Privacy Policy

Dr. Katiuscia Mercogliano ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our online therapy services. We are the data controller for your personal information and are committed to complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

**Personal Information:** • Full name and contact details (email, phone number) • Date of birth and demographic information • Emergency contact information **Medical Information:** • Current health concerns and symptoms • Medical history and current medications • Mental health information and therapy goals • Previous therapy or treatment history • Information about substance use (if applicable) **Technical Information:** • IP address and browser information • Session data and cookies • Payment transaction data (processed securely by PayPal) **Communication Records:** • Therapy session recordings (with explicit consent) • Email communications • Appointment scheduling data

We process your personal data based on: • **Consent:** For therapy services and communications • **Contract:** To fulfill our therapy service agreement • **Legitimate Interest:** For administrative purposes and service improvement • **Legal Obligation:** For record-keeping requirements in healthcare

• Provide online therapy services • Schedule and manage appointments • Maintain therapy session records • Process payments securely • Communicate about your treatment • Comply with professional and legal obligations • Improve our services (anonymized data only)

We implement industry-standard security measures: • **AES-256 encryption** for all medical data storage • **Secure HTTPS connections** for all communications • **Access controls** limiting data access to authorized personnel only • **Regular security audits** and vulnerability assessments • **Encrypted backups** with secure storage • **Two-factor authentication** for admin access

• **Active therapy records:** Retained for the duration of treatment plus 7 years • **Medical information:** Retained for 10 years after last contact (professional requirement) • **Financial records:** Retained for 7 years (legal requirement) • **Communication logs:** Retained for 3 years • **Technical logs:** Retained for 1 year Data is securely deleted after retention periods expire.

We may share limited information with: • **PayPal:** For secure payment processing • **Google Workspace:** For calendar management and secure email • **Hosting providers:** For secure data storage (encrypted) All third parties are bound by strict data protection agreements and GDPR compliance.

You have the right to: • **Access** your personal data • **Rectify** inaccurate information • **Erase** your data (with limitations for medical records) • **Restrict** processing of your data • **Data portability** (receive your data in a structured format) • **Object** to certain processing activities • **Withdraw consent** at any time To exercise these rights, contact us using the information below.

For privacy concerns or data requests: **Dr. Katiuscia Mercogliano** Email: privacy@doctorktherapy.com Address: [Professional Address] **Data Protection Officer:** privacy@doctorktherapy.com We will respond to all requests within 30 days as required by GDPR.