Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

WHO WE ARE

Healing Art Together is a 501(c)(3) nonprofit organization dedicated to connecting healing artists with healthcare providers and wellness facilities through our HAT Collective directory platform. Our website address is: https://healingarttogether.org

Our Mission: We bridge art, healthcare, and community to support healing through creative expression.

What We Are NOT: We are not healthcare providers, licensed therapists, or medical professionals. We do not provide medical advice, diagnosis, or treatment. We operate a directory platform that connects healthcare providers with independent healing artists who facilitate creative healing experiences.

INFORMATION WE COLLECT

Information You Provide Directly

We collect information when you interact with our website through:

Newsletter Signup:

  • Email address
  • First name (optional)

Grief Workshop Interest Form:

  • Name
  • Email address
  • Phone number
  • Information about your loss (optional – you may decline and still participate)
  • Preferred workshop format

Artist Application (HAT Collective Directory):

  • Name
  • Email address
  • Phone number
  • Location (city/town on Long Island)
  • Art modality/modalities
  • Years of experience
  • Professional experience and training (self-reported)
  • Who you work with (seniors, youth, adults, etc.)
  • Availability and preferred settings
  • Brief professional bio
  • Artist statement (optional)
  • Profile photo (optional)
  • Portfolio images (optional)
  • Average session rates (optional)

Healthcare Provider Inquiry:

  • Name
  • Email address
  • Organization name
  • Areas of interest
  • Message/specific needs (optional)

General Contact Form:

  • Name
  • Email address
  • Message content

Chatbot Interactions:

  • Conversation content
  • Contact information if you choose to provide it

Donation Processing:

  • Information collected through Zeffy (see Third-Party Services section)
  • We do NOT directly collect or store payment card information

Information Collected Automatically

When you visit our website, we automatically collect:

  • Usage Data: Pages visited, time spent on site, navigation patterns
  • Device Information: IP address, browser type, operating system
  • Cookies: Small data files stored on your device (see Cookies section below)

HOW WE USE YOUR INFORMATION

We use the information we collect to:

Send newsletters and program updates (only if you’ve subscribed)
Respond to workshop inquiries and connect you with appropriate programs
Create artist profiles in the HAT Collective public directory
Enable healthcare providers to search and browse artist profiles
Facilitate connections between artists and healthcare organizations
Improve our website and user experience
Fulfill our nonprofit mission of connecting art and healing
Comply with legal obligations

What We Will NEVER Do:

❌ Sell your personal information
❌ Share your data with third parties for their marketing purposes
❌ Use sensitive information about grief or loss beyond program facilitation
❌ Provide medical advice or therapeutic services
❌ Share your information without your consent (except as required by law)
❌ Vet, verify, or certify artist credentials (artists self-report their information)
❌ Match or recommend specific artists to healthcare providers

HAT COLLECTIVE DIRECTORY – IMPORTANT PRIVACY NOTES

Public Directory Information

When you create an artist profile in the HAT Collective directory, the following information becomes publicly visible to anyone who visits the directory:

Publicly Visible:

  • Your name
  • Location (city/town)
  • Art modalities
  • Years of experience
  • Professional bio
  • Artist statement (if provided)
  • Profile photo (if provided)
  • Portfolio images (if provided)
  • Who you work with (populations served)
  • Availability and settings
  • Average session rates (if provided)
  • Website/portfolio URL (if provided)

NOT Publicly Visible:

  • Your email address (private – only you and HAT can see it)
  • Your phone number (private – only you and HAT can see it)
  • Internal application notes
  • Newsletter subscription status

How Healthcare Providers Use Your Profile

Healthcare providers and organizations can:

  • Search and browse the public directory
  • View your public profile information
  • Contact you directly using contact information you choose to share with them

Important: HAT does not verify the credentials or background of artists in the directory. All information in artist profiles is self-reported. Healthcare providers are responsible for conducting their own due diligence before engaging with any artist.

Your Control Over Your Profile

You can:

  • Request updates to your profile at any time
  • Request removal of your profile from the directory
  • Control what optional information you include (photos, rates, artist statement)

SENSITIVE INFORMATION & GRIEF SUPPORT

Information About Loss and Grief

Our grief workshop interest forms may ask about your experience with loss. This is entirely optional.

How we handle this sensitive information:

  • Collected only with your explicit consent
  • Used solely to connect you with appropriate support and workshop options
  • Stored securely with limited access (only staff directly involved in workshop coordination)
  • Never shared publicly or with third parties without your explicit written permission
  • Not included in any public directory
  • You may decline to answer and still participate in workshops

Important: Information you share with us is not protected by HIPAA (Health Insurance Portability and Accountability Act) because we are not a healthcare provider. We are a nonprofit arts organization.

If you share sensitive information in website comments, chatbot conversations, or forms, please know we treat it with care and confidentiality, but it is not protected by medical privacy laws.

MEDICAL DISCLAIMER

We Are Not Healthcare Providers

Healing Art Together:

  • Is a nonprofit arts organization
  • Operates a directory platform connecting artists and healthcare providers
  • Offers creative expression workshops and grief support programs
  • Works alongside healthcare systems, not as a replacement

We Do NOT:

  • Provide medical advice, diagnosis, or treatment
  • Offer licensed therapy or counseling services
  • Replace professional medical or mental health care
  • Prescribe treatments or clinical interventions
  • Vet, verify, or certify artist credentials
  • Supervise or oversee artist-client interactions
  • Guarantee outcomes from creative healing experiences

The HAT Collective is a directory of independent artists offering creative healing experiences. Artists are responsible for their own practices, credentials, and professional conduct. While some artists may have clinical credentials, they work independently—not as agents or employees of Healing Art Together.

If you need medical or mental health care, please contact a licensed healthcare professional.

THIRD-PARTY SERVICES

We use the following third-party services that may access or process your data:

Services We Use:

Fluent Forms (form processing)

Tawk.to (live chatbot)

Zeffy (donation processing)

Zapier (automation)

  • Purpose: Connecting forms to email and other tools
  • Data Handling: Data passed between connected services
  • Privacy Policy: https://zapier.com/privacy

Airtable (directory database)

  • Purpose: HAT Collective artist directory management
  • Data Storage: Artist profiles and application data stored by Airtable
  • Privacy Policy: https://www.airtable.com/privacy

Meta Business Suite (social media management)

Hostinger (email services)

WordPress (website platform)

What This Means for You:

Each third-party service has its own privacy policy. We do not control how these services handle your data beyond our direct use of their platforms.

We recommend reviewing their privacy policies if you have concerns about how your information is processed.

We carefully select services that prioritize user privacy and security.

COOKIES

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and understand how you use our site.

Cookies We Use:

Essential Cookies (Required):

  • Session cookies to keep you logged in if you have an account
  • Security cookies to protect against spam and abuse
  • Temporary cookies to remember your choices during your visit

Preference Cookies:

  • If you leave a comment, you may opt in to save your name, email, and website in cookies for convenience (lasts 1 year)
  • Login cookies (last 2 days for standard login, 2 weeks if you select “Remember Me”)
  • Screen display preference cookies (last 1 year)

Analytics Cookies (Optional):

  • Cookies that help us understand website traffic and usage patterns
  • These cookies do not collect personally identifiable information

Managing Cookies:

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

To disable cookies:

  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Cookies

Note: If you disable cookies, some features may not work properly (such as staying logged in).

EMBEDDED CONTENT FROM OTHER WEBSITES

Articles and pages on our site may include embedded content from other websites (e.g., YouTube videos, Instagram posts, Vimeo videos).

How embedded content works:

Embedded content behaves exactly as if you visited that other website directly. These websites may:

  • Collect data about you
  • Use cookies
  • Track your interaction with embedded content (especially if you’re logged into their service)

Examples: If we embed a YouTube video and you watch it, YouTube may track that you watched it and use that data according to their privacy policy.

We do not control these third-party websites and encourage you to review their privacy policies.

COMMENTS

When you leave a comment on our site, we collect:

  • The data shown in the comment form (name, email, website if provided)
  • Your IP address
  • Your browser user agent string (to help detect spam)

Comment Display:

If you provide an email address, an anonymized hash of your email may be sent to Gravatar to display your profile picture next to your comment (if you use Gravatar).

Gravatar Privacy Policy: https://automattic.com/privacy/

After your comment is approved, your profile picture (if any) and comment are visible publicly.

Comment Retention:

Comments and their metadata are retained indefinitely so we can automatically approve follow-up comments instead of holding them for moderation.

You can request deletion of your comments at any time by contacting us (see Contact section below).

WHO WE SHARE YOUR DATA WITH

We do not sell, rent, or trade your personal information.

We may share your information only in these limited circumstances:

Public Directory Display:

  • Artist profile information (as described in “HAT Collective Directory” section) is publicly visible to anyone who visits the directory

With Your Consent:

  • If you include contact information in your public artist profile, healthcare providers may contact you directly
  • If you explicitly authorize us to share specific information

Service Providers:

  • Third-party services listed above (Fluent Forms, Airtable, Zeffy, etc.) process data on our behalf to provide functionality

Legal Requirements:

  • If required by law, court order, or legal process
  • To protect the rights, property, or safety of Healing Art Together, our users, or the public

Password Reset:

  • If you request a password reset, your IP address will be included in the reset email for security purposes

What We Do NOT Share:

❌ Mailing lists sold to other organizations
❌ Grief/loss information shared in workshop inquiries
❌ Private artist contact information (email/phone) without consent
❌ Donor information (beyond what’s required for tax receipts)
❌ Artist credentials or background verification (we don’t verify this information)

HOW LONG WE RETAIN YOUR DATA

Data Retention Periods:

Newsletter Subscribers:
Until you unsubscribe (you can unsubscribe anytime via the link in our emails)

Workshop and Program Inquiries:
2 years from last contact, then deleted unless you’ve participated in programs

Artist Profiles (HAT Collective):
Retained while your profile is active in the directory
Deleted within 7 business days upon request
Automatically removed after 2 years of inactivity (no login or profile updates)

Website Comments:
Retained indefinitely (you can request deletion anytime)

Contact Form Submissions:
1 year from submission, then deleted

Website Analytics:
Aggregated (non-personally-identifiable) data retained indefinitely

Donation Records:
7 years (required by IRS for 501(c)(3) organizations for tax purposes)

Your Right to Deletion:

You can request deletion of your personal data at any time by contacting us (see Contact section).

Exception: We may retain data we’re legally required to keep for tax, accounting, or legal compliance purposes (such as donation records).

YOUR RIGHTS OVER YOUR DATA

You have the following rights regarding your personal information:

Access

Request a copy of the personal data we hold about you

Correction

Request correction of inaccurate or incomplete data

Deletion

Request deletion of your personal data (subject to legal retention requirements)

Opt-Out

Unsubscribe from marketing emails at any time (link provided in every email)

Portability

Request your data in a commonly used, machine-readable format

Object

Object to processing of your data for specific purposes

Withdraw Consent

Withdraw consent for data processing where we relied on consent

Profile Removal (Artists)

Request removal of your profile from the HAT Collective directory at any time

For users with accounts on our site:
You can see, edit, or delete your personal information anytime (except username). Website administrators can also see and edit that information.

To exercise any of these rights, contact us using the information in the Contact section below.

CHILDREN’S PRIVACY

Our website is not directed to children under 13 years of age.

We do not knowingly collect personal information from children under 13 without verifiable parental consent.

For youth programs:
We collect information from parents or legal guardians, not directly from minors.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can delete it.

DATA SECURITY

We take reasonable measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Security measures include:

  • Secure Socket Layer (SSL) encryption for data transmission
  • Password-protected WordPress admin access
  • Regular software updates and security patches
  • Limited staff access to sensitive information
  • Secure third-party services (Zeffy for payments, Airtable for directory)
  • Industry-standard security practices

However:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Responsibility:
If you have an account, please keep your password secure and do not share it with others.

CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:
What personal information we collect, use, disclose, and sell (note: we do NOT sell personal information)

Right to Delete:
Request deletion of personal information we’ve collected

Right to Opt-Out:
Opt-out of the sale of personal information (we do NOT sell your information, so this does not apply)

Right to Non-Discrimination:
We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us using the information below.

EUROPEAN UNION (GDPR) RIGHTS

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:
We process your data based on:

  • Your consent (newsletters, forms, directory profiles)
  • Legitimate interests (website functionality, program delivery, directory operation)
  • Legal obligations (tax records, nonprofit compliance)

Additional GDPR Rights:

  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with your supervisory authority

Data Transfers:
If we transfer data outside the EU, we ensure appropriate safeguards are in place.

To exercise your rights, contact us using the information below.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make changes:

  • We will update the “Last Updated” date at the top of this policy
  • For significant changes, we may notify you via email (if you’ve subscribed) or through a notice on our website
  • Continued use of our website after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

CONTACT US

Questions, concerns, or requests regarding this Privacy Policy or your personal data?

Email: diana@healingarttogether.org
Subject Line for Privacy Requests: “Privacy Request”

Mail:
Diana McCray, Executive Director
Healing Art Together
Long Island, New York

To exercise your privacy rights:

  • Email diana@healingarttogether.org with “Privacy Request” in the subject line
  • Specify which right you’re exercising (access, deletion, correction, profile removal, etc.)
  • We will respond within 30 days

For general inquiries about our programs:
Use the contact form on our website or the chatbot for fastest response.

ADDITIONAL DISCLOSURES

Nonprofit Status

Healing Art Together is a registered 501(c)(3) nonprofit organization. Donations may be tax-deductible. We retain donor information as required by IRS regulations.

No Spam

We do not send unsolicited emails. All marketing emails include an unsubscribe option.

Directory Platform Notice

The HAT Collective is a directory platform, not a referral or placement service. We do not vet, verify, certify, or guarantee the credentials or conduct of artists in our directory. All artist information is self-reported. Healthcare providers and organizations are responsible for conducting their own due diligence.

Your Consent

By using our website, you consent to this Privacy Policy.

Thank you for trusting Healing Art Together with your information. Your privacy matters to us.

This Privacy Policy was last updated on January 1, 2026, and reflects our commitment to transparency and protecting your personal information as we build bridges between art, healthcare, and community.