Privacy Policy

Effective Date: July 26, 2025
Last Updated: July 26, 2025

Introduction
Blue Lotus Wellness, LLC ("we," "us," or "our") operates the website https://www.bluelotus-wellness.com (the "Site") and provides mental health counseling, ketamine-assisted therapy, workshops, retreats, and related wellness services nationwide. Your privacy is important to us. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our Site or interact with us online. It also explains your rights under various U.S. privacy laws, including CalOPPA, CCPA/CPRA, and similar state statutes.

1. Notice at Collection
Whenever you provide personal information on our Site—such as when contacting us, registering for newsletters, or completing intake questionnaires—you will see a clear notice informing you that by sharing data, you agree to our collection and use of your information as described in this Privacy Policy.
Example Notice:
"By providing your information, you agree to our collection and use of your data as described in our Privacy Policy."

2. Information We Collect
We collect the following categories of personal information:

1. Identifiers: Name, email address, phone number

2. Health & Sensitive Information (on website only): When submitting a contact form, users may choose to describe their reason for seeking services or their presenting concern. This is the only health-related information collected on our public website.

3. Sensitive Health Information via EMR (not stored on our website): Health history, treatment notes, appointment records, and billing/payment information are only collected, stored, and accessed through our HIPAA-compliant electronic medical records (EMR) system. Clients are required to create an account in this secure system through a unique email link in order to access and submit this information. These records are not stored on or transmitted through our public-facing website.

4. Commercial Information: For retreat or workshop sign-ups, billing details and payment history may be collected through secure third-party payment processors.

5. Internet & Device Data: IP address, browser type, and cookies

6. Usage Data: Pages visited, time spent on site, and navigation behavior


Retention:
Personal information submitted through our website (e.g., contact forms) is retained until it is no longer needed or upon your request for deletion.

Protected Health Information (PHI) collected through our EMR is retained for a minimum of six (6) years from the date of last use or creation, in compliance with HIPAA requirements.


3. Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies for analytics, site functionality, and marketing. Upon your first visit, you'll see a cookie banner allowing you to:

Accept all cookies

Decline non-essential cookies (analytics, advertising)

Manage your cookie preferences

To manage cookies later, you can click the "Cookie Settings" link in our site footer.


4. How We Use Your Information
We use your personal information to:

Respond to your inquiries or requests submitted via our website

Coordinate care and communicate about appointments (via EMR only)

Provide and improve our services and user experience

Send appointment reminders, wellness updates, or marketing (with your consent)

Comply with legal, regulatory, and licensing requirements



5. Sharing Your Information
We may share your information with the following categories of third parties, only as permitted by law and in accordance with professional and ethical standards:
Service Providers:

We may share information with trusted third-party vendors that help us operate our website, manage appointment scheduling, process payments, and provide marketing analytics. These providers are contractually bound to safeguard your data and may only use it for the purposes for which it was shared.


Healthcare Providers or Other Individuals:
We only share your protected health information (PHI) with other healthcare providers or third parties when it is clinically appropriate for treatment coordination and only with your explicit written consent via a signed Release of Information (ROI) form. This includes sharing with primary care physicians, specialists, or other members of your care team when collaboration is in your best interest.

Legal Authorities:
We do not share your information with law enforcement, courts, or government agencies unless required to do so by a valid court-ordered subpoena or warrant. In all other cases, we will only disclose your information with your express written permission via a signed ROI.

We do not sell your personal information. We may "share" certain non-sensitive categories of information (such as analytics or usage data) with marketing partners, but only if you have opted in via cookie consent or similar mechanisms.


6. CalOPPA and Online Privacy
Under CalOPPA, California residents:

May view this Privacy Policy from our website homepage

Are entitled to know what categories of information we collect and how we use it

May request changes to how we respond to “Do Not Track” browser settings


7. California Consumer Rights (CCPA/CPRA)
California residents have the right to:

Access: Request a copy of your personal information

Delete: Request deletion of your personal information

Opt-Out: Prevent the sale or sharing of your personal information

Limit Use of Sensitive Info: Limit our use of categories such as health or financial data


To exercise your rights, email: ksieper@bluelotus-wellness.com with the subject line: “Privacy Rights Request.”

8. Other U.S. State Privacy Rights
Residents of Colorado, Connecticut, Utah, Virginia, and other states may have similar rights (access, correction, deletion, portability, and opt-out). We honor these where applicable. Contact us at: ksieper@bluelotus-wellness.com

9. Opt-Out for Sensitive Personal Information
You may limit our use of any sensitive information collected through contact forms by emailing: ksieper@bluelotus-wellness.com


10. Automated Decision-Making
We do not use fully automated decision-making processes that result in legal or similarly significant effects. Any automated messaging tools (e.g., appointment reminders) are used solely to improve communication and service delivery.

11. HIPAA Notice of Privacy Practices
All clinical services are governed by our HIPAA Notice of Privacy Practices, which details how your PHI is collected, stored, and used within our EMR system.
You can view it here: [Notice of Privacy Practices] [Insert Link]

12. Children’s Privacy
We do not knowingly collect or market to individuals under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately for removal.

13. Security
We implement administrative, technical, and physical safeguards to protect your data. This includes the use of HIPAA-compliant software for health information and encryption protocols where applicable.

14. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted with an updated effective date. In the event of material changes, we will notify users as required by law.

15. Contact Us
For questions or to exercise your privacy rights, contact:
Blue Lotus Wellness, LLC
📧 Email: ksieper@bluelotus-wellness.com
📞 Phone: (603) 270-9217
📍 Address: 66 Prospect Street, Manchester, NH 03104

​