Privacy Policy

The Brotherhood Therapy  |  www.thebrotherhood.ca

Last updated: March 17, 2026

Important Notice for Clients — Please Read

This Privacy Policy also serves as our Statement of Information Practices as required under Ontario's Personal Health Information Protection Act (PHIPA). It describes how we collect, use, store, and disclose your personal information and personal health information at every stage of our relationship — from your first visit to our website through to your ongoing care with us.

 

1.  About This Policy

The Brotherhood Therapy (“we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of your personal information and personal health information. This policy applies to all individuals who visit our website, book a consultation, or receive psychotherapy services from us.

We comply with Ontario’s Personal Health Information Protection Act (PHIPA), Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable guidelines issued by our regulatory colleges.

Our services are provided to adults only. We do not knowingly collect information from anyone under the age of 18.

2.  Types of Information We Collect

General Personal Information (all visitors and prospective clients)

When you visit our website, book a free consultation, or contact us, we may collect:

     Name, email address, and phone number

     General information about what you’re looking for (e.g., the type of support you’re seeking)

     Technical data such as your IP address, browser type, and pages visited (via cookies and analytics tools)

     Payment information, processed securely via Stripe or PayPal — we never store payment card details directly

 

Personal Health Information (PHI) — active clients only

Once you become a client and have signed our Consent to Services agreement, we collect and maintain personal health information including:

     Your presenting concerns, mental health history, and treatment goals

     Session notes, progress notes, and clinical assessments

     Diagnoses, treatment plans, and referral information

     Invoices and billing records related to your care

 

Where your PHI is stored

All personal health information for active clients is stored exclusively in Jane App — a Canadian-built, PHIPA-compliant practice management platform. PHI is not stored in any of our marketing, CRM, or communication tools.

 

3.  How We Collect Your Information

We collect information through the following means:

     Website forms, booking pages, and intake questionnaires (hosted on our website and via GoHighLevel)

     Free consultation calls conducted via Google Meet

     Consent and intake forms completed through Jane App (for clients who proceed to services)

     Direct email and SMS communication

     Cookies and tracking technologies (see Section 10)

4.  How We Use Your Information

General personal information

     To respond to your enquiry and schedule a free consultation

     To send appointment reminders, follow-up communications, and non-clinical messages (e.g., homework or resources)

     To operate and improve our website

     To send marketing communications, only if you have opted in

     To process payments for services

 

Personal health information

     To provide psychotherapy and related health services

     To maintain an accurate clinical record of your care

     To communicate with other members of your circle of care, where applicable and with your consent

     To comply with our legal and regulatory obligations

We do not sell, rent, or use your personal health information for marketing purposes.

5.  Personal Health Information & PHIPA Compliance

As a health information custodian under PHIPA, we are responsible for the personal health information we hold about you. The following describes our information practices at each stage of your engagement with us.

Stage 1: Pre-Consent (Website Visitor / Prospective Client)

Before you sign our Consent to Services agreement, the only information we hold about you is your contact information and any details you have voluntarily provided when booking a free consultation. This information is managed through our CRM and communication platform (GoHighLevel) and our Google Workspace environment. At this stage, no clinical or health information is recorded or stored.

By submitting a form on our website, you acknowledge our Privacy Policy, including that your contact information is managed using the services described in Section 7, some of which are based in the United States.

Stage 2: Active Client (Post-Consent)

Once you have signed our Consent to Services agreement in Jane App, all personal health information is collected, stored, and managed within Jane App’s secure, PHIPA-compliant environment. Our therapists may discuss your care with one another internally — this occurs via Google Chat, which is covered under our signed Business Associate Agreement (BAA) with Google (see Section 7).

Occasional non-clinical communications (such as session reminders or therapeutic homework) may be sent via email or SMS. These messages do not include sensitive clinical content such as diagnoses, session notes, or detailed mental health history.

Disclosure Within the Circle of Care

We may share your personal health information with other members of your circle of care (e.g., your family doctor or a specialist) where this is reasonably necessary to provide you with care, and where we can reasonably infer your consent. We will always tell you when such sharing has occurred or is planned, unless this is not reasonably possible.

Disclosure Outside the Circle of Care

We will not disclose your personal health information to anyone outside your circle of care without your express written consent, except where required by law (e.g., duty to report, court order, or risk of serious harm to yourself or others).

6.  Consent

We collect and use your personal information based on your consent, except where another legal basis applies (such as a legal obligation). You may withdraw your consent at any time by contacting us at [email protected], subject to legal and contractual restrictions and reasonable notice.

For personal health information, your consent is collected through our Consent to Services agreement in Jane App. For general personal information collected through our website, your consent is provided by submitting a form with the privacy acknowledgment checkbox.

Withdrawing consent may affect our ability to provide you with services. We will explain the implications before processing a withdrawal.

7.  Third-Party Service Providers

We use the following third-party platforms and services to operate our practice. Each has been selected with privacy and security in mind. Where a service handles personal health information, we have entered into an appropriate data protection agreement.ata Locati

BAA / Agreement

Jane App

Clinical records, consent forms, scheduling, billing (PHI)

Canada ✅

PHIPA-compliant; data processing agreement in place

Google Workspace (Gmail, Meet, Chat)

Email, video consultations, internal team communication

United States ⚠️

HIPAA BAA signed with Google; covers all Workspace services

GoHighLevel

CRM, website & funnels, booking forms, SMS/email automations

United States ⚠️

Stripe

Payment processing

United States ⚠️

PCI-DSS compliant; no card data stored by us

Meta (Facebook) Ads

Advertising and marketing analytics

United States ⚠️

No PHI shared; anonymised ad performance data only

Cloudflare

Website security and performance (CDN)

United States ⚠️

Technical metadata only; no PHI

 

8.  Data Storage Outside Canada

Several of the services we use (including Google Workspace and GoHighLevel) are operated by US-based companies. As a result, some of your personal information may be stored on or transmitted through servers located in the United States.

What this means for you

Your personal health information (PHI) is stored exclusively in Jane App, which is hosted in Canada. General contact information held in Google Workspace and GoHighLevel may be subject to US laws, including the US CLOUD Act, which permits US authorities to compel access to data held by US-based companies, even when stored or processed outside the United States.  By using our website and services, you acknowledge this. If you have concerns about cross-border data storage, please contact us to discuss alternatives.

 

We have taken reasonable steps to ensure that all US-based service providers maintain appropriate safeguards, including encryption and access controls. Our BAA with Google is in place for all Google Workspace services.

9.  Data Security

We take the security of your information seriously and implement the following safeguards:

     All personal health information is stored in Jane App, which uses AES-256 encryption at rest and TLS in transit

     Google Workspace is secured under our signed BAA and uses enterprise-grade encryption

     Access to client records is restricted to the therapist(s) involved in your care

     Payment information is processed exclusively by PCI-DSS-compliant processors (Stripe and PayPal); we do not store card numbers

     Devices used to access client information are protected by passwords and, where applicable, two-factor authentication

No method of electronic storage or transmission is 100% secure. Despite our best efforts, we cannot guarantee absolute security. In the event of a privacy breach involving your personal health information, we will notify you and the Information and Privacy Commissioner of Ontario as required by PHIPA.

10.  Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy and to meet our legal obligations:

     Personal health information (clinical records): retained for a minimum of 10 years from the date of your last service, or 10 years after a minor client turns 18, whichever is later, as required by PHIPA and applicable regulatory college standards

     General contact information (e.g., enquiry data in GoHighLevel): retained for up to 2 years from your last interaction, unless you request earlier deletion

     Financial records: retained for a minimum of 7 years as required by Canadian tax law

     Website analytics and cookies: retained in accordance with each third-party provider’s data retention policies

When your information is no longer required, it is securely deleted or anonymised.

11.  Your Rights

Depending on your relationship with us and applicable law, you have the following rights:

     Request a copy of the personal information or personal health information we hold about you

Access:

     Request that inaccurate or incomplete information be corrected Correction:

     Withdraw consent for certain collections or uses of your information Withdrawal of consent:

     Request deletion of non-health personal data where no legal retention obligation applies

Deletion:

     Ask how your data is stored, processed, and shared

Information:

 

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may file a complaint with the Information and Privacy Commissioner of Ontario (IPC) at www.ipc.on.ca.

12.  Cookies and Tracking Technologies

Our website uses cookies and similar technologies, including the Meta Pixel, to improve user experience, measure advertising effectiveness, and provide relevant content. Cookies do not contain personal health information.

You can control cookie settings through your browser. Note that disabling cookies may affect the functionality of some parts of our website.

We do not use cookies to track your activity after you leave our website, except where you have opted in to receive retargeted advertising.

13.  Children’s Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from someone under 18, please contact us immediately at [email protected] and we will delete it promptly.

14.  Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Updates will be posted to this page with a revised “Last updated” date. For significant changes, we will notify active clients directly. We encourage you to review this policy periodically.

15.  Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

The Brotherhood Therapy     

Email: [email protected]

Website: www.thebrotherhood.ca

Privacy Commissioner of Ontario (IPC): www.ipc.on.ca

 

This document serves as the Statement of Information Practices for The Brotherhood Therapy as required under s.16 of the Personal Health Information Protection Act (PHIPA), Ontario.

Copyrights 2024 | The Brotherhood Therapy™ 

Hi! We use cookies, including third-party cookies, on this website to help operate our site and for analytics and advertising purposes.

DISCLAIMER: The results stated anywhere on this page are individual results and may vary. Please understand that results depend on a number of factors and we are not implying that you will duplicate them. People work very hard for their results. The average person who simply purchases any “how-to” program may not follow through on what they are being taught and because of that we cannot guarantee any specific result, except for offering a money back guarantee. We are using these testimonials and references for example purposes only. Results will vary and depend on many factors including but not limited to background, experience, and work ethic. All programs entail risk of failure and require consistent effort and action. If you’re not willing to accept that, this is not for you.

NOT GOOGLE™: This site is not a part of the Google™ website or Google Inc. Additionally, This site is NOT endorsed by Google™ in any way. Google™ is a trademark of Google™, Inc.

NOT FACEBOOK™: This site is not a part of the Facebook™ website or Facebook Inc. Additionally, This site is NOT endorsed by Facebook™ in any way. FACEBOOK™ is a trademark of FACEBOOK™, Inc.