Privacy Policy

This Privacy Policy (herein referred to as “Policy”) explains how S.O.A.R. Beyond Neurodiverse Therapy, PLLC (herein referred to as the “Company,” “we,” “us,” or “our”) processes Personal Data that we collect from you (herein referred to as the “Subscriber”) as a Controller.

1. DEFINITIONS.

(a) “Controller” means the natural or legal person, public authority, agency, or other body, which alone or jointly with others, determines the purposes and means of processing Personal Data.

(b) “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(c) “Service(s)” means speech-language pathology services, including speech and language evaluations, individualized therapy sessions, caregiver consultation, and related communication support services provided to children and families.

(i) “Subscriber” means the natural or legal person who has subscribed to the Service(s) by agreeing to the Terms.

(ii) “Terms” means the binding contract between the Company and Subscriber that governs the Subscriber's access and use of the Service(s).

2. DATA COLLECTION.

The Subscriber directly provides the Company with most of the data we collect. The Company collects Personal Data from the Subscriber from the following sources: Clients and Parents/Guardians: Information provided directly by clients or their parents/guardians during intake, evaluations, therapy sessions, forms, questionnaires, phone calls, emails, or other communications.

Healthcare Providers and Professionals: With appropriate authorization, information may be received from physicians, psychologists, occupational therapists, educators, or other professionals involved in a client’s care to support coordinated treatment and comprehensive assessment.

Educational Institutions: When applicable and authorized, we may receive information from schools, teachers, or educational specialists, including reports, evaluations, Individualized Education Programs (IEPs), or other relevant educational records.

Insurance Providers and Billing Services: Information may be obtained from insurance companies or billing platforms related to electronic health record systems, scheduling software, teletherapy platforms, eligibility verification, authorizations, claims processing, and payment.

Technology Platforms and Practice Systems: Information may be collected through secure systems used to operate the practice, such as electronic health record systems, scheduling software, teletherapy platforms, or secure communication tools.

Website and Online Forms: When individuals visit our website or complete online forms (such as contact or intake forms), we may collect information that is voluntarily submitted, such as names, contact information, and service inquiries.

We collect only the information necessary to provide services, support practice operations, and comply with applicable legal and regulatory requirements. All information is handled and protected in accordance with HIPAA and applicable privacy laws.

3. PROCESSING OF PERSONAL DATA.

(a) The Company processes the Subscriber’s Personal Data to Our practice collects personal, health, and related information in order to provide high-quality speech-language therapy services and to comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). This information is considered Protected Health Information (PHI) and is collected only as necessary to support assessment, treatment, and practice operations. We may collect and use information for the following purposes:

Treatment: To evaluate communication, language, cognitive, and social-emotional skills; develop individualized treatment plans; provide speech-language therapy services; document therapy sessions; and monitor client progress over time. Information may also be shared with other healthcare providers, educators, or professionals involved in the client’s care when appropriate and authorized.

Payment: To obtain payment for services provided. This may include submitting information to insurance companies, processing claims, verifying coverage, or maintaining billing and financial records.

Healthcare Operations: To support the administrative and operational activities necessary to run the practice effectively. This may include scheduling appointments, maintaining clinical records, conducting quality assurance activities, training staff, and ensuring compliance with professional and regulatory standards.

Legal and Regulatory Compliance: To meet federal, state, and professional recordkeeping requirements and to respond to lawful requests from regulatory or public health authorities when required by law. We collect only the minimum necessary information required to fulfill these purposes. All Protected Health Information is stored, maintained, and protected in accordance with HIPAA privacy and security regulations to safeguard the confidentiality and integrity of client information..

(b) The Company will generally collect Personal Data from Subscribers only where it needs to create a contract with the Subscriber, where the processing is in the Company’s legitimate interests and not overridden by the Subscriber’s data protection interests or fundamental rights and freedoms, or where the Company has the Subscriber’s consent. In some cases, the Company may also have a legal obligation to collect Personal Data from the Subscriber.

(c) If the Company processes Personal Data with the Subscriber’s consent, the Subscriber may withdraw their consent at any time.

4. SHARING OF PERSONAL DATA.

(a) The Subscriber acknowledges that the Company may share the Subscriber’s Personal Data with its group companies and third-party service providers to offer the Subscriber the Company’s Service(s) and/or send information or updates about the Service(s).

(b) When the Company processes the Subscriber’s order, it may send the Subscriber’s Personal Data and use the resulting information from credit reference agencies to prevent fraudulent purchases.

(c) The Company shares Personal Data in the following instances In certain circumstances, our practice may share personal information and Protected Health Information (PHI) with trusted third parties in order to provide effective speech-language therapy services, operate our practice, and comply with legal obligations. Any sharing of information is conducted in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. Personal information may be shared for the following purposes:

Treatment Coordination: To collaborate with other healthcare providers, educators, therapists, or specialists involved in a client’s care in order to support coordinated treatment and improve therapeutic outcomes.

Payment and Insurance Processing: To submit claims, verify benefits, obtain authorizations, and process payments with insurance providers, billing services, or payment processors.

Healthcare Operations: To support essential practice functions such as electronic health record systems, scheduling platforms, secure communication tools, or administrative services that assist in maintaining clinical documentation and managing practice operations.

Legal and Regulatory Requirements: To comply with applicable federal, state, or local laws; respond to lawful requests from regulatory agencies; or meet professional recordkeeping requirements.

Authorized Disclosures: In situations where a client or their parent/guardian provides written authorization for information to be shared with a specific individual or organization. We limit the information shared to the minimum necessary for the intended purpose and work only with service providers who are required to maintain appropriate confidentiality and security protections for personal information.

5. RETENTION OF PERSONAL DATA.

(a) Company retains the Personal Data when an ongoing legitimate business requires retention of such Personal Data.

(b) In the absence of a need to retain Personal Data, the Company will either delete or aggregate it. If this is not possible, the Company will securely store your Personal Data and isolate it from any further processing until it is deleted.

6. SECURITY OF PERSONAL DATA.

The Company uses appropriate technical and organizational measures to protect the Personal Data it collects and processes. These measures are designed to provide a high level of security appropriate to the risk of processing the Subscriber’s Personal Data. If you are a Subscriber and have any concerns about the security of your Personal Data, please contact us immediately.

7. MODIFICATION.

The Company keeps this Policy under regular review and may update this webpage at any time. This Policy may be amended at any time, and the Subscriber shall be notified only if there are material changes to this Policy.

8. CONTACT DETAILS.

If you have any concerns about this Policy, please get in touch with us at info@soarbeyondtherapy.com.