Privacy Policy
Notice of Privacy Practices (NPP) & Data Handling Guidelines
Last Updated: February 2026
Introduction
At Oregon Counselor Directory, your privacy is our highest priority. This Privacy Policy details how we collect, use, disclose, and protect information when you use our website and directory services. By accessing our platform, you agree to the terms outlined below.
Information We Collect
Providers
We collect professional information including name, practice location, specialties, credentials, contact details, and licensing status. Much of this data is compiled from publicly available records to create "Shadow Profiles" which providers can claim and verify.
Patients & Clients
If you use our contact forms or booking integrations to reach a provider, we securely transmit your information but do not store your protected health information (PHI) on our public directory servers.
HIPAA Compliance & PHI
While Oregon Counselor Directory is a directory and not a covered entity under HIPAA, we employ HIPAA-compliant data transmission standards when connecting patients to verified Growth or Pro tier providers. All lead routing uses secure, encrypted channels. Read our full HIPAA statement →
How We Use Your Information
Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third-party marketers. We may share information with trusted service providers (like Stripe for billing) strictly to operate our platform. These providers are bound by strict confidentiality agreements.
Security
We implement robust technical and organizational measures to safeguard your data, including TLS/SSL encryption for data in transit and AES-256 for sensitive data at rest. However, no internet-based system is 100% secure, and we cannot guarantee absolute security against advanced cyber threats.
Shadow Profiles & Opt-Out
If you are a provider and wish to remove your generated "Shadow Profile," you may claim the profile to initiate an immediate take-down request, or contact our support team directly. We respect practitioner autonomy and provide expedited removal upon verified request.
Legal Framework & Privacy Standards
- Health Insurance Portability and Accountability Act (HIPAA). U.S. Department of Health & Human Services. While provider directories generally operate as intermediaries and are not directly defined as "Covered Entities," we voluntarily enforce HIPAA-compliant technical safeguards (e.g., encryption in transit/at rest) to protect users entering personal data.
- California Consumer Privacy Act (CCPA) / CPRA. State Privacy Rights. Although our service targets Oregon, we employ data structures accommodating broad rights to deletion, disclosure, and the right to opt-out of "Shadow Profiles" seamlessly.
- Oregon Consumer Privacy Act (OCPA). Ensures Oregonians possess the right to comprehend how their data is leveraged, including the prompt removal of public directory profiles upon validated request.