PRIVACY POLICY: HEAD 2 TOE STRENGTH

Effective Date: April 14, 2026

At Head 2 Toe Strength, we believe your privacy is a prerequisite for healing. Because our practice integrates Clinical Exercise Physiology and Licensed Psychotherapy, we handle highly sensitive information. This policy outlines our commitment to protecting your data under California law and clinical best practices.

01. THE TWO CATEGORIES OF DATA

We distinguish between the data collected by our website and the data collected during your clinical care.

  • Website Data: Includes "cookies," IP addresses, and usage data collected by Squarespace to improve site performance.

  • Protected Health Information (PHI): Includes your medical history, trauma history, lab results, and clinical notes. We treat PHI with the highest level of legal and ethical confidentiality.

02. CLINICAL DATA & HIPAA COMPLIANCE

Unlike standard fitness businesses, we use medical-grade infrastructure to protect your identity.

  • Secure Storage: All clinical records, intake forms, and health histories are stored exclusively within Practice Better, a HIPAA-compliant, encrypted Electronic Health Record (EHR) system.

  • No Third-Party Access: We do not store your clinical data on standard cloud drives (Google Drive/iCloud) or local hard drives.

  • Restricted Access: Your clinical files are only accessible to Bethany Busch, MS, CSCS, ACSM-EP and Auria Zahed, MS, LMFT for the purpose of facilitating your integrated care.

03. PSYCHOTHERAPY & CALIFORNIA CONFIDENTIALITY

Records regarding mental health services provided by Auria Zahed, MS, LMFT, are subject to heightened protection under the California Confidentiality of Medical Information Act (CMIA).

  • Therapy notes are kept separate from general exercise physiology notes.

  • Information will not be disclosed to any third party (including family members or other clinicians) without your explicit, written Authorization to Release Information, except where mandated by law (e.g., suspected abuse or imminent danger).

04. THE PRIVATE PAY PRIVACY ADVANTAGE

Because Head 2 Toe Strength is a Private Pay practice, your data is shielded from insurance companies.

  • No Mandatory Reporting: We do not submit your diagnoses, treatment plans, or "burden of proof" documentation to third-party adjusters.

  • Confidential Records: Your clinical journey remains a private matter between you and your providers, never entering the massive databases of insurance conglomerates.

05. SHARING & DISCLOSURE

  • Service Providers: We share limited "Website Data" with service providers (e.g., Stripe for payments, Squarespace for hosting). These providers are contractually prohibited from using your data for any other purpose.

  • No Selling of Data: We do not sell, rent, or trade your personal or clinical information to any third party, including data brokers or marketing firms.

06. YOUR RIGHTS (CCPA & CLINICAL RIGHTS)

Under the California Consumer Privacy Act (CCPA) and clinical ethics, you have the right to:

  1. Access: Request a copy of your clinical records at any time.

  2. Correction: Request amendments to any inaccurate clinical information.

  3. Deletion: Request the deletion of non-clinical "Website Data." (Note: California law requires us to retain clinical records for a specific period, typically 7 years).

  4. Revocation: Withdraw your consent for any data-sharing at any time.

07. DATA SECURITY

We employ administrative, technical, and physical safeguards, including 256-bit encryption and multi-factor authentication, to protect your information. While no system is 100% impenetrable, our reliance on Practice Better ensures your data is protected by industry-leading security protocols.

08. CONTACT INFORMATION

For questions regarding your privacy or to exercise your data rights, please contact: Head 2 Toe Strength Attn: Clinical Director 23011 Moulton Pkwy Ste E5, Laguna Hills, CA 92653