Privacy

Consumer Health Data Privacy Policy

How I handle health-related information from website visitors, under Washington's My Health My Data Act.

Effective May 31, 2026. This is a separate policy from the clinical HIPAA Notice of Privacy Practices, which governs the protected health information of established clients.

This is the Consumer Health Data Privacy Policy for matthewsorg.com under Washington's My Health My Data Act (MHMDA), RCW 19.373. It describes how Epoché Psychotherapy, PLLC ("I," Matthew Sorg, MA, LMHC) handles consumer health data collected through this website from visitors who are not yet clients.

Scope

This policy does not cover the protected health information (PHI) of established clients. Once you become a client, your health information is governed by HIPAA and my Notice of Privacy Practices — MHMDA exempts HIPAA-regulated PHI. This policy fills the gap: information collected from website visitors before a therapy relationship exists.

"Consumer health data" means personal information linked to you that identifies your past, present, or future physical or mental health status — which, on a mental-health-therapy website, can include the simple fact that you contacted a trauma therapist or browsed these pages.

1. Categories of consumer health data I collect, and why

Inquiry information — your name, email, optional phone number, and the content of the message you send — through the website contact form when intake is open, or by emailing or calling me directly (the current method while new-client intake is closed). I use it to respond to your inquiry and, if you choose, to begin a conversation about services. The fact that you contacted a therapy practice is itself health-related.

Website usage / device data — pages viewed, approximate (typically city-level) location derived from IP address, and browser type, as recorded in standard hosting logs and aggregated server-side by my hosting provider. I use it to operate, secure, and improve the website and to understand which information is useful. No analytics script runs in your browser, no analytics cookie or identifier is set, and nothing records names or email addresses unless you enter them into a form.

I collect only what is needed for these purposes. I do not use this data for targeted advertising, and I do not sell it.

2. Categories of sources

3. Categories of consumer health data I share

Contact-form information is shared only with the service providers that operate the form and my communications (listed in section 4). Website usage / device data is processed only by the hosting provider listed in section 4.

I do not share consumer health data with advertisers, data brokers, or for any party's marketing. I do not sell consumer health data, and I will not collect, use, or share it for any purpose not described here without first getting your affirmative consent.

4. Third parties and affiliates I share with

I have no corporate affiliates. I share consumer health data only with the following service providers (processors), who may use it only to perform services for me:

I may also disclose information if required by law (for example, valid legal process) or to protect safety.

5. Your rights, and how to exercise them

Under MHMDA (RCW 19.373.040) you have the right to:

To exercise any of these, contact me at matt@matthewsorg.com or (206) 580-4841. Before acting on a request, I will take reasonable steps to verify your identity and will handle it through a secure channel; I will not require you to create an account to make a request. I will respond within the time the law requires (generally 45 days, extendable once). If I deny your request, you may appeal by replying to my decision; if the appeal is denied, you may contact the Washington State Attorney General at www.atg.wa.gov/file-complaint. I will not discriminate against you for exercising any of these rights.

Your other choices

The site sets no analytics, advertising, third-party tracking, or social-media cookies — visitor counting happens server-side from hosting logs, so nothing runs in your browser and there is nothing to block or opt out of. Standard browser privacy modes work normally. The site uses no behavioral tracking, retargeting pixels, social-media tags, or session-recording tools.

Changes to this policy

If I change the categories of data, purposes, sources, sharing, or processors, I will update this policy before the new practice takes effect and obtain your consent where the law requires it. Substantive changes are posted here with a new effective date. Most recent substantive change: June 10, 2026 — in-browser analytics (Google Analytics) removed entirely in favor of server-side measurement by the hosting provider.

Contact

Epoché Psychotherapy, PLLC · Matthew Sorg, MA, LMHC
226 Summit Ave E, Office B-03, Seattle, WA 98102
(206) 580-4841 · matt@matthewsorg.com