Effective Date: November 17, 2025

Healing Strides of Virginia ("we," "us," or "our") is a non-profit organization dedicated to providing equine-assisted services, therapeutic riding, mental health, education and coaching services, and related programs to support physical, emotional, and cognitive well-being for riders, volunteers, mental health clients, and others seeking services. We are committed to protecting the privacy and confidentiality of our participants, volunteers, donors, and website visitors ("you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (healingstridesofva.org), interact with our services (including through intake forms), or engage with us through online forms, emails, or social media.

As a provider of therapeutic services, we handle sensitive health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) where applicable for all clients, participants, volunteers, etc. All mental health staff undergo background checks, and we maintain signed HIPAA authorizations and releases for sharing Protected Health Information (PHI) with doctors, therapists, equine specialists, instructors, and administrative staff as needed to serve client needs and achieve riding or treatment goals. For non-HIPAA protected information (e.g., general contact details), we adhere to best practices and applicable laws like the Children's Online Privacy Protection Act (COPPA) for minors. If you are under 13, please do not provide any personal information without verifiable parental consent. All minors must have adult consent for volunteering, riding, or treatment in any programs.

By using our website, completing intake forms, or participating in services, you consent to the practices described in this policy, including those outlined in our intake forms, which include consents for photo releases, medical waivers, liability releases, background check and confidentiality. We may update this policy periodically; changes will be posted here with the updated effective date. Continued use after changes constitutes acceptance.

1. Information We Collect

We collect information only as necessary to provide our services, improve our programs, and communicate with you. Intake forms for participants, volunteers, mental health, education and coaching clients, and others are used to gather this data, requiring electronic signatures for consents. Types of information include:

Personal Data: Provided voluntarily, such as name, address, email, phone number, age, gender, emergency contacts, and payment details (e.g., for program fees or donations). This is collected via registration and intake forms.

Health and Medical Data: Sensitive information like medical history, treatment goals, riding abilities, therapy notes, or mental health details, collected only with your explicit consent through signed releases and HIPAA authorizations. For insurance billing related to recreational therapy or mental health services (but not therapeutic riding or coaching and education), we may collect additional details like insurance provider information with your consent.

Derivative Data: Automatically collected via cookies, log files, or analytics tools, including IP address, browser type, device information, pages visited, and access times.

Financial Data: Credit card or payment details processed securely via our third-party gateway (NMI); we do not store full card details. Insurance billing is limited to eligible services.

Social and Communication Data: Interactions on our Facebook page or emails, including messages or comments.

Other Data: Feedback, survey responses, photos/videos from sessions (with consent via intake form), or volunteer background check information (e.g., for program safety). 

We do not knowingly collect data from children under 13 without verifiable parental consent, and all minor participation requires adult (parent or guardian) signature on intake forms.

2. How We Use Your Information

We use your information for legitimate non-profit purposes, including:

Providing and managing services, such as equine therapy sessions, therapeutic horsemanship, mental health, coaching, education, volunteer coordination, or goal-setting for all participants and clients.

Processing payments or donations, including insurance claims for recreational therapy or mental health services (therapeutic horsemanship, education and coaching is not billed to insurance).

Communicating updates, newsletters, or program information (you can opt out anytime).

Improving our programs through anonymous analytics.

Ensuring safety and compliance, e.g., sharing PHI only as permitted under HIPAA for treatment, payment, or operations—including discussions with equine specialists, instructors, administrative staff, doctors, or therapists to coordinate care and meet client needs.

Conducting background checks for volunteers and staff as needed to maintain a safe and supportive environment for all seeking services at Healing Strides.

Legal requirements, such as reporting or audits.

For medical or mental health discussions, we obtain specific signed Releases of Information  and HIPAA authorizations before sharing any PHI.

3. How We Share Your Information

We do not sell, rent, or share your data for marketing or business purposes. Sharing is limited to:

Service Providers: With third parties like GoHighLevel (GHL) for contact management and NMI for payment processing. These are bound by data processing agreements (including HIPAA Business Associate Agreements where applicable) to protect your information. For insurance billing, we may share PHI with insurers or providers for recreational therapy or mental health claims only.

Healthcare and Treatment Needs: PHI may be shared with therapists, physicians, equine specialists, instructors, or administrative staff involved in your care, only with your signed HIPAA authorization and release. For example, to coordinate horsemanship goals, discuss medical conditions, or ensure safe program participation.

Background Checks: Limited personal data may be shared with authorized third-party screening services for volunteers or staff, as needed/required, with your consent via intake forms.

Legal and Safety: As required by law (e.g., subpoenas, child protection reports) or to protect safety (e.g., emergencies).

Aggregated/Anonymous Data: For research, grants, or reporting (e.g., program outcomes without identifiers).

Social Media: Public comments on our Facebook page are visible to others; private messages are treated confidentially.

If we merge, dissolve, or partner with another non-profit, your data may transfer as an asset, with notice provided.

4. Third-Party Integrations and Links

GHL: Used for CRM and contact storage, including intake forms; their privacy practices apply to data processed there (see GHL's policy).

NMI: Handles payments; we do not access full financial details (see NMI's policy).

Facebook: Interactions on our page follow Facebook's terms; we do not control their data practices.

External links (e.g., to PATH Intl. resources) lead to third-party sites; we are not responsible for their policies.

5. Data Security and Storage

All systems, including our website, databases, and intake forms, are password-protected with multi-factor authentication, encryption for sensitive data (e.g., PHI), and regular security audits. We use reasonable administrative, technical, and physical safeguards to protect against unauthorized access, but no system is 100% secure. In case of a breach affecting PHI, we will notify affected individuals within 60 days as required by HIPAA.

Data is stored in the U.S. on secure servers and retained only as long as needed (e.g., 7 years for PHI per HIPAA; shorter for general contacts). You can request deletion, subject to legal retention requirements.

6. Your Rights and Choices

Under HIPAA and general privacy laws, you have rights regarding your information:

Access and Amend: Request copies of your records or corrections (contact us for PHI access forms).

Restrict or Object: Limit certain uses (e.g., marketing) or sharing.

Delete or Port: Request deletion or data export (may limit services).

Opt-Out: Unsubscribe from emails or revoke consents, including for photo releases (e.g., via a simple yes/no checkbox on intake forms).

Complaints: File with us or the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

To exercise rights, email [email protected] or call (540)334-5825. We will respond within 30 days. For PHI, we provide a Notice of Privacy Practices upon request, in line with intake form acknowledgments.

7. International Transfers

Data is processed in the U.S.; if you are outside the U.S., your information may be subject to U.S. laws.

8. Contact Us

Questions? Reach us at:

- Email: [email protected]

- Mail: Healing Strides of Virginia, 672 Naff Rd, Boones Mill, VA 24065

- Phone: (540)334-5825