Privacy Policy
Your privacy and the security of your personal health information are our top priorities. This Privacy Policy explains how Pro ESA Letter collects, uses, protects, and shares your information in compliance with HIPAA and other privacy regulations.
Quick Navigation
Our Commitment to Your Privacy
Pro ESA Letter is committed to protecting your privacy and the confidentiality of your personal and health information. As a provider of emotional support animal letter services through licensed mental health professionals, we adhere to strict privacy standards, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
This Privacy Policy applies to all information collected through our website proesaletter.com, our telehealth platform, and all related services. By using our services, you consent to the data practices described in this policy.
1. Overview & Scope
1.1 Policy Application
This Privacy Policy applies to all users of Pro ESA Letter services, including website visitors, evaluation applicants, clients, and individuals who interact with our platform in any capacity.
1.2 Service Description
Pro ESA Letter provides telehealth evaluations for emotional support animal letters through a network of licensed mental health professionals. Our services involve the collection and processing of personal health information (PHI) as defined by HIPAA.
1.3 Legal Framework
We operate in compliance with multiple privacy frameworks:
- Health Insurance Portability and Accountability Act (HIPAA)
- California Consumer Privacy Act (CCPA) and CPRA
- General Data Protection Regulation (GDPR) for EU residents
- State-specific privacy laws where applicable
Important Legal Notice
This Privacy Policy is incorporated into and subject to our Terms of Service. By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.
2. Information We Collect
2.1 Personal Information Collected
We collect various types of information to provide our services effectively:
| Information Type | Examples | Purpose |
|---|---|---|
| Identification Information | Full name, date of birth, address, email, phone number | Account creation, service delivery, communication |
| Health Information (PHI) | Mental health history, symptoms, treatment information | Clinical evaluation, ESA letter determination |
| Payment Information | Billing address, payment method (processed securely via third-party) | Service payment processing |
| Animal Information | Pet type, breed, age, training details | ESA documentation, accommodation requests |
| Technical Information | IP address, browser type, device information | Security, analytics, service improvement |
| Communication Information | Emails, chat transcripts, call recordings | Customer support, quality assurance |
2.2 How We Collect Information
Information is collected through various methods:
Protected Health Information (PHI)
All health information collected during evaluations is considered Protected Health Information (PHI) under HIPAA. This information receives the highest level of protection and is only accessible to authorized personnel and the licensed mental health professional conducting your evaluation.
3. HIPAA Compliance & Health Information
3.1 Our HIPAA Commitment
Pro ESA Letter operates as a HIPAA-compliant entity. We maintain appropriate administrative, physical, and technical safeguards to protect the privacy and security of your Protected Health Information (PHI).
3.2 Business Associate Agreements
We enter into Business Associate Agreements (BAAs) with all third-party service providers who may have access to PHI, including:
- Our network of licensed mental health professionals
- Electronic health record (EHR) system providers
- Secure communication platform providers
- Technical support vendors with PHI access
3.3 Minimum Necessary Standard
We adhere to the HIPAA "Minimum Necessary" standard, ensuring that only the minimum amount of PHI necessary to accomplish the intended purpose is accessed, used, or disclosed.
3.4 Authorizations & Consents
We obtain explicit written authorization for:
- Collection and use of PHI for evaluation purposes
- Disclosure of PHI to third parties (when required)
- Use of PHI for treatment, payment, and healthcare operations
- Any uses not otherwise permitted by HIPAA
Notice of Privacy Practices
As a HIPAA-covered entity, we provide a separate Notice of Privacy Practices that specifically addresses how we use and disclose your Protected Health Information. This document is provided to all clients during the evaluation process and is available upon request.
4. How We Use Your Information
4.1 Primary Uses
We use collected information for the following primary purposes:
- To conduct telehealth evaluations with licensed mental health professionals
- To determine eligibility for emotional support animal letters
- To generate and provide legitimate ESA documentation
- To communicate with you about your evaluation and services
- To process payments for services rendered
- To provide customer support and address inquiries
- To maintain and improve our services and website
- To comply with legal and regulatory requirements
4.2 Secondary Uses
With appropriate consent, we may use information for:
- Quality improvement and service enhancement
- Training and supervision of mental health professionals
- Research and statistical analysis (de-identified data only)
- Marketing and service updates (with opt-out options)
4.3 Data Sharing & Disclosure
We may disclose your information in the following circumstances:
No Sale of Personal Information
Pro ESA Letter does not sell, rent, or trade your personal information or Protected Health Information to third parties for marketing or other purposes. We only share information as described in this policy or with your explicit consent.
5. Data Security & Protection
5.1 Security Measures
We implement comprehensive security measures to protect your information:
- End-to-end encryption for all data transmission
- Secure servers with firewall protection
- Regular security audits and vulnerability assessments
- Access controls and authentication protocols
- Employee training on data privacy and security
- Physical security measures for data centers
- Regular data backup and disaster recovery planning
5.2 Technical Safeguards
Our technical security measures include:
- 256-bit SSL encryption for all web communications
- Encrypted database storage for sensitive information
- Multi-factor authentication for administrative access
- Regular security patch updates
- Intrusion detection and prevention systems
- Secure API integrations with third-party services
5.3 Administrative Safeguards
We maintain administrative controls including:
- Regular privacy and security training for all staff
- Designated privacy and security officers
- Incident response and breach notification procedures
- Regular policy review and updates
- Vendor management and due diligence
Your Role in Security
While we implement robust security measures, you also play a role in protecting your information. We recommend using strong, unique passwords for your account, enabling two-factor authentication when available, keeping your login credentials confidential, and logging out of shared devices.
6. Your Privacy Rights
6.1 Access & Correction Rights
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your personal information (with certain exceptions)
- Obtain a copy of your information in a portable format
- Opt-out of marketing communications
- Withdraw consent for data processing (where applicable)
6.2 HIPAA-Specific Rights
Under HIPAA, you have additional rights regarding your Protected Health Information:
- Right to request restrictions on certain uses and disclosures
- Right to receive confidential communications
- Right to inspect and copy your health information
- Right to amend your health information
- Right to receive an accounting of disclosures
- Right to obtain a paper copy of the Notice of Privacy Practices
6.3 California Privacy Rights (CCPA/CPRA)
California residents have additional rights under CCPA/CPRA:
- Right to know what personal information is collected and how it's used
- Right to delete personal information collected from you
- Right to opt-out of the sale or sharing of personal information
- Right to non-discrimination for exercising privacy rights
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information
6.4 Exercising Your Rights
To exercise your privacy rights, please contact us using the information in Section 9. We will respond to your request within the timeframes required by applicable law and may need to verify your identity before processing certain requests.
Response Timeframes
We typically respond to privacy requests within 30 days as required by most privacy laws. For complex requests or requests involving large amounts of data, we may extend this timeframe as permitted by law. We will notify you if an extension is necessary.
7. Cookies & Tracking Technologies
7.1 Types of Cookies Used
We use various types of cookies and tracking technologies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality and security | Session or persistent |
| Performance Cookies | Analytics to improve website performance | Up to 2 years |
| Functionality Cookies | Remember preferences and settings | Up to 1 year |
| Marketing Cookies | Targeted advertising (with consent) | Up to 1 year |
7.2 Cookie Management
You can control cookies through your browser settings:
- Most browsers allow you to refuse cookies or alert you when cookies are being sent
- You can delete cookies already stored on your device
- Blocking cookies may affect website functionality
- We provide a cookie consent banner for non-essential cookies
7.3 Do Not Track Signals
Some browsers offer a "Do Not Track" feature. We currently do not respond to Do Not Track signals as there is no standard for how to respond to these signals. However, we provide other privacy controls as described in this policy.
Analytics & Third-Party Services
We use analytics services like Google Analytics to understand how users interact with our website. These services may collect information about your use of our site, which they may combine with information from other sites you've visited. You can opt-out of Google Analytics through their opt-out browser add-on.
8. Policy Updates & Changes
8.1 Update Process
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Provide notice on our website before changes take effect
- Notify registered users via email for significant changes
- Obtain consent when required by applicable laws
8.2 Review Frequency
We review this Privacy Policy at least annually, or more frequently as needed to ensure compliance with changing laws and regulations.
8.3 Your Continued Use
Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue using our services.
Version History
We maintain a version history of our Privacy Policy. Previous versions are available upon request. Material changes are archived for transparency and compliance purposes.
Contact Our Privacy Team
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer using the information below.
Privacy Officer
Attn: Privacy Officer
Phone
+1 234 445 786Mailing Address
1234 Main Street, Suite 200
Los Angeles, CA 90012
Response Time: We aim to respond to all privacy inquiries within 48 business hours.