Last updated: [May, 2026]

This is the policy for how this website (marahpinnolis.com) and my therapy practice (Marah Pinnolis, LICSW, MEd, PMH-C) collect, use, and protect your information. I've tried to write it in plain language. If anything is unclear, send me a note and I'll explain it.

What information I collect

When you visit this website, I collect very little: standard analytics data (the page you visited, the type of device you used, the general region you visited from). This is collected through Squarespace's built-in analytics and doesn't identify you personally.

When you contact me — by email, or by phone — I collect the information you choose to share: your name, your email address, your phone number, and whatever you decide to write in your message.

I do not use cookies for advertising, and I don't share your information with advertisers, ever. This site is not monetized through ads or third-party tracking.

What I do with that information

If you reach out to inquire about therapy, I use your contact information to respond to you and to schedule a consultation call. That's it.

If we begin working together as a clinical client, your information becomes part of your clinical record and is governed by HIPAA — the federal Health Insurance Portability and Accountability Act. I'll go through the specifics of HIPAA with you in our first session, including what's confidential, what's not, and the specific limits to confidentiality (such as mandatory reporting). You'll also receive a written Notice of Privacy Practices that explains your rights as a client.

If you don't end up becoming a client, your inquiry information stays on file for a reasonable period in case you reach out again, and is then deleted.

Email and phone are not secure

I want to be upfront about this: email and unencrypted phone calls are not fully secure forms of communication. I'd ask that you not share specific clinical or sensitive details over either channel before our first session — and I won't either.

Who I share information with

For website visitors: nobody. The only third party that processes your visit data is Squarespace (the company that hosts this site), and they're bound by their own privacy commitments.

For clinical clients: nobody, with the specific exceptions required by law (mandatory reporting situations, court-ordered disclosure, or imminent risk to safety) or expressly authorized by you (for example, if you ask me to coordinate with a psychiatrist or another provider). I'll always discuss any clinical communication with you before it happens.

Your rights

You can ask me at any time what information I have about you, and I'll tell you. You can ask me to delete your information, and I will — with one exception: clinical records are required by Massachusetts law to be retained for a specified period after your last session, even if you ask for deletion. I'll explain this if it comes up.

Children's privacy

This site and this practice are not directed at children under 13. I don't knowingly collect information from anyone under 13.

Changes to this policy

If I update this policy, I'll change the "Last updated" date at the top. Material changes will be flagged at the top of the page.

Contact

If you have questions about this policy or about your information, reach out. I'm happy to talk it through.