top of page

Privacy Policy

A legal disclaimer

 (HIPAA-Compliant)

Last updated: October 2025 | Step Zero Recovery Services, LLC

Your privacy is important to us. This Privacy Policy explains how Step Zero Recovery Services, LLC (“we,” “our,” or “us”) collects, uses, and protects your personal and health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

By using our website or services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect two types of information:

A. Personal and Health Information (Protected Health Information – PHI):
When you become a client, we collect details such as your name, contact information, health history, and treatment information. This information is required to provide safe, ethical, and effective care.

B. Website and Communication Data:
When you visit our website or contact us, we may collect non-clinical data such as:

  • Your email address or phone number (if you reach out through forms or email)

  • Browser type, device type, and general site usage analytics

  • Cookies for basic site functionality and performance tracking

We do not sell or share any personal or health information with third parties for marketing purposes.

2. How We Use Your Information

Your PHI and personal data are used to:

  • Provide counseling, therapy, and case-management services

  • Schedule, bill, and manage appointments

  • Communicate with you about your care

  • Maintain accurate treatment and progress records

  • Comply with federal and state healthcare regulations

3. How We Protect Your Information

We take privacy seriously. Step Zero Recovery uses HIPAA-compliant, encrypted platforms for client records, telehealth sessions, and email communication whenever possible.

All records are password-protected and accessible only to authorized personnel.
No session is recorded or shared without written client consent.

Telehealth Privacy and Safety:
To protect confidentiality, clients must attend telehealth sessions from a private, safe, and stationary location.
Sessions may not be conducted while driving, sitting in a moving vehicle, or engaging in activities that compromise privacy, safety, or focus.
If a session cannot be conducted safely or privately, it may be rescheduled at the clinician’s discretion.

4. Your Rights Under HIPAA

You have the right to:

  • Access and request a copy of your records

  • Request corrections to inaccurate information

  • Request limits on how your information is shared

  • Receive a list of disclosures (who your PHI was shared with)

  • File a complaint if you believe your privacy rights were violated

To exercise any of these rights, email stepzerorecoveryllc@gmail.com.

5. When We May Share Information

We will not share your information without your written consent, except when required or permitted by law.
Examples include:

  • When there is imminent risk of harm to yourself or others

  • Suspected abuse or neglect of a child, elder, or dependent adult

  • Legal requirements (court orders or subpoenas)

  • Public health and safety reporting obligations

In all other cases, written authorization is required before releasing information.

6. Third-Party Services

Our website and telehealth services may use secure third-party platforms such as Wix, SimplePractice, or Formspree for communication and appointment scheduling.
These services are bound by confidentiality agreements and data-protection standards.

7. Cookies and Analytics

Our website may use cookies or similar technologies to improve user experience and monitor site traffic.
You can disable cookies through your browser settings at any time.

8. Data Retention

Client records are maintained in accordance with New Mexico state law — typically for at least seven years after the last date of service — and are then securely deleted or destroyed.

9. Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in our practices or laws. The latest version will always be posted here with an updated date.

Privacy Policy - the basics

Having said that, a privacy policy is a statement that discloses some or all of the ways a website collects, uses, discloses, processes, and manages the data of its visitors and customers. It usually also includes a statement regarding the website’s commitment to protecting its visitors’ or customers’ privacy, and an explanation about the different mechanisms the website is implementing in order to protect privacy. 

 

Different jurisdictions have different legal obligations of what must be included in a Privacy Policy. You are responsible to make sure you are following the relevant legislation to your activities and location. 

What to include in the Privacy Policy

Generally speaking, a Privacy Policy often addresses these types of issues: the types of information the website is collecting and the manner in which it collects the data; an explanation about why is the website collecting these types of information; what are the website’s practices on sharing the information with third parties; ways in which your visitors and customers can exercise their rights according to the relevant privacy legislation; the specific practices regarding minors’ data collection; and much, much more. 


To learn more about this, check out our article “Creating a Privacy Policy”.

bottom of page