Four Seasons Therapy & Wellness logo
Four Seasons Therapy & Wellness

Privacy Policy

Last updated: March 23, 2026

Who We Are

Four Seasons Therapy & Wellness is a licensed mental health practice. This website collects intake information to prepare for your sessions. We take the privacy and security of your health information seriously and comply with the Health Insurance Portability and Accountability Act (HIPAA).

What Information We Collect

When you complete an intake form on this site, we collect the information you provide, including your name, phone number, and responses to clinical questions. We do not collect information beyond what you enter into the forms.

How We Protect Your Information

  • Encryption in transit: All data sent between your device and our servers is encrypted using TLS (the same technology banks use). No one can read your information while it travels over the internet.
  • Encryption at rest: Your responses are encrypted when stored on our servers. Even if someone gained access to the storage, they could not read your data without the encryption keys.
  • Access controls: Only your practitioner and authorized staff can view your submitted information. Access is authenticated and logged.
  • Audit logging: We keep records of who accesses your data and when, as required by HIPAA.
  • No third-party sharing:We do not sell, share, or provide your health information to advertisers, data brokers, or any unauthorized third party. Where a HIPAA-compliant data processor is used to assist your practitioner (see “AI-Assisted Clinical Support” below), that processing occurs under a Business Associate Agreement (BAA) with the same legal obligations that apply to the practice itself.
  • Secure infrastructure: Our systems are hosted on HIPAA-compliant cloud infrastructure with industry-standard security controls.

AI-Assisted Clinical Support

To help your practitioner prepare for sessions, select intake responses may be processed by a self-hosted AI model running on Phala Network’s RedPill infrastructure. This processing is subject to the following safeguards:

  • Hardware-isolated execution:All inference runs inside GPU-level Trusted Execution Environments (TEEs) on NVIDIA H100/H200 processors secured by Intel TDX. Your data is encrypted in memory and physically inaccessible to the host operating system, cloud operator, or any Phala employee — not by policy, but by hardware design.
  • Encryption at every stage:Data is protected by full-stack AES-GCM encryption from network entry through GPU processing. This extends HIPAA’s encryption requirements beyond data at rest and in transit to include data in active use — a standard that exceeds conventional cloud security.
  • Zero data retention: All prompts, responses, and intermediate computations are cryptographically erased immediately upon completion of each request. No conversation history, training data, or archives are ever stored. Your data cannot be recovered after processing.
  • Cryptographic attestation:Every interaction produces a verifiable attestation proof — a hardware-signed certificate confirming that the model ran inside a genuine, untampered TEE. This is independently auditable and provides mathematical, not merely contractual, proof of data isolation.
  • SOC 2 Type I & HIPAA certified: Phala Network has achieved SOC 2 Type I certification and HIPAA compliance through independent audit, with continuous attestation verification of security controls.
  • Personal details are stripped before processing: Before any submission data reaches the AI model, personally identifying information (name, contact details, and other demographic fields) is removed. The model receives only de-identified clinical responses.
  • No model training on your data: Your information is never used to train, fine-tune, or improve any AI model. Processing is strictly one-way and ephemeral.

This processor operates under a Business Associate Agreement (BAA) that binds it to the same confidentiality, security, and breach-notification obligations required of the practice under HIPAA. In the event of any security incident, you will be notified in accordance with HIPAA’s Breach Notification Rule.

Your Rights Under HIPAA

As a client, you have the right to:

  • Request a copy of the health information we hold about you.
  • Request corrections to your health information if you believe it is inaccurate.
  • Request an accounting of who has accessed your information.
  • Request restrictions on how your information is used or disclosed.
  • File a complaint if you believe your privacy rights have been violated.

Cookies & Analytics

This site does not use tracking cookies, advertising pixels, or third-party analytics. We do not track your browsing behavior across other websites.

Data Retention

We retain your health information in accordance with state and federal regulations governing medical records. You may request deletion of your information by contacting your practitioner directly.

Your Consent

By accessing or using this website, including submitting any intake form, you acknowledge that you have read, understood, and agree to this Privacy Policy and our Terms of Use. If you do not agree with any part of these policies, please do not use this site or submit any information through it.

Contact

If you have questions about this privacy policy or how your information is handled, please contact your practitioner directly through the contact information provided during your intake process.