Skip to main content
DM ABA

Legal

Privacy Policy.

Last updated: 2026-05-21

The short version

  • We collect what you give us through the contact form, plus anonymous analytics about how you use the site.
  • We don't sell anything. We don't run advertising trackers. We don't collect patient data — and we ask that you don't send any.
  • Use the contact form to see, correct, or delete anything we have about you. We'll respond within 30 days.

Full text below.

HIPAA notice

We are not a HIPAA business associate. Do not submit any patient health information (PHI) through the contact form, by email, or through any other channel on this site. If you need to discuss specifics about your practice that touch on PHI, we'll set up a properly covered channel before that conversation happens.

What we collect

When you submit our contact form: the information you provide — name, email, practice name, practice details, and any message text. We do not collect or store any patient health information (PHI), and we ask that you do not include any.

When you browse the site: anonymized analytics data including pages viewed, device type, and approximate geographic location. We use Google Analytics 4 and Microsoft Clarity to understand site usage. Clarity records anonymized session interactions to help us improve the site; identifying details are masked.

Errors: if the site fails for you, we use Sentry to capture the technical error details. These include browser type and the URL where the error occurred, but no personal information you didn't already submit.

How we use it

Form submissions: we use the information you provide to respond to your inquiry and follow up about your audit request. We may contact you about your submission for up to one year.

Analytics: we use site usage data to understand what's working, what isn't, and how to improve the site. We do not sell, rent, or share this data with advertisers.

Third parties

We work with the following services that process small amounts of your data on our behalf:

  • Resend delivers emails (your form submission to us, our confirmation to you)
  • Upstash anti-spam rate-limiting (your IP address, anonymized)
  • Google Analytics 4 analytics
  • Microsoft Clarity anonymized session recordings
  • Sentry error monitoring
  • Vercel hosting and performance monitoring

Each of these companies has its own privacy policy and is responsible for how they handle data.

Cookies and tracking

We use cookies for analytics only. We do not use advertising cookies, retargeting, or third-party ad networks.

For visitors in the EU, UK, and Switzerland, we use Google Consent Mode v2 to ensure tracking cookies are NOT set until you opt in via your browser preferences. For visitors elsewhere, analytics cookies are set by default unless you have Do Not Track enabled in your browser.

You can opt out at any time by:

  • Enabling Do Not Track in your browser
  • Using a browser extension like uBlock Origin
  • Adjusting your browser's cookie settings
  • Contacting us directly (see below)

Your rights

Depending on where you live, you have the right to:

  • Access the personal data we have about you
  • Correct inaccurate data
  • Delete your data ("right to erasure" under GDPR; "right to delete" under CCPA)
  • Object to processing or opt out of certain uses
  • Receive a copy of your data in a portable format

To exercise any of these rights, reach us through the contact form. We'll respond within 30 days.

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.

Data retention

Contact form submissions: kept for up to 24 months from the date you submitted, or until you ask us to delete them — whichever comes first. If you become a client, we keep records for the duration of the engagement plus 12 months.

Analytics data: 14 months in Google Analytics 4, 90 days in Microsoft Clarity. After that it's deleted automatically.

Error logs: 90 days in Sentry, then automatically purged.

Children’s privacy

This site is for adult business owners considering working with us — not children. We do not knowingly collect information from anyone under 13, and we don't market to children. Note: any obligations you have to the families and patients your ABA practice serves are governed by your own policies and applicable laws (HIPAA, COPPA, state regulations), not by this one. If you believe a child has submitted information here, contact us and we'll delete it.

Changes to this policy

We may update this policy from time to time. Small edits (typos, clarifying language) just get the “Last updated” date bumped. For any material change — new categories of data we collect, new sub-processors, expanded sharing — we'll email everyone who's submitted the contact form within the past 24 months at least 30 days before the change takes effect.

Contact

For privacy questions or requests, reach us through the contact form.