services.
      7. Exercising Your Utah Privacy Rights. To exercise any of your rights under Utah law, please contact us as set forth in the "Contact" section. We will respond to your request in accordance with the UCPA's requirements. If we decline to take action on your request, you may appeal our decision by contacting us using the method described in the "Contact" section and specifying that you wish to appeal. We will respond to your appeal within 60 days of receipt. We will respond to your request within 45 days of receipt, unless we notify you that we require additional time (up to 90 days total).

Virginia Residents – The Virginia Consumer Data Protection Act (“VCDPA”) provides some Virginia residents with the additional rights listed below. 

    1. Right to Know and Access. You have the right to confirm whether we are processing your personal data and to access such personal data.
    2. Right to Data Portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
    3. Right to Delete. You have the right to request that we delete the personal data provided by or obtained about you, subject to applicable legal exceptions.
    4. Right to Correct. You have the right to request that we correct inaccurate personal data.
    5. Right to Opt Out of Targeted Advertising and Sale of Personal Data. You have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Virginia law) and profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
    6. Exercising your Virginia Privacy Rights. To request access to or deletion of your personal data, or to exercise any other data rights under Virginia law, please contact us as set forth in the “Contact” section. 
    7. Right to Appeal. If we decline to take action on your request, you may appeal our decision by contacting us as set forth in the “Contact” section and indicating that you are submitting an appeal. If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint.

Changes and Updates to This Privacy Policy. Please revisit this page periodically to stay aware of any changes to this Privacy Policy, which we may update from time to time. If we modify the Privacy Policy, we will provide notice through the Services, indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Services after the revised Privacy Policy has become effective indicates that you acknowledge the updated Privacy Policy. For material changes that affect your rights under applicable privacy laws, including the Colorado Privacy Act, we will provide prominent notice and, where required by law, obtain your affirmative consent before the changes take effect.  

 

Contact – If you have any questions regarding this privacy policy, please contact:

Rebecca K. Wilson, LLC d/b/a Trauma Therapists Institute 

PO Box 57

Fox Island, WA 98333

EMAIL: [email protected]

 

Last Updated: 2.18.2026