Privacy Policy for The Educational Resource Group

Effective Date: April 14, 2025

The Educational Resource Group LLC ("The ERG," "Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services within the United States, including educational services (executive function coaching, academic tutoring), mental health related medical services, therapy, assessments, and telehealth offerings.

This policy is intended to comply with applicable U.S. federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA), and other relevant privacy regulations.

1. Information We Collect

We collect the following types of information to deliver and manage services in compliance with U.S. laws:

A. Personal Identifiable Information (PII): This includes details such as a person’s full name, date of birth, email address, phone number, and mailing address. It may also encompass school or academic affiliation if the individual is associated with an educational institution.

B. Health Information (Protected Health Information or PHI): This category covers medical history, records of diagnoses or treatment data, mental health session notes, and insurance provider details. Additionally, it includes emergency contact information provided in relation to health services.

C. Educational Data (under FERPA if applicable): Educational data may consist of academic records or grades, notes from tutoring sessions, and documentation of learning goals along with assessment results, all of which fall under the protection of the Family Educational Rights and Privacy Act (FERPA) when applicable.

D. Technical Data: Technical information refers to data such as IP addresses, browser types, and unique device identifiers. It also includes cookies and usage data collected during interactions with digital platforms, as well as details on application login activity.

E. Payment Information: Payment-related data includes credit card details and billing addresses, as well as insurance information when used for billing or coverage purposes.

2. How We Collect Information

We may collect information in several ways:

• Directly from you: When you register, update your profile, schedule appointments, or provide feedback

• From your healthcare provider: With appropriate authorization

• From third parties: When you or your healthcare provider directs us to gather information

• Automatically: Through cookies, web beacons, server logs, and similar technologies when you use our website

3. How We Use Your Information

We use your information strictly for business operations within the U.S. to:

• Provide educational, medical, and assessment services

• Communicate about appointments, services, billing, or updates

• Maintain and manage legal health and academic records

• Process payments and insurance claims

• Customize programs to your individual needs

• Monitor usage and improve our digital platforms

• Comply with U.S. regulatory and legal requirements

4. How We Share Your Information

We do not sell your information. We only share it as allowed under applicable U.S. privacy laws, and only with:

• Licensed professionals within our network (e.g., clinicians, tutors)

• Insurance companies (only for claims and billing)

• IT providers who host or manage secure U.S.-based systems

• Payment processors (for transactions only)

• Government agencies if required under U.S. law

• With your express written consent, to schools or third-party providers

5. Data Security

We follow U.S. regulatory standards for data security, including HIPAA and FERPA-compliant measures. These include:

• Secure, encrypted data storage on U.S.-based servers

• HIPAA-compliant telehealth platforms

• Limited access controls for all sensitive data

• Regular internal audits of data protection practices

6. Your Rights Under U.S. Law

Depending on your state and the type of data, your rights may include:

• Accessing your personal or health information

• Requesting corrections to inaccurate or incomplete data

• Requesting deletion of your data (subject to legal and regulatory exceptions)

• Withdrawing consent for specific data uses (e.g., marketing, third-party sharing)

• Filing a complaint with the U.S. Department of Health and Human Services if your privacy rights under HIPAA are violated

7. Retention of Data

We retain your data only as long as needed to meet legal, clinical, and educational purposes:

• Medical records — retained in accordance with HIPAA and state-specific regulations

• Educational records — retained for 2 years after last service delivery

• Session notes and billing records — retained per IRS and healthcare compliance guidelines

8. Children's Privacy (COPPA Compliance)

We do not knowingly collect personal information from children under 13 years of age without verified parental or guardian consent, in accordance with the Children's Online Privacy Protection Act (COPPA). If we discover that a child's data was collected without consent, we will delete it promptly.

However, we may collect information about minors from parents, guardians, or healthcare providers with appropriate consent. Any user providing information about a child assumes full responsibility for the submission, use, and transmission of such information.

9. Third-Party Links

Our website may contain links to other U.S.-based educational or healthcare-related websites. We are not responsible for the privacy policies or practices of these third parties.

10. Cookies and Tracking Technologies

We and our third-party providers may use cookies, web beacons, and similar tracking technologies to collect information about how you use our website. This information helps us:

• Save your preferences

• Maintain session settings

• Authenticate users

• Monitor and improve our services

You can manage cookie preferences through your browser settings, though this may affect website functionality.

11. Telehealth Privacy Policy

We provide telehealth services exclusively to individuals physically located within the United States, in accordance with HIPAA and applicable state licensure laws.

A. What is Telehealth?
Telehealth refers to remote healthcare and educational services using secure video conferencing, messaging, and document sharing platforms.

B. Security of Telehealth Communications

• HIPAA-compliant video and audio encryption

• Verified logins and identity confirmation

• Secure online portals for accessing documents and session details

C. Consent to Telehealth Services
You must provide written or electronic consent before engaging in telehealth services. This consent includes understanding the risks, limitations, and requirements for receiving care remotely.

D. Use and Disclosure of Telehealth Data
Data shared during telehealth sessions is confidential and protected by HIPAA. We do not record sessions unless both parties agree in writing.

E. Emergencies
Our services do not replace emergency care. In a medical or mental health crisis, call 911 or go to the nearest U.S. emergency room.

F. U.S. Licensing & Availability
Telehealth is available only to clients within U.S. jurisdictions where our providers are licensed to practice.

12. Account Deactivation

If you wish to deactivate your account, please contact us directly. Upon your request, we will deactivate your account and archive your personal information in accordance with our retention policies and legal obligations.

13. Changes to This Privacy Policy

We may revise this policy at any time to reflect changes in U.S. law or our practices. Updated policies will include a new effective date and be posted publicly on our website.

14. Contact Us

For any questions or requests related to this U.S. Privacy Policy, please contact us:

The Educational Resource Group LLC
info@theerg.net
410-544-6696
541 A Benfield Road, Severna Park, MD, 21146

‍