Legal

Privacy Policy

Last Updated: May 4, 2026

1. Introduction

Welcome to Cornerstone Therapy. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website hosted on Cloudflare. It should be read alongside our Notice of Privacy Practices, which governs the handling of protected health information in the context of clinical care.

2. Information We Collect

We collect information in the following ways:

  • Device & Log Data: When you visit our site, your browser automatically sends information including your IP address, browser type and version, operating system, referring URLs, and pages visited.
  • Usage Data: The pages of our site that you visit, the time and date of your visit, and the time spent on those pages.
  • Contact Form Submissions: When you use the contact form on our website, we collect the information you provide, which may include your name, email address, phone number, and reason for inquiry. This information is used solely to respond to your message and is not used for marketing without your consent.

3. HIPAA & Protected Health Information

Joseph A. Mancinone is a licensed healthcare provider subject to the Health Insurance Portability and Accountability Act (HIPAA). Any protected health information (PHI) you share — including information discussed during telehealth sessions — is handled in accordance with HIPAA's Privacy and Security Rules.

Our full HIPAA Notice of Privacy Practices, which describes how medical information about you may be used and disclosed and how you can access this information, is provided separately at the start of the therapeutic relationship.

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights at hhs.gov/ocr.

4. Telehealth Services

All therapy sessions are conducted via a HIPAA-compliant telehealth platform. This platform is designed to meet HIPAA security requirements for transmitting and storing protected health information. Video sessions are not recorded without your explicit written consent.

By participating in telehealth services, you acknowledge that the transmission of information via the internet carries inherent risks, and that Joseph A. Mancinone takes all reasonable steps to protect your information within this environment.

5. Third-Party Services & Technologies

We use specific third-party tools to improve site performance, security, and analytics:

A. Cloudflare (Hosting & Security)

Our website is hosted and protected by Cloudflare. In this capacity, Cloudflare acts as a data processor, collecting technical data (such as IP addresses and security headers) to detect threats, mitigate DDoS attacks, and optimize content delivery.

Turnstile: We use Cloudflare Turnstile to protect our forms from spam and bots. Turnstile processes technical signals (such as browser telemetry and IP addresses) to verify legitimate activity without relying on intrusive tracking cookies.

B. Formspark (Contact Form Processing)

Contact form submissions on our website are processed by Formspark, a third-party form backend service. When you submit the contact form, your name, email address, phone number, and reason for inquiry are transmitted to and stored by Formspark for the purpose of delivering your message to us. Formspark does not use your submission data for advertising or sell it to third parties. You can review Formspark's privacy practices at formspark.io.

C. Google Analytics 4 (GA4)

We use Google Analytics to understand how visitors interact with our site. GA4 collects data such as session statistics and approximate geolocation. We do not use GA4 to collect or process protected health information.

Google Analytics may use cookies or similar technologies to track user behavior. You can opt out of this tracking by installing the Google Analytics Opt-out Browser Add-on .

6. How We Use Your Data

We use the collected information to:

  • Respond to consultation requests and inquiries submitted through our contact form.
  • Maintain and monitor the performance of our website.
  • Protect our site from malicious bot activity and fraud.
  • Analyze traffic patterns to improve user experience.

We do not use contact form submissions or health-related information for marketing purposes without your explicit consent.

7. Legal Basis for Processing (Where Applicable)

Depending on your location, applicable data protection laws may include the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), or the Connecticut Data Privacy Act (CTDPA). Where these laws apply, we process your data based on:

  • Legitimate interests: Ensuring site functionality, security, and basic performance monitoring.
  • Consent: Where required by law, we will obtain your explicit consent before placing non-essential cookies on your device.
  • Legal obligation: Where processing is required to comply with applicable law, including HIPAA.

8. Cookies

We use cookies and similar technologies to enhance your experience.

  • Essential Cookies: Required for site security and core functionality (e.g., Cloudflare security features).
  • Analytics Cookies: Used by Google Analytics to help us understand visitor interaction. These are not used to collect health information.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

9. California "Do Not Track" Disclosure

Some web browsers may transmit "Do Not Track" (DNT) signals. Our website does not currently respond to DNT browser headers. We continue to monitor the development of industry standards for how these signals should be interpreted.

10. Data Sharing & Retention

  • Sharing: We share information with trusted third-party service providers — including Cloudflare (hosting and security), Formspark (contact form processing), and Google (analytics) — strictly for the purposes described in this policy. We do not sell, trade, or rent your personal data. Any sharing of protected health information is governed by HIPAA and our Notice of Privacy Practices.
  • Retention: We retain collected data only as long as necessary for the purposes described in this policy. Clinical records are retained in accordance with Connecticut state law and HIPAA requirements, unless a longer period is required by law.

11. Data Security

We implement industry-standard security measures provided by our hosting environment (Cloudflare) to protect your data. Health information shared through telehealth services is transmitted using HIPAA-compliant encryption. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Your Rights

Depending on your location — including the EU/UK under GDPR, California under CCPA/CPRA, or Connecticut under the CTDPA — you may have the right to:

  • Access, correct, or request deletion of your personal data.
  • Object to or restrict certain processing activities.
  • Request a portable copy of your data.
  • As a patient, access or request amendments to your health records under HIPAA (as described in our Notice of Privacy Practices).

To exercise these rights, please contact us at mancinonelmft@hushmail.com.

13. Changes & Contact

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

Contact Us:
Joseph A. Mancinone
mancinonelmft@hushmail.com
https://cornerstonetherapyct.com