Skip to main content
Free & Confidential 24/7 (877) 444-GROW
R
Redwood Wellness

Legal

Privacy Policy

Addiction-treatment data is some of the most sensitive information about a person. Federal law treats it that way. So do we. This policy explains exactly what we collect, what we do not, and why.

Last updated April 2026

The short version

We collect the minimum information needed to run the site and respond to people who contact us. We do not sell user data. We do not run third-party advertising cookies. No Google Analytics, no Meta Pixel, no TikTok pixel, no cross-site advertising tracker. Our analytics are privacy-respecting and self-hosted: no cookies, no individual identifiers. Phone calls from our helpline are protected by 42 CFR Part 2 — the federal confidentiality rule for addiction records, which is stricter than HIPAA.

What we collect

When you visit the site: your approximate geographic region (country and state), which pages you viewed, what kind of device and browser you used, whether you arrived from a search engine. This information is aggregated by our self-hosted analytics system. It is not tied to your identity. We do not collect your IP address in raw form, your precise location, or any persistent identifier that would let us recognize you on a return visit.

When you use the contact form: your name, email, subject, message, the IP of the submitting device (for spam filtering), and the submission time. We store this only to respond to you. It does not go to any marketing list, is not shared with treatment centers, and is not sold.

When you call our helpline: your call is handled by licensed admissions staff at a partner network, not by our editorial team. They will ask questions necessary to route you — type of substance, insurance, geography, level of need. The content of that call is protected under 42 CFR Part 2, the federal rule that gives addiction-treatment records stricter confidentiality than general medical records. Call metadata (number, time, duration) is retained for operational and quality purposes for no more than 12 months.

What we do not collect: we do not require registration. We do not ask for Social Security numbers, dates of birth, or medical history through the site. We do not run keystroke loggers, session replay, or heat-mapping tools that record user behavior.

Cookies and tracking

Our analytics tool does not set cookies. The contact form uses a short-lived session cookie for CSRF (cross-site request forgery) protection — that is required for form security. It expires when you close your browser, contains no identifying information, and is not shared with anyone.

Some pages link to outside sites (SAMHSA, CDC, peer-reviewed journals, individual treatment centers). When you follow those links, you leave our site and their privacy practices apply. We do not receive information about your activity on those sites.

Why helpline calls get special protection

The federal rule 42 CFR Part 2 was written specifically because addiction-treatment records carry higher stakes than general medical records. Disclosure of a substance-use history without consent can affect employment, custody, insurance, and housing. The rule prohibits addiction-treatment providers from disclosing substance-use records without the patient's written consent, except in narrow emergencies.

Our helpline is answered by staff at licensed treatment-network partners, which puts those calls under the Part 2 framework. We receive aggregated reports of call volume and outcome — not the content of conversations, not clinical details, not identifying information. Our own business incentives align with keeping this boundary intact.

Data security

The site is served over HTTPS with modern TLS settings. Our servers run on hardened infrastructure with tight access controls. The contact-form database is encrypted at rest. Contact submissions are not kept longer than 24 months unless the exchange is part of an active editorial correction or legal matter. Server log files with IP addresses are retained for 30 days, then automatically deleted.

We will not make a blanket promise that data is 100% secure — no internet service honestly can. What we try to do is limit exposure: collect less, keep less, share less.

Your rights

Depending on where you live, you may have legal rights over information we hold about you — under GDPR (EU), the UK equivalent, CCPA/CPRA (California), and similar laws in other U.S. states. These rights commonly include:

  • Knowing what we hold about you.
  • Requesting a copy.
  • Correcting inaccurate information.
  • Requesting deletion, subject to legal retention obligations.
  • Objecting to specific processing.
  • Lodging a complaint with your local data-protection authority.

To exercise any of these: email [email protected] with "Privacy Request" in the subject. Because we collect very little identifying information, we may need to ask for details that let us locate your data (for example, the email address you used on a contact form). We acknowledge within five business days and fulfill the request within 30 days.

Children

This site is intended for adults. We do not knowingly collect personal information from children under 13 in a way that would violate COPPA. If you believe a child has submitted information through our form, contact us and we will delete it. At the same time: young people in crisis sometimes land on pages like this one, and we will never treat a helpful request for information as a violation.

Changes

We update this policy when our data practices change, when we change hosting infrastructure, or when new laws take effect. Material changes are reflected in the last-updated date at the top of this page. We will not retroactively apply weaker protection to data collected under an earlier, stronger policy.

Contact

Privacy questions, concerns, or requests: [email protected]. For general editorial questions, see the contact page.