§ Legal

Privacy Policy

Rocky Ridge Counseling privacy policy — what the contact form collects, what we don't collect, no cookies, no trackers, no Google Analytics.

Rocky Ridge Counseling doesn’t track you. This page explains what that means in practice.

What we collect

The contact form and booking modal collect: your name, email, phone number, a topic from a short dropdown, and — optionally — a few sentences of message or preferred times.

That’s it. No health history, no insurance info, no symptom description, nothing else. The form is scoped that way by design. Clinical details happen on the consultation call, where they belong, not through a public web form.

What happens to what you submit

A plain-text email is sent to Rocky’s practice inbox. Reply-To is set to your email address, so Rocky’s response lands back with you directly.

Nothing is stored on our side. No database, no logs of message contents, no retention on the server that handled your submission. Once the email dispatches, your data lives only in Rocky’s inbox (on his provider’s side, subject to his provider’s policies).

What we don’t collect

  • No cookies. Nothing to ask permission for, nothing to opt out of.
  • No tracking pixels. No Facebook Pixel, no Google Tag Manager, no Mixpanel, no Hotjar, no Segment, no session replay. Not today, not ever.
  • No Google Analytics. Ever.
  • No behavioral profiling of any kind.
  • No IP logging beyond the short-lived rate-limit described below.

Analytics

The site uses Cloudflare Web Analytics, which is cookieless, aggregated, and attached to no personal identifier. It counts page views and measures whether pages load reasonably fast. We cannot tell from it who visited, where they were, what device they used in any meaningful sense, or whether the same person returned.

Rate limiting

To keep spambots off the contact form, the handler keeps a short-lived counter keyed to the submitter’s IP address — five submissions per hour, auto-expiring after an hour. The counter is stored in Cloudflare KV (a key-value store) and is not used for anything else. Not analytics. Not reporting. Not shared. After an hour, the counter is gone.

Third parties we rely on

  • Cloudflare hosts the site and runs the contact-form handler. Cloudflare’s infrastructure logs show HTTP status codes and timing for diagnostic purposes; they do not log form contents.
  • Resend delivers the email from the site to Rocky’s inbox. Resend’s logs show delivery status (accepted, bounced, etc.); they retain the message bodies only briefly for deliverability diagnostics.

Neither Cloudflare nor Resend has signed a HIPAA Business Associate Agreement with Rocky Ridge Counseling. The public contact form is explicitly scoped to not collect Protected Health Information (PHI) — the architectural solution to HIPAA exposure on the public site, not a gap.

Clinical intake happens privately after the consultation call, on Rocky’s Google Workspace with a signed Business Associate Agreement. The public website never handles intake-level data.

Your rights

  • To know what Rocky has on file about you: email the practice inbox and ask.
  • To request deletion of what’s in his inbox: same address, same request.
  • To get this policy in another format: say so in an email; Rocky will send it.

Changes to this policy

Material changes (new third-party, new collection, new retention) bump the Last updated stamp at the top of this page and — when meaningful — get a note in the commit message. Minor corrections (typos, clarification of existing behavior) bump the date without separate announcement.

§ Free consultation

A fifteen-minute call to see if we're a fit.

No forms upfront, no pressure — just a short conversation about what's bringing you in, and whether working together makes sense.

  • Free. No charge, no commitment.
  • Brief. Fifteen minutes by phone or video.
  • No pressure. If I'm not the right fit, I'll help you find someone who is.

Your contact info.

On privacy — we only collect contact details here. Please hold any health or personal questions for our call, where we can discuss them securely.