We Hold Your Information With the Same Care You Bring to Your Clients
At Ananda Ketamine-Assisted Therapy Training, we recognize that preparing clinicians to facilitate non-ordinary states of consciousness requires the highest standards of trust, discretion, and care. The information you share — during enrollment and throughout your training — is treated with the same respect we ask you to extend to those you will one day serve.
This policy describes how we collect, use, store, protect, and share information about prospective participants, enrolled trainees, alumni, faculty, and website visitors.
Who This Policy Covers
Prospective & enrolled trainees
Program alumni
Faculty and supervisors
Administrative staff
Website visitors
By registering for our training, visiting our website, or engaging with our services, you acknowledge that you have read and agree to the practices described here.
Information We Collect
What We Collect — and Why
We collect only the information necessary to ensure your safe participation, facilitate your training, and meet our legal and accreditation obligations. Below is a full accounting of the categories we gather.
Registration & Contact
Name, email, phone, mailing address, professional credentials, license number(s), license state(s), and emergency contact information.
Professional Background
Scope of practice, prior training, areas of clinical focus, and reasons for pursuing this training — used to ensure cohort fit and tailor the experience.
Health & Screening
Medical and mental health history, current medications, and information relevant to safe participation in experiential components. Treated with heightened confidentiality.
Payment Information
Payments are processed through Stripe. We do not store full credit card numbers on our own systems.
Training Records
Attendance, completion of required components, and clinical or peer evaluations generated during the program, including CE credit records.
Website Usage Data
Standard analytics data such as IP address, browser type, pages visited, and referring sources, collected via cookies or third-party analytics tools.
Data Use
How We Use Your Information
Every piece of information we collect serves a specific, legitimate purpose — from ensuring your safety in experiential components to meeting accreditation requirements with bodies such as NBCC and AANP. We use your data only in ways that directly support your training experience or our legal obligations.
We do not sell your personal information to third parties for any purpose — ever.
Enrollment & Registration
Process your application, confirm your spot, and onboard you to the cohort.
Safety & Screening
Conduct medical and clinical screening to ensure your wellbeing during experiential components.
CE Credit & Compliance
Issue and maintain continuing education records in compliance with NBCC, AANP, and state licensing boards.
Community & Alumni
Maintain alumni records and provide ongoing access to our learning community after program completion.
Group Confidentiality
What Happens in the Group, Stays in the Group
A core element of our training is experiential learning in community. Participants share personal experiences, clinical reflections, and at times deeply intimate material during group process. This is sacred ground — and we protect it accordingly.
Signed Agreement Required
All participants sign a Group Confidentiality Agreement at the start of training, committing to protect every person's story and identity.
No Recording Without Consent
Photographing, recording, or transcribing group sessions without explicit written consent from all participants is strictly prohibited.
Speak from Your Own Experience
When reflecting on group content outside the session, participants may speak only from their own experience — never disclosing others' material.
Faculty Standards
Faculty are bound by the same confidentiality standards, and additionally by the ethical codes of their respective professional licenses.
Violation of group confidentiality is grounds for dismissal from the program without refund. The sole exception is mandatory reporting: faculty and participants who are mandated reporters must act on information involving imminent danger to self or others, suspected abuse of a minor or vulnerable adult, or other legally mandated disclosure circumstances.
Data Security
How We Store and Protect Your Information
We apply industry-standard security measures across every layer of our data infrastructure. Security is not an afterthought — it is built into how we operate from day one.
Encrypted Storage
All electronic records are stored on cloud-based systems using AES-256 encryption at rest and TLS 1.2 or higher in transit.
Least-Privilege Access
Only authorized staff and faculty with a legitimate need are granted access to specific records, strictly on a need-to-know basis.
Multi-Factor Authentication
All staff and faculty accounts that touch participant data require multi-factor authentication — no exceptions.
Physical Security
Paper records such as signed consent forms are stored in locked cabinets in secured facilities and digitized as soon as practicable.
Annual Security Review
Access permissions and security practices are reviewed at least annually to ensure they remain current and effective.
Staff Training
All staff and faculty receive data security and confidentiality training at onboarding and on an annual basis thereafter.
Access & Third Parties
Who Can See Your Information
Internal Access
Access within our organization is granted strictly on a need-to-know basis. The following roles may access relevant portions of your records:
Program Leadership — Co-directors and senior faculty overseeing participant safety and administration
Faculty & Supervisors — Cohort faculty with access to clinical screening, attendance, and evaluation records
Administrative Staff — Personnel handling registration, billing, and CE credit processing
External Access
Certain trusted third parties support our operations under contractual confidentiality obligations. We share only the minimum data necessary for each service:
Payment Processors — Stripe, for secure tuition transactions
Cloud Platforms — Google Workspace for storage and productivity
Email & Communications — Platforms supporting program correspondence
CE Accreditation — NBCC submission platforms
Regulatory Bodies — NBCC, AANP, and state licensing boards when legally required
We carefully vet all third-party vendors for strong security and privacy practices and contractually limit the data they may access to only what is required for the service they provide.
Retention & Rights
How Long We Keep Your Data — and Your Rights Over It
Data Retention Periods
At the end of each applicable period, records are securely deleted or destroyed in accordance with best practices.
Your Rights
Access
Request a copy of the personal information we hold about you.
Correction
Ask us to correct inaccurate or incomplete records.
Deletion
Request deletion of your data, subject to legal retention requirements.
Portability
Request your information in a portable, machine-readable format.
Withdraw Consent
Opt out of non-essential communications at any time.
We will respond to all rights requests within 30 days of receipt.
Recording Policy
Recording, HIPAA, and Breach Notification
🎥 Recording Policy
Some training components may be recorded for supervision, faculty development, quality assurance, or accreditation review. When recording occurs:
Participants are notified in advance and must provide explicit written consent
Participants may decline to be recorded; opt-out from required sessions is available
Recordings are stored under the same security standards as all participant data
Recordings are never distributed publicly without separate explicit consent
Participants may not record sessions on personal devices without prior written permission
🏥 HIPAA & Clinical Information
Because our training includes experiential components involving medical screening and, in some cases, medication use under clinical supervision, certain information may qualify as Protected Health Information (PHI) under HIPAA.
We treat all health-related information you provide as PHI, applying HIPAA-equivalent protections to its storage, use, and disclosure — regardless of whether we are formally classified as a Covered Entity in a given context.
A separate HIPAA Notice of Privacy Practices is included in your welcome packet, outlining your specific PHI rights.
🔔 Breach Notification
In the event of a data breach affecting your personal information, we commit to the following:
Notify affected individuals within 30 days of discovery
Notify relevant regulatory authorities as required by law
Provide a clear description of what information was involved and what steps to take
Conduct a post-incident review and update our security practices accordingly
Contact & Updates
Questions, Changes, and How to Reach Us
Policy Updates
We may update this policy periodically to reflect changes in our practices, technology, legal requirements, or accreditation standards. When we make material changes, we will update the Effective Date at the top of this policy, notify enrolled participants by email, and post a notice on our website for at least 30 days. We encourage you to review this policy from time to time.
Contact Us
If you have questions about this policy, wish to exercise your rights, or have a concern about how your information is being handled, please reach out directly to the Ananda Ketamine-Assisted Therapy Training team:
Website: dr.meredithaistrup.com
Phone: 913-832-9263
A Final Note on Trust
This policy is more than a legal document — it is a reflection of our values. The same principles of safety, respect, and non-judgment that guide our approach to clinical training govern how we handle every piece of information you entrust to us.
We are grateful for the trust you place in Ananda as you undertake this important work. If anything in this policy is unclear or raises a concern, please don't hesitate to reach out. We are committed to transparency and to earning your confidence every step of the way.