Colorado Service Animals
HomeHow It WorksPricingFAQAboutContact

Privacy Policy

How Colorado Service Animals collects, uses, and safeguards your personal and protected health information.

Effective date: May 1, 2026 · Last updated: May 1, 2026

1. Information We Collect2. How We Use Your Information3. HIPAA Compliance4. When We Share Information5. Data Security & Storage6. Your Rights7. Cookies & Analytics8. Data Retention9. Minors10. International Users11. Changes to This Policy12. Contact Us

1. Information We Collect

  • Account details — name, email, phone, postal address, date of birth, and Colorado residency confirmation.
  • Clinical intake — answers you provide in our screening, mental-health history, and current functional impacts.
  • Protected Health Information (PHI) — clinician notes, evaluation outcomes, and your signed ESA/PSD letter.
  • Payment data — processed and stored by our PCI-DSS Level 1 payment processor; we never see your full card number.
  • Technical data — IP address, browser, device, and pages visited (used only for security and aggregate analytics).

2. How We Use Your Information

  • To match you with a Colorado-licensed clinician for your evaluation.
  • To produce, deliver, and verify your ESA or PSD letter.
  • To process payments and apply refunds when applicable.
  • To communicate appointment reminders and renewal notices.
  • To meet legal, regulatory, and HIPAA-required record-keeping obligations.

3. HIPAA Compliance

  • We are a HIPAA-covered entity. All Protected Health Information is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Only your assigned clinician and authorized administrative staff have access to your case.
  • All access is logged and auditable.
  • We maintain a separate HIPAA Notice of Privacy Practices — see our HIPAA page for the full text.

4. When We Share Information

  • With your assigned Colorado-licensed clinician, for the sole purpose of your evaluation.
  • With your landlord, college, or HOA — only when you authorize a verification call.
  • With our HIPAA-compliant subprocessors (hosting, payment processing, video session) under signed Business Associate Agreements.
  • When required by valid legal process (subpoena, court order) — we notify you whenever lawful.
  • We do not sell or rent your personal or health data — ever.

5. Data Security & Storage

  • Hosted on SOC-2 Type II compliant infrastructure with 24/7 monitoring.
  • All employee access uses 2-factor authentication and role-based permissions.
  • Annual third-party penetration testing and continuous vulnerability scanning.
  • Backups encrypted and geographically distributed within the United States.
  • Incident response plan in place; affected users notified within 60 days as required by HIPAA Breach Notification Rule.

6. Your Rights

  • Access — request a copy of all data we hold about you.
  • Correction — ask us to fix any inaccurate information.
  • Deletion — request deletion outside of HIPAA-mandated retention periods.
  • Portability — receive your records in a machine-readable format.
  • Opt-out — unsubscribe from marketing emails at any time.
  • California (CCPA), Colorado (CPA), and EU (GDPR) residents have additional statutory rights.

7. Cookies & Analytics

  • Essential cookies — required for login, security, and the consent process.
  • Analytics — privacy-respecting aggregate analytics (no PHI ever included).
  • We do not use third-party advertising trackers.
  • You can disable cookies in your browser; some features may not work properly without them.

8. Data Retention

  • Clinical records retained per Colorado mental-health board requirements (currently 7 years for adults, longer for minors).
  • Account data retained while your account is active and for 12 months after closure.
  • Aggregated, de-identified analytics retained indefinitely.
  • You may request earlier deletion subject to our HIPAA-mandated retention obligations.

9. Minors

  • We provide services to minors aged 12 and older with verified parental or guardian consent.
  • Minor PHI is protected with the same safeguards as adult records.
  • Parents and guardians may request access to minor records subject to Colorado law.

10. International Users

  • Our services are intended for Colorado residents.
  • If you access the site from outside the U.S., you understand your data will be processed in the U.S.
  • U.S. data-protection law applies; HIPAA remains your primary protection.

11. Changes to This Policy

  • We post the effective date at the top of this page when we make changes.
  • Material changes will be emailed to active account holders 30 days before taking effect.
  • Continued use of our services after the effective date constitutes acceptance.

12. Contact Us

  • Email our Privacy Officer at support@coloradoserviceanimals.net.
  • Mail: Colorado Service Animals — Privacy Office, Denver, CO.
  • We acknowledge privacy requests within 5 business days and resolve most within 30 days.

Related Legal Documents

HIPAA Notice
Notice of Privacy Practices
Terms of Service
Platform terms
Refund Policy
Money-back terms

Questions About Your Privacy?

Our Privacy Officer responds within 5 business days.

support@coloradoserviceanimals.net