Legal

Privacy Policy

How we handle information on this website and in the client portal — and the choices you have.

Effective Date: June 10, 2026

Who We Are & What This Policy Covers

The Outpost is a private therapy practice owned and operated by Madison, a Licensed Clinical Social Worker (LCSW) in Utah. This policy describes how we handle information on our public website and in the secure client portal used by clients of the practice.

Health information created or received in the course of your care is protected health information and is additionally governed by our HIPAA Notice of Privacy Practices. Where that notice and this policy differ regarding health information, the notice controls.

Information We Collect on the Public Website

You can browse the public pages of this site without creating an account or providing any personal information. We do not use analytics services, advertising networks, or tracking technologies on this website.

Like most websites, our web server keeps standard access logs — the IP address of the visiting device, the date and time, and the page requested. We use these logs solely for security monitoring and operating the site.

Cookies

We do not use cookies for tracking or advertising. The public pages of this website set no cookies of their own, with one exception: the embedded Cal.com scheduler on the booking page may set its own cookies, which are governed by Cal.com’s privacy policy. The client portal sets essential session cookies that keep you signed in while you use it; these are HttpOnly (not readable by scripts), restricted to this site, and used only for authentication.

Scheduling (Cal.com)

Our booking page embeds a scheduling tool provided by Cal.com. Information you enter there — such as your name, email address, and appointment details — is processed by Cal.com under its own privacy policy. We receive the booking details you submit so we can hold your appointment.

Email Communications

If you email us at hello@outpostonlinetherapy.com, we use your message and contact details to respond, typically within 1–2 business days. Standard email is not a secure channel — please don’t include detailed health information in an email. Once you are a client, the portal’s secure messaging is the better way to reach us between sessions.

The Client Portal & Your Health Information

Clients of the practice may be invited to a secure portal for intake forms, session summaries, assessments, and messaging. Information in the portal is encrypted in transit (HTTPS/TLS) and at rest (AES-256-GCM), portal accounts exist only for you and your therapist, and every access to clinical records is recorded in a tamper-resistant audit log.

Your rights regarding health information — including access, copies, amendments, and restrictions — are described in the HIPAA Notice of Privacy Practices.

Data Retention

Clinical records are retained for at least 7 years, as required by professional and legal record-keeping obligations. Audit logs of access to clinical records are retained for compliance purposes.

Your Rights & Choices

  • You may request access to, or a copy of, your records — the practice can provide a complete electronic export.
  • You may ask us to correct information that is inaccurate.
  • You may contact us at hello@outpostonlinetherapy.com with any question about how your information is handled.

Rights specific to health information are described in the HIPAA Notice of Privacy Practices.

Children’s Privacy

Our services and this website are intended for adults 18 and older. We do not knowingly collect information from children.

Changes to This Policy

If we change this policy, we will post the updated version on this page with a new effective date.

Contact Us

Questions about this policy can be sent to hello@outpostonlinetherapy.com.