🔒 Privacy Policy & Notice at Collection (Guiding Light ABA)

1. Scope

This Privacy Policy describes how Guiding Light ABA ("Guiding Light," "we," "our") collects, uses, and discloses Personal Information ("PI") of:

• visitors to guidinglightaba.com,
• prospective clients, clients, and their parents/guardians, and
• employees and job applicants.

It incorporates our CCPA/CPRA Notice at Collection (§ 3) and HIPAA Notice of Privacy Practices (§ 11).

2. Key Definitions

• Personal Information (PI): data that identifies, relates to, describes, or could reasonably be linked to a particular consumer or household.
• Sensitive PI: health data, precise geolocation, child information, etc. (Cal. Civ. Code §1798.140).
• Sell/Share: as defined by California law; we do not sell or share PI for cross‑context behavioral advertising.

3. Notice at Collection (CPRA‑Required)

We do not collect Social Security numbers, driver's‑license IDs, or precise location.

4. Why We Use PI

• Provide ABA assessment and therapy
• Verify insurance coverage and submit claims
• Schedule sessions and send reminders
• Improve the Site and services
• Comply with legal obligations

5. Disclosure of PI

We may disclose PI to:

• ABA therapists and supervisors under HIPAA "minimum necessary" rules
• Insurance companies and billing vendors
• Cloud‑service or analytics providers (under written data‑processing agreements)
• Government agencies or courts when required by law

We do not sell PI or share it for cross‑context behavioral advertising.

6. Cookies & Tracking

The Site uses first‑party cookies for authentication and analytics (Google Analytics 4 with IP‑anonymization). You can manage cookies in your browser settings.

7. Your California Privacy Rights

You may, once every 12 months, request to:

• Know the categories or specific PI we collected,
• Access and obtain a copy,
• Correct inaccurate PI,
• Delete PI (subject to legal retention),
• Port PI (transfer it),
• Limit use/disclosure of Sensitive PI, and
• Opt‑out of sale/share (not applicable but available).

We will not discriminate against you for exercising your rights.

Submitting a Request

• Webform: /privacy-request
• Email: contact@guidinglightaba.com
• Phone: 310‑894‑5397

We will verify your identity (and, for minors, your legal guardianship) before fulfilling a request.

8. Children's Privacy

We do not knowingly collect PI directly from children under 13 online. Parents/guardians provide any necessary PI during intake. If you believe a child has provided PI without consent, contact us immediately.

9. Data Security

We employ TLS 1.3 encryption, role‑based access, and HIPAA‑compliant hosting (SOC 2 Type II). No system is 100% secure; please notify us of any suspected breach.

10. Data Retention & Destruction

Client health records are retained per California Business & Professions Code § 4993 (minimum 7 years after discharge or, for minors, 7 years after the client turns 18). Non‑health PI is retained only as long as necessary for our purposes or legal obligations, then securely destroyed or de‑identified.

11. HIPAA Notice of Privacy Practices

Because we provide healthcare services, protected health information ("PHI") is governed by HIPAA. Our separate HIPAA Notice explains:

• Your right to access, amend, or restrict PHI,
• How we may use/disclose PHI for treatment, payment, and operations, and
• How to file a privacy complaint with the U.S. Dept. of Health and Human Services.

12. Changes to This Policy

We may update this Policy periodically. Material changes will be posted at least 30 days before they take effect.

13. Contact Us

Guiding Light ABA – Privacy Office

☎ 310‑894‑5397 ✉ contact@guidinglightaba.com