top of page

Privacy Policies

This policy is effective as of January 2022, last updated February 13, 2026.

1. INTRODUCTION

MYINDSET (“MYINDSET,” “we,” “our,” or “us”) is committed to protecting the privacy and security of information collected from visitors to our website located at www.myindset.com (the “Site”), as well as information collected from patients, prospective patients, and other individuals who interact with our practice.

This Privacy Policy explains what information we collect, how we use and share it, how we protect it, and your choices regarding your information. This Privacy Policy applies to information collected through our Site, including any forms, contact features, scheduling tools, and other interactive elements on the Site.

Important: This Privacy Policy is separate from our HIPAA Notice of Privacy Practices (“NPP”), which governs how we use and disclose your Protected Health Information (“PHI”) in connection with your clinical care. If you are a patient, please also review our Notice of Privacy Practices, which is provided during the intake process and is available upon request.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

When you interact with our Site or contact us, you may voluntarily provide information, including:

  • Your name, email address, phone number, and mailing address

  • Date of birth and insurance information (through intake or scheduling forms)

  • The reason for your inquiry or the nature of services you are seeking

  • Any other information you choose to include in a contact form, email, phone call, or message

2.2 Information Collected Automatically

When you visit our Site, certain information may be collected automatically through cookies, web beacons, pixels, and similar technologies. This may include:

  • Your IP address and approximate geographic location

  • Browser type, operating system, and device information

  • Pages you visit on our Site, the date and time of your visit, and time spent on each page

  • Referring URL (the website that linked you to our Site)

  • Clickstream data and interactions with Site features

2.3 Information from Third Parties

We may receive information about you from third-party sources, including your insurance company (for verification of benefits), referring providers, and third-party platforms you use to interact with us (such as our patient portal provider, Valant).

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • To respond to your inquiries and communicate with you about our services

  • To schedule, confirm, and remind you of appointments

  • To verify your insurance coverage and process billing

  • To facilitate the intake process and deliver clinical services

  • To improve, maintain, and optimize our Site and the user experience

  • To analyze Site traffic and usage patterns to improve content and functionality

  • To comply with legal obligations, including HIPAA, state licensing requirements, and other applicable laws

  • To detect and prevent fraud, unauthorized access, or other illegal activities

  • To send you text messages (SMS/MMS) if you have consented to receive them (see Section 8 below)

4. How We Share Your Information

We do not sell, rent, or trade your personal information or PHI to third parties for their marketing purposes. We may share your information in the following limited circumstances:

  • Service Providers and Business Associates: We may share information with third-party vendors who perform services on our behalf, such as our electronic health records provider (Valant), website hosting provider (Wix), analytics providers, and payment processors. Where applicable, these vendors are bound by Business Associate Agreements as required by HIPAA.

  • As Required by Law: We may disclose information as required by federal, state, or local law, regulation, or court order, including in response to a subpoena, search warrant, or other lawful request from law enforcement or a government agency.

  • To Protect Rights and Safety: We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud or respond to a government request.

With Your Consent: We may share your information for purposes not described in this Privacy Policy with your explicit consent.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience and analyze how visitors use our Site. For a detailed description of the types of cookies we use, please see Section 22 of our Terms and Conditions.

5.1 Analytics

We may use third-party analytics tools, such as Google Analytics, to collect and analyze information about how visitors use our Site. These tools use cookies to collect standard internet log information and visitor behavior data. The information generated by cookies about your use of our Site is transmitted to the analytics provider and used to evaluate how visitors interact with the Site, compile statistical reports, and help us improve the Site.

Google Analytics may collect your IP address but does not store it in a way that identifies you personally. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-On, available at tools.google.com/dlpage/gaoptout.

5.2 Advertising and Remarketing

If MYINDSET uses any third-party advertising or remarketing tools (such as Google Ads or Meta/Facebook Pixel), we will take precautions to ensure that no protected health information is transmitted to advertising platforms. We do not use tracking pixels on authenticated (login-protected) pages that contain PHI.

As a behavioral health provider, we are particularly sensitive to the potential for tracking technologies to reveal information about your mental health status. We regularly review our tracking technology practices and limit the data shared with third-party platforms to non-identifiable, aggregate information wherever possible.

5.3 Your Cookie Choices

Most web browsers allow you to manage cookie preferences. You may set your browser to refuse cookies, delete cookies, or alert you when a cookie is being sent. However, some features of our Site may not function properly if cookies are disabled. Below are links to cookie management instructions for common browsers:

  • Google Chrome: chrome://settings/cookies

  • Mozilla Firefox: Options > Privacy & Security

  • Safari: Preferences > Privacy

  • Microsoft Edge: Settings > Cookies and Site Permissions

6. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, our Site does not currently respond to DNT signals. However, you may manage your cookie preferences as described in Section 5.3 above.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect the information we collect from unauthorized access, use, alteration, and disclosure. These measures include encryption of data in transit (SSL/TLS), access controls, and regular security reviews.

However, no method of transmission over the Internet and no method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. If you have reason to believe that your information has been compromised, please contact us immediately at contact@myindset.com or (317) 207-0273.

8. Text Messaging (SMS/MMS) Privacy and 10DLC Compliance

8.1 Information Collected Through Text Messaging

When you consent to receive text messages from MYINDSET, we collect and retain:

  • Your mobile phone number

  • Your opt-in consent and the date, time, and method by which consent was obtained (e.g., web form, in-person, text keyword)

  • The content and date/time of messages sent to and received from you

  • Your opt-out requests and the date/time of opt-out

  • Delivery status of messages (delivered, failed, pending)​

8.2 How We Use Text Messaging Data

We use information collected through our text messaging program solely for the following purposes:

  • To send you the messages you have consented to receive (appointment reminders, practice updates, billing reminders, and responses to inquiries)

  • To process and honor your opt-out requests

  • To maintain records demonstrating our compliance with the TCPA, CTIA guidelines, and 10DLC requirements

  • To troubleshoot delivery issues and improve our messaging services

8.3 Text Messaging Data Sharing

We do not sell, share, rent, or trade your mobile phone number, opt-in data, or any information collected through our text messaging program with third parties for their marketing or promotional purposes.

We may share text messaging data with our messaging service provider solely to facilitate the delivery of text messages on our behalf. Our messaging service provider is bound by contractual obligations to protect your data and use it only for the purposes of transmitting messages at our direction.

8.4 10DLC Registration and Carrier Compliance

MYINDSET complies with 10DLC (10-Digit Long Code) registration requirements mandated by The Campaign Registry (TCR) and enforced by major U.S. mobile carriers, including AT&T, T-Mobile, and Verizon. Our practice has completed:

  • Brand Registration: Our legal business entity is registered with TCR, including our legal name, Employer Identification Number (EIN), business address, and website.

  • Campaign Registration: Each messaging use case (e.g., appointment reminders, billing notifications) is registered as a separate campaign with TCR and approved by carriers.

  • Content Compliance: All messages comply with CTIA Messaging Principles and Best Practices and carrier content policies.

8.5 Opt-In and Consent Records

In accordance with TCPA requirements and 10DLC best practices, we maintain records of your consent to receive text messages, including how consent was obtained, when it was obtained, and the specific types of messages you consented to receive. These records are retained for a minimum of five (5) years or as required by applicable law.

8.6 Opt-Out and STOP/HELP Compliance

Our text messaging program fully supports standard opt-out and help keywords:

  • STOP: Reply STOP to any message to immediately unsubscribe from all text messages from MYINDSET. You will receive a single confirmation message.

  • HELP: Reply HELP to any message for assistance, including our office phone number and email.

These keyword responses function at all times and are processed automatically. Opting out of text messages will not affect your ability to receive clinical care from MYINDSET

8.7 Children's Privacy

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our Site. Our clinical services are available to adolescents ages 13 and older with parental or guardian consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at contact@myindset.com so we can promptly delete the information.

9. Your Rights and Choices

Depending on applicable law, you may have the following rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.

  • Correction: You may request that we correct inaccurate or incomplete personal information.

  • Deletion: You may request that we delete your personal information, subject to certain legal exceptions (such as our obligation to retain medical records under Indiana law).

  • Opt-Out of Marketing: You may opt out of receiving marketing emails by clicking the unsubscribe link in any marketing email, or by contacting us directly.

  • Opt-Out of Text Messages: You may opt out of text messages by replying STOP or contacting our office.

For rights related to your Protected Health Information (PHI), please refer to our HIPAA Notice of Privacy Practices, which outlines your rights to access, amend, restrict, and receive an accounting of disclosures of your PHI.

To exercise any of the rights described above, please contact us at contact@myindset.com or (317) 207-0273. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

10. Substance Use Disorder (SUD) Records and 42 CFR Part 2

 

If MYINDSET provides substance use disorder treatment services or receives substance use disorder records from other providers, those records may be subject to additional protections under 42 CFR Part 2 (the federal Confidentiality of Substance Use Disorder Patient Records regulation), in addition to HIPAA.

Records protected under 42 CFR Part 2 may not be disclosed without your written consent except in limited circumstances specified by law. These records receive heightened protections and cannot be used to investigate or prosecute you. For more information about how your substance use disorder records are protected, please see our Notice of Privacy Practices or contact our office.

11. Indiana State Privacy Protections

In addition to federal law, Indiana provides additional protections for certain health information, including mental health records, substance use disorder records, and HIV-related information. MYINDSET complies with all applicable Indiana privacy laws governing the collection, use, and disclosure of health information.

Under Indiana law, mental health records may be subject to additional restrictions on disclosure. Where Indiana law provides greater protection than HIPAA, we follow the more protective standard.

12. Data Breach Notification

In the event of a breach of unsecured protected health information, MYINDSET will comply with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D), which requires notification to affected individuals within 60 days of discovering the breach. We will also comply with Indiana’s data breach notification law (Indiana Code § 24-4.9) and any other applicable notification requirements.

If a breach involves information collected through our text messaging program, we will notify affected individuals through an alternative communication method (such as email, postal mail, or phone call) to ensure delivery.

13. Third-Party Links

Our Site may contain links to third-party websites or services that are not operated by MYINDSET. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party site you visit. MYINDSET is not responsible for the privacy practices of third-party websites.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the “Effective Date” at the top of this page and, where appropriate, notify you through a prominent notice on our Site or by email. Your continued use of the Site after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

 

MYINDSET

7230 Arbuckle Commons, Suite 256

Brownsburg, Indiana 46112

Phone: (317) 207-0273

Email: contact@myindset.com

Website: www.myindset.com


Privacy Officer: For HIPAA-related privacy concerns, please contact our Privacy Officer at the address or email above, or refer to our Notice of Privacy Practices for detailed information.

MYINDSET Logo - Stylized tree with colorful, abstract autumn foliage and dark branches.

We're Here For You

Everyone deserves care, and you can take the first step here:

317-207-0273

contact@myindset.com

7230 Arbuckle Commons Ste 256, Brownsburg IN 46112

 

© 2026 Mindset Behavioral Health PC DBA MYINDSET. All rights reserved. Soon to be MYINDSET/MyINDset/Myindset. 

 

bottom of page