Privacy Policy — Aseya Lukina

Your privacy is not a formality — it is the foundation of our work together. This policy explains clearly how I collect, protect, and use your information when you visit this website or work with me as a client. Please read it carefully. If you have any questions, I am always available at [email protected].

Who I Am

I am Aseya Lukina, an EMDR therapist providing virtual therapy services to clients globally, including clients located in the United States. All sessions are conducted online via Google Meet.

For the purposes of this policy, "I," "me," and "my practice" refer to Aseya Lukina as an independent practitioner. "You" refers to any visitor to this website or current or prospective client.

Information I Collect

I collect only the information necessary to provide you with safe, high-quality care and to maintain our professional relationship. This includes:

Personal identifiers: name, email address, phone number, time zone, and country of residence
Health and mental health information: history, presenting concerns, session notes, and treatment-related communications
Emergency contact information
Payment and billing information (processed securely through third-party payment platforms)
Communications you send me via email, contact forms, or scheduling tools
Website data: IP address, browser type, pages visited, and cookies (used for basic website functionality and analytics)

How I Use Your Information

Your information is used solely for the purposes it was collected. Specifically:

To provide, schedule, and coordinate your therapy sessions
To communicate with you about appointments, treatment, and care
To process payments for services rendered
To maintain accurate clinical records as required by professional and legal standards
To fulfill legal and ethical obligations as a practitioner
To improve the functionality of this website

I do not sell, rent, or trade your personal information. I do not use your information for marketing purposes without your explicit consent.

Confidentiality & Protected Health Information

Everything you share with me in the context of therapy — your history, what arises in sessions, your progress — is held in strict confidence. This is both an ethical obligation and, where applicable, a legal one.

For clients based in the United States, I handle your Protected Health Information (PHI) in a manner consistent with the standards set by the Health Insurance Portability and Accountability Act (HIPAA). This means:

Your PHI is used and disclosed only as described in this policy or as permitted by law
I implement administrative, technical, and physical safeguards to protect your information
I apply the minimum necessary standard — accessing or sharing only the information required for the stated purpose

      Special protection: psychotherapy notes
      My personal session notes receive a higher level of protection than general health records. They are stored separately and will not be disclosed to any third party — including other healthcare providers — without your explicit written authorization, except as required by law.
    

When Confidentiality May Be Limited

There are specific, narrowly defined circumstances in which I may be required or permitted to share information without your prior consent:

Risk of harm: If I have reasonable belief that you or someone else is in imminent danger, I may disclose information necessary to prevent that harm (duty to warn or protect)
Mandatory reporting: Legal requirements to report suspected abuse or neglect of a child, elderly person, or dependent adult
Court order: If I am legally compelled by a court to disclose records
Emergency situations: Where disclosure is necessary to address a medical or psychiatric emergency

In any such situation, I will disclose only the minimum information necessary and, where possible, will inform you before doing so.

Third-Party Platforms & Service Providers

To deliver online therapy services, I use a small number of trusted third-party platforms. These providers may process or store some of your information on my behalf:

Google Meet All therapy sessions are conducted via Google Meet. Google's privacy practices govern data processed through their platform. I encourage you to review Google's Privacy Policy. Sessions are not recorded without your explicit consent.

      Payment processors
      Payment information is handled by secure third-party processors. I do not store your full payment details on my own systems.
    

I share your information with these providers only to the extent necessary to deliver services. I do not authorize them to use your information for their own purposes.

Online Sessions & Telehealth Privacy

Online therapy offers significant accessibility and flexibility, and also involves certain privacy considerations unique to digital communication. I ask that you:

Attend sessions from a private, secure location where you will not be overheard
Use a secure, password-protected internet connection (avoid public Wi-Fi)
Ensure no unauthorized persons are present or able to view your screen during sessions

On my end, I conduct all sessions from a private space and use encrypted platforms. I maintain updated security practices to protect our communication.

Please be aware that no digital communication can be guaranteed to be 100% secure. By choosing to engage in online therapy, you acknowledge and accept the inherent limitations of electronic communication.

Your Rights

You have meaningful rights over your personal and health information. You may, at any time:

Access your records: Request a copy of the health information I hold about you
Request corrections: Ask me to correct inaccurate or incomplete information
Request an accounting of disclosures: Ask for a record of instances where your PHI was shared with third parties
Request restrictions: Ask me to limit how I use or disclose your information (I will consider all such requests in good faith)
Withdraw consent: Where consent is the basis for processing, you may withdraw it at any time without affecting the lawfulness of prior processing
Data deletion: Request that I delete your personal information, subject to my legal obligations around record retention

For US-based clients in California: you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know the categories of personal information collected, the right to opt out of any sale of personal information (I do not sell personal information), and the right to non-discrimination for exercising your rights.

To exercise any of these rights, please contact me at [email protected]. I will respond within a reasonable timeframe.

Data Security

I take the security of your information seriously and maintain appropriate safeguards, including:

SSL encryption on this website
Use of encrypted communication and session platforms
Restricted access to client records — only I have access to your file
Secure storage of clinical notes and records
Regular review of security practices

In the event of a data breach that affects your information, I will notify you promptly and take all necessary steps to mitigate harm.

Data Retention

I retain client records for a minimum of seven (7) years following the conclusion of our work together, or as required by applicable professional and legal standards. Records pertaining to minor clients are retained for a longer period as required by law. After the retention period, records are securely destroyed.

Website data (such as analytics) is retained only as long as necessary for its stated purpose.

Cookies & Website Analytics

This website uses cookies and basic analytics tools to understand how visitors interact with the site. This data is anonymized and used solely to improve the website experience. It is not linked to your identity or your status as a client.

You may configure your browser to refuse cookies. Please note this may affect some website functionality.

Children's Privacy

This website is not directed at children under the age of 13. I do not knowingly collect personal information from children without verifiable parental consent. If you believe a child has submitted information to this website without appropriate consent, please contact me immediately.

Changes to This Policy

I may update this Privacy Policy periodically to reflect changes in my practice, applicable law, or the platforms I use. When I do, I will update the "Last updated" date at the top of this page. For significant changes, I will notify active clients by email. I encourage you to review this policy from time to time.

Your continued use of this website or continued engagement with my services after any changes constitutes your acceptance of the updated policy.

Filing a Complaint

If you are a US-based client and believe your privacy rights under HIPAA have been violated, you have the right to file a complaint with the US Department of Health and Human Services Office for Civil Rights:

Online: hhs.gov/hipaa/filing-a-complaint
Phone: 1-800-368-1019

You will not be retaliated against for filing a complaint.

I also encourage you to reach out to me directly first — I am committed to addressing any concerns promptly and respectfully.

Questions & Contact

For any privacy-related questions, requests, or concerns, please contact me directly:

Aseya Lukina

EMDR Therapist · Virtual Practice

[email protected]