Privacy Policy

Epic MindLab Privacy Policy

Effective Date: March 15, 2024

Last Updated: February 10, 2026

Welcome to Epic MindLab. This Privacy Policy explains how Epic MindLab (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you visit our website (epicmindlab.com), engage with us for coaching services, or otherwise interact with us.

Our registered address is 3909 S Maryland Pkwy Ste 314, Las Vegas, NV 89119 USA. Our designated privacy contact email is privacy@epicmindlab.com.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to comply with our obligations under applicable privacy laws, including:

• Nevada Revised Statutes Chapter 603A (NRS 603A.300–603A.360), as our state of domicile
• EU and UK General Data Protection Regulation (GDPR)
• California Privacy Rights Act (CPRA)
• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020

We collect personal information that is necessary to provide you with our coaching services and manage our business operations. The types of information we collect depend on how you interact with us.

Prospective Clients — We collect your name and email address when you contact us for an initial consultation. We use this information to communicate with you and assess whether a coaching partnership is a good fit. Our legal basis is our legitimate interest in growing our business.

Identifiers and Contact Information — We collect your name, email address, physical address, and phone number to establish and manage our contractual relationship. Our legal basis is performance of contract.

Financial Information — We collect payment card or bank details (processed securely by Stripe) to process fees for our services. Our legal basis is performance of contract.

Session and Assessment Information — We process coaching session content, notes, and assessment results (EQ-i 2.0, CliftonStrengths, CSI) to deliver the core coaching service. Our legal basis is performance of contract.

Client Portal Information — We process your login credentials, appointment details, and goal-tracking data to facilitate your coaching program via CoachAccountable. Our legal basis is performance of contract.

Communications — We keep records of email and portal correspondence to maintain a clear engagement history. Our legal basis is our legitimate interest.

Website Analytics — We collect your IP address, browser type, pages visited, device information, and cookies to analyze site traffic and improve user experience. Our legal basis is consent (for cookies) and legitimate interest (for aggregate analytics).

Epic MindLab is not a healthcare provider. Our coaching services are professional development and personal growth services, not medical, therapeutic, or clinical services. We do not collect, solicit, or maintain health-related information, and we do not make medical or psychological diagnoses on behalf of clients. If during the course of a coaching engagement we refer a client to a licensed healthcare provider, therapist, or other professional, that referral does not constitute the collection, creation, or maintenance of health data by Epic MindLab.

While coaching conversations may occasionally touch on topics that are personal in nature — such as stress, career satisfaction, or personal values — we do not systematically collect, categorize, or store this information as health data, special category data, or sensitive personal information. Our session notes focus on coaching goals, action items, and professional development objectives.

If you are in the European Economic Area or United Kingdom and you voluntarily disclose information during coaching that could be considered “special category data” under the GDPR (such as philosophical beliefs related to personal values), we process that information solely to provide effective coaching. Our legal basis in such cases is your explicit consent, which we will request separately during onboarding. You may withdraw this consent at any time by contacting privacy@epicmindlab.com.

Because we do not collect consumer health data as defined by Nevada law (NRS 603A.430), the consumer health data provisions of NRS 603A.400–603A.550 do not apply to our services.

If you are in the European Economic Area (EEA) or the United Kingdom (UK), we rely on the following legal bases to process your personal information:

• Performance of a Contract: To fulfill our commitments to you under our Coaching Agreement.
• Explicit Consent: For processing any voluntarily disclosed special category data and for sending you marketing communications.
• Legitimate Interests: For activities such as responding to initial inquiries before a contract is formed, improving our services, and maintaining security.
• Legal Obligation: To comply with applicable laws, such as retaining financial records for tax purposes.

Our website uses cookies and similar technologies to enhance your user experience, analyze site traffic, and for other business purposes. A cookie is a small text file stored on your device when you visit our website.

Types of cookies we use:

• Essential cookies: Required for the website to function properly, such as maintaining your session and cookie consent preferences.
• Analytics cookies: Help us understand how visitors interact with our website by collecting information such as pages visited, time spent on pages, and referral sources. These cookies are only placed with your consent.

Third-party cross-site tracking disclosure (NRS 603A.340(d)): Third parties, such as analytics providers, may collect information about your online activities over time and across different websites when you use our website. We use Google Analytics, which may place cookies to track your browsing behavior across sites that also use Google Analytics. You can control the use of cookies through your browser settings or by using our cookie consent tool. For detailed information about the specific cookies we deploy and how to manage them, please see our separate Cookie Notice.

We do not sell, loan, lease, or otherwise transfer your personal information to any third party, except as strictly necessary to process and support your coaching relationship with us. This applies under all applicable laws, including the California Privacy Rights Act (CPRA) and Nevada Revised Statutes (NRS 603A.333). The third parties listed below receive your information solely to perform specific services on our behalf in connection with your coaching engagement. They are contractually obligated to protect your data and are prohibited from using it for any purpose other than those we have specified.

Payment Processing (Stripe) — Receives payment card details and billing address to securely process payments.

Client Management Portal (CoachAccountable) — Receives your name, email, session data, and goals for scheduling, session tracking, and program delivery.

Video Conferencing (Google Meet / Zoom) — Receives your name, email, and audio/video content to facilitate virtual coaching sessions.

Website Hosting (GoDaddy) — Receives your IP address, browser data, and cookies for website operation and analytics.

Assessments (MHS for EQ-i 2.0, Gallup for CliftonStrengths) — Receives your name, email, and assessment responses to deliver and score assessments.

Professional Services (accountants, legal advisors) — Receives financial records and contracts for tax compliance and legal counsel.

Professional Bodies (ICF) — Receives your name, contact information, and engagement dates for credentialing purposes, with your consent.

Mindfulness Platform (Waking Up, optional) — Receives your email address to provide supplementary mindfulness resources.

For California residents, we disclose personal information to these partners, who act as “Service Providers,” for the “business purposes” of auditing, security, debugging, performing services on our behalf, and facilitating transactions.

Mentor Coaches and Supervisors: As part of our ongoing professional development and ICF credentialing requirements, anonymized or de-identified case details may be reviewed by a mentor coach or clinical supervisor. No personally identifiable information is shared in this context without your explicit consent.

Epic MindLab is based in the United States. If you are located outside the U.S., your personal information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers are located. These countries may have data protection laws that are different from the laws of your country.

We take specific steps to protect your information when it is transferred:

• EEA, UK, and Switzerland: We rely on approved legal mechanisms such as the Standard Contractual Clauses (SCCs) adopted by the European Commission to ensure your data receives a comparable level of protection.
• Canada: We ensure that any transfer complies with PIPEDA’s requirements for comparable protection of personal information.
• Australia and New Zealand: We rely on your authorization for this transfer, which you provide by agreeing to our services after reviewing this policy.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Coaching records (notes, assessments) — Retained for 3 years after the engagement ends to support post-engagement needs and professional standards.

Contractual and financial records — Retained for 6 years after the engagement ends to comply with legal and tax obligations (IRS, NRS).

Prospective client data — Retained for 1 year from last contact for follow-up purposes under our legitimate interest.

Website analytics data — Retained for 26 months in aggregate form for traffic analysis purposes.

Cookie consent records — Retained for the duration of consent validity to demonstrate compliance.

We have implemented appropriate technical and organizational security measures designed to protect your personal information from accidental loss and from unauthorized access, use, alteration, or disclosure. These measures include:

• Encrypted platforms for data storage and transmission
• Secure, access-controlled client portal (CoachAccountable)
• Strong passwords and multi-factor authentication for all business systems
• Regular review of access controls and security practices
• Secure destruction of personal information when retention periods expire, in accordance with NRS 603A.200

Payment card security: We do not store payment card numbers on our systems. All payment card transactions are processed by Stripe, which is certified as a PCI Level 1 Service Provider. Our payment acceptance practices are designed to comply with the Payment Card Industry Data Security Standard (PCI DSS) as required by NRS 603A.215.

You have certain rights regarding your personal information, which may vary depending on your location. We are committed to honoring these rights for all our clients. The following summarizes the key rights available in the jurisdictions we serve.

Right to Access Your Information
NV: Yes  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

Right to Correct Your Information
NV: Yes  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

Right to Delete Your Information
NV: Yes  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

Right to Data Portability
NV: No  |  EU/UK: Yes  |  CA: Yes  |  CAN: No  |  AU: No  |  NZ: No

Right to Opt-Out of Sale of Covered Information
NV: Yes  |  EU/UK: N/A  |  CA: Yes  |  CAN: No  |  AU: No  |  NZ: No

Right to Limit Use of Sensitive Info
NV: No  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

Right to Object to Processing
NV: No  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

Right to Lodge a Complaint
NV: Yes  |  EU/UK: Yes  |  CA: Yes  |  CAN: Yes  |  AU: Yes  |  NZ: Yes

The Right to Access: You can request a copy of the personal information we hold about you.

The Right to Correction (Rectification): You can ask us to correct any inaccurate or incomplete information.

The Right to Deletion (Erasure): You can ask us to delete your personal information, subject to certain legal exceptions (such as our obligation to retain financial records).

The Right to Restrict Processing: You can ask us to limit how we use your data.

The Right to Data Portability: Where applicable, you can request your data in a structured, commonly used, machine-readable format.

The Right to Object: You can object to our processing of your data where we rely on legitimate interests.

The Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Rights Related to Automated Decision-Making: We do not engage in fully automated decision-making that has a legal or similarly significant effect on you.

To exercise any of these rights, please contact us at privacy@epicmindlab.com. We will respond to your request in accordance with applicable law. For requests under GDPR, we will respond within 30 days. For requests under CPRA, we will respond within 45 days. For requests under Nevada law, we will respond within 60 days. We will not discriminate against you for exercising your rights.

We may need to verify your identity before processing your request. For Nevada residents submitting a verified request, we may require you to provide certain information to confirm your identity before we can act on your request, in accordance with NRS 603A.337.

Epic MindLab is domiciled in Nevada and complies with Nevada Revised Statutes Chapter 603A. As a Nevada resident, you have specific rights under this law.

Categories of covered information we collect: As described in Section 2, we collect names, email addresses, physical addresses, telephone numbers, and other identifiers that constitute “covered information” under NRS 603A.320 through our website and online services.

Categories of third parties with whom we may share covered information: We may share covered information with the categories of third parties identified in Section 6, including payment processors, platform providers, assessment partners, professional service providers, and professional bodies.

Your right to review and request changes: You have the right to review and request changes to any of your covered information that we have collected through our website or online services. To do so, please email privacy@epicmindlab.com with the subject line “Nevada Data Review Request.”

Your right to opt out of the sale of covered information: We do not sell, loan, lease, or otherwise transfer your covered information to any third party as defined by NRS 603A.333. Your personal information is shared only with service providers who process it on our behalf to support your coaching relationship. Nevertheless, Nevada law provides you with the right to submit a verified request directing us not to sell your covered information. To submit such a request, please email privacy@epicmindlab.com with the subject line “Nevada Opt-Out Request.” This email address serves as our designated request address under NRS 603A.325. We will respond to your verified request within 60 days, or within 90 days if we determine an extension is reasonably necessary.

Third-party cross-site tracking: Third-party analytics providers may collect information about your online activities over time and across different websites or online services when you use our website. Please see Section 5 and our Cookie Notice for details on how to manage this tracking.

Notification of material changes: We will notify you of material changes to this policy by posting the updated policy on our website and updating the “Last Updated” date. For significant changes that materially affect how we handle your covered information, we will provide prominent notice on our website.

Enforcement: Nevada’s Attorney General enforces NRS 603A.340 and related provisions. If you believe your rights under Nevada law have been violated, you may contact the Nevada Attorney General’s Office, Bureau of Consumer Protection, at ag.nv.gov.

If you are a California resident, you have the rights described in Section 9, as well as the following additional protections under the CPRA:

• No sale, sharing, or transfer: We do not “sell” or “share” your personal information as those terms are defined under the CPRA. We do not loan, lease, or otherwise transfer your personal information to third parties except as necessary to process your coaching relationship.
• Sensitive personal information: To exercise your right to limit the use of your Sensitive Personal Information, please contact us at privacy@epicmindlab.com.
• Opt-out preference signals: We honor browser-based opt-out signals, including the Global Privacy Control (GPC).
• Non-discrimination: We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

If you are a Canadian resident, we comply with PIPEDA. We collect, use, and disclose your personal information only for purposes that a reasonable person would consider appropriate in the circumstances. You have the right to access your personal information, challenge its accuracy, and withdraw consent to its collection, use, or disclosure (subject to legal or contractual restrictions). To exercise these rights, contact us at privacy@epicmindlab.com.

If you are an Australian or New Zealand resident, your personal information will be transferred to and stored in the United States, as described in Section 7. By engaging our services after reviewing this policy, you authorize this transfer. We take reasonable steps to ensure that overseas recipients of your personal information comply with the Australian Privacy Principles (APPs) or the New Zealand Information Privacy Principles (IPPs), as applicable. You have the right to access and correct your personal information, and to make a complaint if you believe we have breached your privacy.

Nevada’s consumer health data provisions (NRS 603A.400–603A.550, effective March 31, 2024) impose requirements on “regulated entities” that collect “consumer health data.” As described in Section 3, Epic MindLab is not a healthcare provider and does not collect, solicit, or maintain health-related information. We do not make medical or psychological diagnoses, and our coaching session notes focus on professional development goals and action items rather than health conditions or treatment. Accordingly, these provisions do not apply to our services.

If our practices change in the future such that we begin collecting information that could constitute consumer health data under Nevada law, we will update this policy and obtain any required consents before doing so.

In the event of a breach of the security of our systems that compromises your personal information, we will notify you in accordance with applicable law. For Nevada residents, we will comply with the breach notification requirements of NRS 603A.220, which requires disclosure in the most expedient time possible and without unreasonable delay. For individuals in the EU/UK, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, and will notify you directly if the breach is likely to result in a high risk to your rights and freedoms.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete that information as soon as reasonably practicable. If you believe a minor has provided us with personal information, please contact us at privacy@epicmindlab.com.

Some web browsers transmit “Do Not Track” (DNT) or other opt-out preference signals. We honor the Global Privacy Control (GPC) signal as a valid opt-out request under applicable law. For other DNT signals, there is currently no universally accepted standard for how websites should respond; however, we are committed to minimizing unnecessary tracking of our visitors.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new policy on our website, updating the “Last Updated” date, and providing prominent notice on our homepage for a reasonable period. Where required by law, we will obtain your consent to material changes that affect how your personal information is processed.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our designated Privacy Officer:

Epic MindLab Privacy Officer
3909 S Maryland Pkwy Ste 314
Las Vegas, NV 89119 USA
Email: privacy@epicmindlab.com
Phone: +1-702-329-8359 (voice/text)

Designated request address for Nevada opt-out requests (NRS 603A.325): privacy@epicmindlab.com

Complaint authorities: You have the right to lodge a complaint with your local data protection authority. For Nevada residents, the Attorney General’s Bureau of Consumer Protection can be reached at ag.nv.gov. For EU/UK residents, a list of supervisory authorities is available at edpb.europa.eu. For Canadian residents, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.