Lizanne ChisholmLicensed Professional Counselor

Privacy Policy

Your privacy matters — here's what we collect and why.

Last updated: April 24, 2026

This policy describes how Lizanne Chisholm, LPC (the "Practice," "we," or "us") collects and uses information gathered through lizannechisholm.com. Protected Health Information collected during counseling services is governed by a separate HIPAA Notice of Privacy Practices provided at intake.

Scope of this policy

This policy covers information collected through this website — contact forms, the secure intake, scheduling requests, and analytics. It does not cover clinical records, session notes, or other Protected Health Information ("PHI") created during therapy; those are protected under HIPAA and described in the separate Notice of Privacy Practices you receive when you begin services.

Information we collect

We collect the following categories of information:

  • Contact details: name, email, phone number, and the content of messages you send through the contact form.
  • Intake information: health history, insurance/payment preferences, emergency contact, and any clinical information you provide through the secure intake form. This is PHI and is handled under HIPAA once submitted.
  • Payment information: session deposits and fees are processed through Stripe. We do not store full card numbers; Stripe holds that data directly.
  • Site usage: basic analytics such as pages visited, browser type, approximate region, and referring site. This is used to improve the site.
  • Cookies: essential cookies (to keep admin sessions secure) and, if enabled, anonymous analytics cookies. You can block non-essential cookies in your browser without affecting site function.

How we use information

  • Respond to inquiries and schedule appointments.
  • Complete intake, consent, and billing for counseling services.
  • Send appointment confirmations, receipts, and care-related communications.
  • Maintain the security of the website and admin dashboard.
  • Understand site performance and improve content and accessibility.
  • Comply with legal and professional obligations (including mandated reporting, court orders, and ethical requirements for Michigan LPCs).

Who we share information with

We do not sell or rent personal information. We share information only with the service providers we rely on to operate the practice, and only to the extent necessary:

  • Stripe — payment processing for deposits and session fees.
  • Zoho ZeptoMail / Zoho Mail — transactional email (receipts, intake confirmations) and practice email. A Business Associate Agreement (BAA) is in place for services that touch PHI.
  • Database hosting — encrypted storage of intake records and scheduling data with a HIPAA-eligible provider under BAA.
  • Vercel — website hosting and deployment. Vercel does not receive PHI in the clear; sensitive data is stored with the database provider above.
  • Legal and safety disclosures — where required by law, court order, or to prevent imminent harm (in line with Michigan LPC ethics).

Note: the exact list of subprocessors can change. Material changes will be reflected in the "Last updated" date above.

HIPAA and clinical records

Clinical records created during counseling — intake answers, session notes, treatment plans, assessments — are Protected Health Information (PHI) and are governed by HIPAA. When you begin services you will receive a separate HIPAA Notice of Privacy Practices that explains your rights in detail.

If you have questions about your PHI rights — access, amendments, restrictions, or an accounting of disclosures — please contact the practice directly at contact@lizannechisholm.com.

How we protect information

  • Transport encryption (HTTPS) for all traffic to and from the site.
  • At-rest encryption for the database that stores intake and scheduling records.
  • Access controls and audit logging on the admin dashboard.
  • Least-privilege access for any subprocessors that touch PHI, supported by BAAs where applicable.

No system is perfectly secure. If you believe your information has been affected by a security incident, please contact the practice immediately.

How long we keep information

Clinical records are retained for the period required by Michigan law for licensed mental-health professionals (currently a minimum of seven years after the date of last service, and longer for minors). Website inquiries and analytics data are retained for a shorter period — typically up to two years — unless needed to complete a service or comply with a legal requirement.

Your rights

Depending on where you live, you may have the right to:

  • Access a copy of the information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion, subject to legal record-keeping obligations.
  • Opt out of marketing communications at any time.
  • For PHI specifically, the rights described in the HIPAA Notice of Privacy Practices.

To exercise any of these rights, email contact@lizannechisholm.com.

Children's privacy

This site is not directed at children under 13 and we do not knowingly collect personal information from children through the website. Counseling services for minors are arranged with a parent or legal guardian directly.

Changes to this policy

We may update this policy as the practice evolves. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of the site after an update means you accept the revised policy.

Contact

Questions about this policy can be sent to contact@lizannechisholm.com or through the contact page.

Template note for the practice: this document is a plain-language starting point that reflects your current stack (Stripe, Zoho, Neon, Vercel) and Michigan LPC obligations. Please have it reviewed by legal counsel before treating it as final, and confirm the list of subprocessors here matches your active providers.