Strategic Changes | Privacy Policy

PRIVACY POLICY

Strategic Changes | Neural Pain Resolution

Last updated February 02, 2026

IMPORTANT: Understanding Our Two Separate Systems

Strategic Changes operates two distinct systems with different levels of information collection:

📧 THIS MARKETING WEBSITE (Go High Level Platform)

What we collect: Name and email address only
Purpose: Send free resources (MP3s, guides), educational content, and newsletter
Protection: Standard website security, SSL encryption
No health information is collected through this website

🏥 CLIENT RECORDS SYSTEM (Carepatron Platform)

What we collect: Health information, session notes, physician referrals
Purpose: Provide hypnotherapy services, maintain treatment records
Protection: HIPAA-compliant platform with Business Associate Agreement
Only used if you become a paying client

This privacy policy covers both systems. Most website visitors only interact with the marketing website. If you become a client, you'll be informed about the client records system separately.

Introduction

This Privacy Notice for Strategic Changes (doing business as Strategic Changes) ("we," "us," or "our") describes how and why we collect, store, use, and/or share ("process") your information when you use our services ("Services"), including when you:

Visit our website at https://strategicchanges.com/
Download free resources (Neural Pain Resolution MP3, guides, etc.)
Subscribe to our email newsletter
Apply for or participate in hypnotherapy services
Engage with us in other related ways, including marketing or events

Questions or concerns? Contact us at [email protected]

If you do not agree with our policies and practices, please do not use our Services.

SUMMARY OF KEY POINTS

What information do we collect through the website?
Only your name and email address when you download free resources or subscribe to our newsletter. We also collect standard website usage data (IP address, browser type, pages visited).

What information do we collect if I become a client?
If you apply for and participate in our hypnotherapy services, we collect health information (type of chronic pain, medical history, current medications, physician referrals, session notes) in our separate HIPAA-compliant client records system (Carepatron).

Do we process sensitive health information?
Not through this website. Health information is only collected in our separate client records system (Carepatron) when you become a paying client. That system is HIPAA-compliant with appropriate security measures.

How do we use your information?
Website information: Send free resources and educational emails (you can unsubscribe anytime). Client information: Provide hypnotherapy services, communicate about your care, process payments, coordinate with your physician (with your consent).

Who do we share information with?
Service providers only (Go High Level for marketing emails, Carepatron for client records, payment processor, Google Analytics). We do NOT sell your information to anyone.

How do we keep your information safe?
SSL encryption, secure platforms, limited access to authorized personnel only. Client health information is stored in HIPAA-compliant system with Business Associate Agreement.

What are your rights?
Access your information, correct inaccuracies, delete your information, opt out of marketing emails, withdraw consent. State-specific rights for California and other US states also apply.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

5. HOW LONG DO WE KEEP YOUR INFORMATION?

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

7. DO WE COLLECT INFORMATION FROM MINORS?

8. WHAT ARE YOUR PRIVACY RIGHTS?

9. YOUR HEALTH INFORMATION RIGHTS (CLIENTS ONLY)

10. CONTROLS FOR DO-NOT-TRACK FEATURES

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

12. DO WE MAKE UPDATES TO THIS NOTICE?

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

A. Information Collected Through This Marketing Website

Personal Information You Provide:

When you download free resources or subscribe to our newsletter, we collect:

First name and last name
Email address

When you apply for services (before becoming a client), we may collect:

Phone number (optional)
General information about your pain type (to assess if we can help)

This website does NOT collect:

Detailed medical history
Current medications
Physician information
Session notes or health records
Payment information

Information Automatically Collected:

When you visit our website, we automatically collect:

IP address
Browser type and version
Device information (computer, phone, tablet)
Pages visited and time spent on pages
Referring website
Approximate geographic location (city/state level, based on IP address)
Date and time of visits

This information does not reveal your specific identity and is primarily used for website security, analytics, and improving user experience.

B. Information Collected in Our Client Records System (Clients Only)

If you become a paying client, the following information is collected and stored in our separate HIPAA-compliant platform (Carepatron):

Health Information:

Type of chronic pain (CIPN, back pain, migraines, neuropathy, etc.)
Pain level and duration (how long you've experienced it)
Medical treatments you've tried
Current medications and dosages
Physician referral information (doctor's name, contact, your diagnosis)
Whether you're in active litigation related to your pain
Whether you're currently on disability for pain
Session notes and progress documentation
Techniques used during sessions and your responses
Follow-up communications about your progress

Payment Information:

Payment method details (processed securely through our payment processor)
Billing address
Transaction history

Session Recordings:

Audio/video recordings of sessions (only with your explicit written consent)
Stored securely in HIPAA-compliant system
Automatically deleted after [specify retention period]

Important: All health information is maintained in Carepatron, our HIPAA-compliant client records system, which is completely separate from this marketing website.

C. Information from Third Parties

We do NOT collect any information from third parties.

D. Application Form Information

Our qualification forms collect general information about your pain situation to determine if Neural Pain Resolution might be appropriate for you. We ask about:

General pain characteristics (type, duration, severity described in functional terms)
Treatment journey (whether you've tried various approaches, not specific details)
How pain affects your daily activities
Your readiness for this type of intensive work

We do NOT collect specific medical details such as exact diagnoses, medication names, or detailed treatment records on application forms. Those details are provided by your physician through the referral process and collected through our HIPAA-compliant intake system (Carepatron) once you become a client.

Pre-Client Information: Application form data is used solely for screening and qualification purposes. While stored securely, it is not yet Protected Health Information (PHI) under HIPAA because you have not yet engaged our services. This information may be deleted after 90 days if you do not proceed to become a client.

Client Information: Once you schedule a paid session and provide a physician referral, all health information becomes Protected Health Information (PHI) and is subject to full HIPAA protections as described in our HIPAA Compliance Statement.

2. HOW DO WE PROCESS YOUR INFORMATION?

A. Information from This Marketing Website

To Send Free Resources:

Deliver the Neural Pain Resolution MP3 you downloaded
Send PDF guides and educational materials
Provide access to free content

To Send Educational Emails:

Share pain management techniques and tips
Provide information about neuroplasticity and chronic pain
Send updates about our services (if you've opted in)
Invite you to workshops or events (if applicable)

You can unsubscribe from marketing emails at any time using the "unsubscribe" link at the bottom of any email.

To Improve Our Website:

Analyze which pages are most visited
Understand user behavior and preferences
Improve website functionality and content
Fix technical issues

To Respond to Inquiries:

Answer questions about our services
Provide customer support
Address concerns or complaints

B. Information from Our Client Records System

To Provide Hypnotherapy Services:

Schedule and conduct sessions
Maintain continuity of care across multiple sessions
Track your progress and adjust techniques
Document session outcomes for quality improvement

To Communicate About Your Care:

Send appointment reminders
Follow up on your progress between sessions
Provide resources specific to your condition
Answer questions about techniques or homework

To Process Payments:

Charge for services rendered
Provide receipts and billing statements
Maintain financial records as required by law

To Coordinate Care (With Your Written Consent):

Communicate with your physician or pain specialist
Share progress updates with referring providers
Collaborate on treatment approach

To Comply with Legal Obligations:

Maintain health records for required retention period (7 years in California)
Respond to valid legal requests (subpoenas, court orders)
Report as required by law (e.g., suspected abuse)

We do NOT sell your personal information to anyone.

We share information only with service providers who help us operate our business:

A. Service Providers for Marketing Website

Go High Level (Marketing Platform)

What they receive: Name, email address
Purpose: Email delivery, newsletter management
Location: United States
Privacy Policy: https://www.gohighlevel.com/privacy-policy

Google Analytics

What they receive: Website usage data (anonymized IP, pages visited, device type)
Purpose: Website analytics and improvement
Privacy Policy: https://policies.google.com/privacy
Opt out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on

B. Service Providers for Client Records System

Carepatron (HIPAA-Compliant Practice Management)

What they receive: Client health information, session notes, scheduling data
Purpose: Client records management, scheduling, HIPAA-compliant storage
HIPAA Compliance: Yes, with signed Business Associate Agreement
Privacy Policy: https://www.carepatron.com/privacy-policy

Payment Processor

What they receive: Payment card information, billing address, transaction details
Purpose: Process payments securely
Security: PCI DSS compliant

C. Other Situations Where We May Share Information

With Your Explicit Written Consent:

Coordination with your physician or referring provider (clients only)
Any other purpose you specifically authorize

Legal Requirements:

Response to valid subpoenas or court orders
Compliance with applicable laws and regulations
Protection against legal liability

Safety and Protection:

When we believe disclosure is necessary to protect health and safety
To prevent fraud or security threats
Mandatory reporting requirements (e.g., suspected abuse)

Business Transfers:

If Strategic Changes is involved in a merger, acquisition, or sale, your information may be transferred (you will be notified)

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Yes, we use cookies and similar tracking technologies to collect and store information about your website usage.

What are cookies?
Cookies are small text files placed on your device (computer, phone, tablet) when you visit a website. They help the website remember your preferences and understand how you use the site.

Cookies we use:

Essential cookies: Required for website functionality (login, forms)
Analytics cookies: Google Analytics to understand website usage
Preference cookies: Remember your settings and preferences

How to control cookies:
Most browsers allow you to refuse cookies or delete them. However, this may limit your ability to use certain website features.

Chrome: Settings > Privacy and security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies

5. HOW LONG DO WE KEEP YOUR INFORMATION?

A. Marketing Website Information

Name and Email (Newsletter Subscribers):

Retained until you unsubscribe or request deletion
Automatically purged if no engagement for 2 years

Website Analytics Data:

Google Analytics: 26 months (default Google setting)
Server logs: 90 days

B. Client Records System Information

Health Information and Session Notes:

Minimum 7 years from last session (California law requirement)
May be retained longer if ongoing litigation or required by law

Payment and Billing Records:

7 years (tax law requirement)

Session Recordings (if applicable):

[Specify retention period] or until you request deletion

C. Exceptions

We may retain information longer than stated periods when:

Required by law or legal obligation
Necessary for pending or threatened litigation
Needed to protect against legal liability
Required for legitimate business purposes

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

A. Technical Security Measures

Website Security:

SSL/TLS encryption for all data transmission
Secure hosting infrastructure
Regular security updates and patches
Firewall protection

Client Records Security (Carepatron):

HIPAA-compliant platform with Business Associate Agreement
End-to-end encryption of health information
Secure data centers with redundant backups
Regular security audits and compliance reviews

B. Organizational Security Measures

Limited Access: Only authorized personnel have access to personal information
Confidentiality Training: Staff trained on privacy and security protocols
Password Protection: Strong password requirements and multi-factor authentication
Physical Security: Secure storage of any physical records (if applicable)

C. Important Limitations

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You acknowledge and accept the inherent risks of transmitting information over the internet.

Your Responsibility:

Protect your login credentials
Use secure internet connections (avoid public Wi-Fi for sensitive communications)
Notify us immediately of any suspected unauthorized access

7. DO WE COLLECT INFORMATION FROM MINORS?

No. We do not knowingly collect information from individuals under 18 years of age.

Our Services are designed for adults (18+) experiencing chronic pain. We do not provide hypnotherapy services to minors.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at [email protected]. We will delete such information promptly.

8. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location, you may have the following rights regarding your personal information:

A. General Privacy Rights

Right to Access:

Request a copy of the personal information we hold about you
Understand how we use and share your information

Right to Correction:

Request correction of inaccurate or incomplete personal information

Right to Deletion:

Request deletion of your personal information (subject to legal exceptions)
Note: Health records must be retained for 7 years under California law

Right to Opt-Out of Marketing:

Unsubscribe from marketing emails using the link in any email
Contact us directly to stop all marketing communications

Right to Data Portability:

Receive a copy of your personal information in portable format

Right to Withdraw Consent:

Withdraw previously given consent for data processing
Note: Does not affect lawfulness of processing before withdrawal

B. How to Exercise Your Rights

To exercise any of these rights, contact us:

Email: [email protected]
Subject line: "Privacy Rights Request"
Mail: Strategic Changes, 544 Chester Place, Pomona, CA 91768, United States

Include in your request:

Your full name
Email address associated with your information
Specific request (access, correction, deletion, etc.)
Any relevant details to help us locate your information

Response Time: We will respond within 30 days (may extend to 45 days for complex requests).

Verification: We may ask for additional information to verify your identity and prevent fraud before processing your request.

9. YOUR HEALTH INFORMATION RIGHTS (CLIENTS ONLY)

If you are a client, your health information stored in Carepatron is protected by federal and state health privacy laws, including HIPAA.

A. Your HIPAA Rights

Right to Access Your Health Records:

Request a copy of your health records
We will provide within 30 days
May charge reasonable copying fee

Right to Amend Your Health Records:

Request corrections to inaccurate or incomplete health information
We may deny if information is accurate and complete
You can submit a statement of disagreement

Right to an Accounting of Disclosures:

Request list of disclosures of your health information (past 6 years)
Does not include disclosures for treatment, payment, or operations

Right to Request Restrictions:

Request limits on how we use or share your health information
We are not required to agree except for disclosures to health plans if you paid out-of-pocket in full

Right to Confidential Communications:

Request communications at alternative locations or by alternative means
We will accommodate reasonable requests

B. Notice of Privacy Practices

As a client, you receive a separate HIPAA Notice of Privacy Practices that provides detailed information about how we use and protect your health information.

This Notice is provided at your first session and is available upon request at any time.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature that signals to websites that you do not want to have your online activity tracked.

Our response to DNT signals: We do not currently respond to DNT browser signals because there is no uniform standard for recognizing and implementing DNT signals.

However, you can:

Control cookies through your browser settings
Opt out of Google Analytics tracking
Unsubscribe from marketing emails

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes. If you are a resident of certain U.S. states, you have specific rights regarding access to your personal information.

A. Categories of Personal Information We Collect

In the past twelve (12) months, we have collected the following categories of personal information:

Category	Examples	Collected
A. Identifiers	Real name, email address, IP address	YES
B. Personal information (CA Customer Records statute)	Name, contact information, payment information (Clients only)	YES
C. Protected classification characteristics	Gender, age, race, ethnicity	NO
D. Commercial information	Transaction information, purchase history (Clients only)	CLIENTS ONLY
E. Biometric information	Fingerprints, voiceprints	NO
F. Internet or network activity	Browsing history, search history (General website usage only)	USAGE ONLY
G. Geolocation data	Device location (City/state level only, via IP address)	LIMITED
H. Audio, electronic, sensory information	Session recordings (With consent, clients only)	CLIENTS ONLY
I. Professional or employment information	Job title, work history	NO
J. Education information	Student records	NO
K. Inferences	Preferences and characteristics	NO
L. Sensitive personal information	Health information (Clients only, in separate HIPAA system)	CLIENTS ONLY

B. Sources of Personal Information

From you directly:

Website forms (name, email)
Client intake forms (health information for clients)
Email communications
Session participation (clients)

Automatically collected:

Website cookies and analytics
Server logs (IP address, browser type)

From third parties:

None (we do not collect information from third parties)

C. How We Use Personal Information

See Section 2 ("HOW DO WE PROCESS YOUR INFORMATION?") for detailed information.

D. Sharing Personal Information

We have NOT disclosed, sold, or shared any personal information to third parties for business or commercial purposes in the preceding twelve (12) months.

We will NOT sell or share personal information in the future belonging to website visitors, users, and consumers.

We do share information with service providers (Go High Level, Carepatron, payment processor, Google Analytics) as described in Section 3, pursuant to written contracts requiring confidentiality.

E. Your Rights Under State Privacy Laws

You have the following rights:

Right to Know:

Whether we are processing your personal data
What personal data we have collected
Categories of sources
Business purposes for collection
Categories of third parties we share with

Right to Access:

Obtain a copy of your personal data

Right to Correct:

Request correction of inaccurate personal data

Right to Delete:

Request deletion of personal data (subject to legal exceptions)

Right to Data Portability:

Obtain a copy of personal data in portable format

Right to Non-Discrimination:

Exercise privacy rights without discriminatory treatment

Right to Opt Out:

Opt out of sale of personal data (not applicable—we don't sell)
Opt out of targeted advertising (you can opt out of Google Analytics remarketing)
Opt out of profiling (not applicable—we don't profile)

F. How to Exercise Your Rights

Submit a request:

Email: [email protected]
Mail: Strategic Changes, 544 Chester Place, Pomona, CA 91768, United States

Authorized Agents:
You may designate an authorized agent to make requests on your behalf. The agent must provide written proof of authorization.

Verification:
We will verify your identity before processing requests. We may ask for additional information to verify your identity and prevent fraud.

Response Time:
We will respond within 45 days (may extend an additional 45 days for complex requests).

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice.

Material Changes:
If we make material changes to this Privacy Notice, we may notify you either by:

Prominently posting a notice of such changes on the website
Directly sending you an email notification

We encourage you to review this Privacy Notice frequently to stay informed of how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us:

Email: [email protected]

Mail:
Strategic Changes
Attn: Privacy Officer
544 Chester Place
Pomona, CA 91768
United States

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

You may also have the right to withdraw your consent to our processing of your personal information.

These rights may be limited in some circumstances by applicable law (e.g., we must retain certain health records for 7 years under California law).

To request to review, update, or delete your personal information:

Email: [email protected]

Subject line: "Privacy Rights Request"

Include in your request: