Privacy Policy

Last Updated: April 15, 2026

This policy outlines how Bloom Counselling & Consulting (“we”) collects, uses, and protects your personal information. We are committed to protecting your privacy in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Accountability

We are responsible for the personal information under our control. We have designated a Privacy Officer to ensure our ongoing compliance with PIPEDA principles.

Privacy Officer: Sabrina Friesen
Contact: sabrina@bloomcounselling.com
431-276-6717


2. Information We Collect:

We only collect the minimum information necessary to meet our ethical obligations in providing therapy services and in managing your appointments.

Digital Data (Acuity Scheduling/Zoho/Square): Contact information (name, email address, and phone number) are used to manage online bookings and send appointment reminders. Contact information (name and email) is input into Square for the purpose of invoicing only. Credit card information is not stored in Square, unless the client or authorized third party requests and consents to such.

Paper Intake Data: Name, email, phone, address, emergency contact information, and basic health information (current medications/allergies/physician contact info) is collected via intake form at the onset of therapy.

This information is used to:

  • Manage appointments and maintain clinical records
  • Ensure your safety (ie: allergies or emergency contacts)
  • Coordinate care with your physician (if required, with explicit consent)
  • Process payments for services

3. Third-Party Service Providers

We use trusted third-party tools to manage your data securely. These providers have their own rigorous security standards.

Acuity Scheduling: Used for online booking and intake. Acuity is HIPAA-compliant, meeting high-level security standards for health-related data.

Zoho Mail: Used for all professional email correspondence. Note: Zoho data is currently being transferred from a US to Canadian data center to ensure permanent Canadian data residency.

Square: Used for secure payment processing. Square is PCI-compliant; we do not store your full credit card information on our own systems.

Doxy.me: Used for secure video consultations. Doxy.me is PIPEDA-compliant and utilized an encrypted peer-to-peer connection; the content of video calls is never recorded or stored on their servers.


4. Security Safeguards

We protect your information through a combination of technical, physical, and organizational measures.

Technical: Our website uses SSL/TLS encryption (HTTPS). All digital tools (Zoho, Acuity, Square, Doxy.me) are protected by secure, unique passwords. Video sessions via Doxy.me are end-to-end encrypted.

Physical: All paper-based client records are stored in a permanently locked filing cabinet. When files are in transit, they remain under the constant physical control of the practitioner and are never left unattended.

Organizational: Only the primary practitioner has access to your personal and clinical information. As per the CCPA Code of Ethics, and as outlined in the informed consent, a professional power of attorney would be granted access to client data in the event of an emergency that renders the clinician unable to fulfill their required duties.

5. Retention and Disposal

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law and professional liability insurance (10 years since the last point of contact). When no longer required, data is securely deleted or cross-cut shredded, and logged in a record of destruction.

6. Individual Access and Correction

You have the right to request access to the personal information we hold about you and to request corrections if you believe the information is inaccurate. We will respond to all access requests within 30 days.

7. Challenging Compliance

If you have questions or concerns about our privacy practices, please contact our Privacy Officer listed above. If we are unable to resolve your concern, you may contact the Office of the Privacy Commissioner of Canada.