Skip to main content
Church of Spirits®

Privacy Policy

Your privacy is fundamental to our mission. This policy explains how we collect, use, and protect your information.

Last Updated: March 26, 2026

This Privacy Policy applies to Church of Spirits® (“the Church”) and the Conceptual Health® Clinic (“the Clinic”), collectively referred to as “we,” “us,” or “our.” This policy describes how we collect, use, disclose, and protect the personal information of our community members, patients, website visitors, and event attendees. The Clinic operates under additional obligations pursuant to the Health Insurance Portability and Accountability Act (HIPAA), as detailed in the HIPAA Notice section below.

1. Information We Collect

Church Activities

  • Name, email address, and phone number when you register for events or memberships
  • Attendance records for fellowship gatherings, retreats, and community events
  • Voluntary survey responses related to spiritual wellness and community feedback
  • Payment information for donations, event fees, or membership dues (processed by secure third-party providers)
  • Communication preferences and correspondence with our team

Clinic Services

  • Protected Health Information (PHI) including medical history, assessment results, and treatment records
  • Conceptual Health® axis scores and wellness data (PO, NM, ER, SC, RS, ES, TA, PV)
  • Insurance information and billing records
  • Demographic information required for clinical intake
  • HEALTHCOIN engagement and reward activity data

Website & Digital Services

  • Device information, browser type, and IP address collected via standard web analytics
  • Usage patterns and page interactions on our website
  • Information submitted through contact forms or online registration

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our church and clinic services
  • To communicate with you about events, programs, appointments, and community updates
  • To process registrations, memberships, donations, and clinical appointments
  • To calculate and track your Conceptual Health® scores and HEALTHCOIN balance
  • To provide clinical care, treatment planning, and wellness assessments
  • To fulfill legal and regulatory obligations, including HIPAA requirements
  • To ensure the safety and security of our facilities and digital systems
  • To conduct internal research and analysis to improve our programs (using de-identified data only)

3. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: Trusted third parties who assist with payment processing, email communications, and technology infrastructure, bound by confidentiality agreements
  • Clinical Referrals: With your written authorization, we may share PHI with other healthcare providers for treatment purposes
  • Legal Requirements: When required by law, subpoena, court order, or other legal process
  • Safety: When necessary to protect the health or safety of individuals or the public

Church activity data and clinic PHI are maintained in separate systems and are never commingled without your explicit written consent.

4. Data Security

We implement industry-standard technical, administrative, and physical safeguards to protect your information:

  • AES-256-GCM encryption for all Protected Health Information at rest and in transit
  • Multi-factor authentication (biometric + PIN) for clinical system access
  • HMAC-SHA256 chain-signed audit logging for all PHI access events
  • Automatic session timeout after 5 minutes of inactivity in clinical systems
  • Account lockout after 5 failed authentication attempts (15-minute lockout period)
  • Encrypted cloud storage with field-level encryption for health data synchronization
  • Regular security assessments and vulnerability testing

While no system can guarantee absolute security, we are committed to maintaining safeguards that meet or exceed industry standards and HIPAA Security Rule requirements.

5. HIPAA Notice of Privacy Practices

The Conceptual Health® Clinic, operated in conjunction with Church of Spirits®, is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This section serves as our Notice of Privacy Practices for clinic-related services.

Your PHI Rights

  • Right to Access: You may request copies of your health records at any time
  • Right to Amendment: You may request corrections to your health information if you believe it is inaccurate or incomplete
  • Right to an Accounting of Disclosures: You may request a list of instances where we have shared your PHI
  • Right to Request Restrictions: You may request limitations on how we use or disclose your PHI
  • Right to Confidential Communications: You may request that we communicate with you through specific channels or at specific locations
  • Right to a Paper Copy: You may request a paper copy of this notice at any time

We are required to maintain the privacy of your PHI, provide you with this notice of our legal duties and privacy practices, notify you in the event of a breach of unsecured PHI, and abide by the terms of this notice.

6. Your Rights

In addition to the HIPAA rights described above, you have the following rights regarding your personal information:

  • The right to opt out of non-essential communications at any time
  • The right to request deletion of your non-clinical personal information
  • The right to withdraw consent for data processing where consent is the legal basis
  • The right to data portability for information you have provided to us
  • The right to lodge a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA rights have been violated

Exercising any of these rights will not result in any penalty, retaliation, or change in the quality of services you receive from Church of Spirits®or the Conceptual Health® Clinic.

7. Children's Privacy

Our website and digital services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have inadvertently collected such information, please contact us immediately so we can take appropriate action.

Clinical services for minors are provided with the consent and involvement of a parent or legal guardian, in accordance with applicable state and federal law.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice (such as email notification or a prominent announcement on our website).

We encourage you to review this policy periodically to stay informed about how we protect your information.

9. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your rights, or need to file a privacy-related complaint, please contact us:

Church of Spirits®

Destin, Florida

For privacy inquiries, please use our contact form.

For HIPAA-related concerns, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr.