Skip to main content
Mad River

Privacy Policy

Last updated: March 21, 2026

1. Overview

Mad River, PLLC ("we," "our," or "us") operates the website at https://www.mad-river.org and provides online self-discovery assessment tools and telehealth psychotherapy services. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.

2. Clinical Services Separation (HIPAA Firewall)

The self-discovery assessment tools on this website are NOT HIPAA compliant and operate independently from all clinical psychotherapy services. Your responses, scores, and generated reports from our assessments (Connection Style Test, Enneagram Test, Big Five Test, The Blueprint, and Family Attachment & Cohesion Test) are not protected health information (PHI) and are not stored as part of any medical or clinical record.

Telehealth psychotherapy sessions provided by Daniel Elliott, LMHC-A are conducted through HIPAA-compliant platforms entirely separate from this website.

If you are also a therapy client of Mad River, PLLC: Your clinical records and your self-discovery assessment data are maintained on completely separate systems. Taking an assessment on this website does not create, modify, or extend any therapeutic relationship. Your therapist does not have access to your assessment results through this platform. If you choose to share your results with your therapist during a session, that is your decision.

3. Washington Consumer Health Data

Under the Washington My Health My Data Act (RCW 19.373), certain information we collect may qualify as "consumer health data." This includes your self-discovery assessment scores and AI-generated personality reports, as they relate to your psychological well-being and mental health status.

Categories of Consumer Health Data Collected

  • Self-discovery assessment responses and resulting trait scores
  • AI-generated personality and attachment reports
  • Partner comparison reports (FACT partner sharing)

Purposes for Collection

  • To calculate and deliver your assessment scores
  • To generate personalized self-discovery reports
  • To save results to your account dashboard
  • To generate partner comparison reports when you opt in to sharing

Third Parties Receiving Consumer Health Data

  • Anthropic: Assessment scores and first name are sent to generate AI reports (not raw answers)
  • Supabase: Scores and reports are stored in our database
  • Brevo: Reports are delivered via email

We do not sell your consumer health data. We do not share consumer health data for advertising purposes. Assessment data is only stored when you create an account. You may delete your account at any time from your account settings, which permanently removes all your assessment data, scores, and reports from our database.

4. Information We Collect

Information You Provide

  • Account information: First name, email address, and password when you create an account (or Google OAuth profile data).
  • Assessment responses: Your answers to self-discovery assessment questions and the resulting scores.
  • Payment information: When you purchase paid assessments or subscriptions, payment is processed by Stripe. We do not store your credit card number.
  • Email address: Provided when taking assessments to receive your results via email.

Information Collected Automatically

  • Standard web analytics data (page views, browser type, device type) through Vercel Analytics.
  • Session cookies necessary for authentication and website functionality.

5. How We Use Your Information

  • To deliver your assessment results via email.
  • To save your assessment results to your account dashboard (when logged in).
  • To generate personalized personality reports (for subscribed users).
  • To process payments through Stripe.
  • To provide customer support and respond to inquiries.
  • To improve our assessment tools and website experience.

6. Data Storage, Security & Retention

Account data and assessment results are stored in Supabase (hosted on AWS). We use industry-standard security measures including encryption in transit (TLS/SSL), row-level security policies, and secure authentication tokens. However, no method of electronic storage is 100% secure.

Data Retention

Account data and assessment results are retained for as long as your account is active. Anonymous assessment results (taken without an account) are associated with the email address you provide and retained indefinitely unless you request deletion. Payment records are maintained by Stripe in accordance with their retention policies. Anthropic may retain API data for up to 30 days for abuse monitoring per their terms of service. Upon account deletion, all assessment data is removed from our database within 30 days.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users without unreasonable delay in accordance with Washington State law (RCW 19.255.010).

7. Third-Party Services

  • Supabase: Database and authentication services.
  • Stripe: Payment processing for paid assessments and subscriptions.
  • Brevo (Sendinblue): Transactional email delivery for assessment results.
  • Anthropic (Claude): Personalized report generation. Your assessment scores (not raw answers) are sent to Anthropic's API to generate personalized reports. Anthropic does not use this data for training.
  • Vercel: Website hosting and analytics.
  • Google: OAuth authentication (optional sign-in method).

8. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We share data only with the service providers listed above as necessary to operate our services, or as required by law.

9. Your Rights

  • Access: You can view your stored assessment results on your dashboard.
  • Deletion: You may delete your account at any time from your account settings. Deleting your account permanently removes all your assessment data, scores, and reports from our database.
  • Correction: You can update your profile information through your account settings.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at daniel@mad-river.org.