Effective date: February 24, 2026
Glasshouse Recovery, LLC (“Glasshouse,” “we,” “us,” or “our”) operates the website at https://glasshouserecovery.com (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Service, including our website forms and SMS communications, and outlines your choices and rights under applicable law.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
Service: The website https://glasshouserecovery.com operated by Glasshouse Recovery, LLC.
Personal Data: Information about a living individual who can be identified from that information (alone or in combination).
Usage Data: Information collected automatically by the Service (e.g., IP address, browser type/version, pages visited, time and date of visit, time spent on pages, device identifiers, and diagnostic data).
Cookies: Small files stored on your device that enable certain features and help us analyze and improve the Service.
Protected Health Information (PHI): Individually identifiable health information protected by HIPAA and, for substance use disorder treatment records, 42 CFR Part 2.
This Privacy Policy applies to information collected through the Service (including our general contact forms and SMS program). It does not change your rights under HIPAA or 42 CFR Part 2 with respect to your treatment records.
Glasshouse is a behavioral health and substance use disorder treatment provider. PHI and substance use disorder treatment records are protected by HIPAA and 42 CFR Part 2. We will not disclose such information except as permitted or required by law. Redisclosure of Part 2-protected information is prohibited unless expressly permitted by your written consent or by 42 CFR Part 2.
Important: No PHI via SMS.
Our SMS systems are not intended for transmitting PHI. Please do not submit clinical details, diagnosis, treatment information, or insurance/member numbers through those channels.
We may collect Personal Data that you provide directly, such as: name, email address, phone number, mailing address, and the content of your message or inquiry.
We may automatically collect Usage Data (e.g., IP address, browser type/version, pages visited, date/time stamps, and device identifiers) to operate, secure, and improve the Service.
We use Session Cookies, Preference Cookies, and Security Cookies. We may also use tags, pixels, or scripts (e.g., for analytics and security).
We may use information to:
Provide, maintain, and improve the Service
Respond to inquiries, schedule and coordinate communications
Monitor performance, debug, and protect against fraud or misuse
Comply with legal and regulatory obligations
Enforce our terms and protect our rights, users, and the public
We do not sell or rent your Personal Data.
Our SMS program is limited to admissions, scheduling, and general inquiries. We do not use SMS for marketing or promotional messages.
Opt-In Methods: Website checkbox or verbal consent (documented internally).
Opt-Out Commands: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. HELP for help.
Carrier Notice: Delivery may be delayed or unavailable.
No PHI in SMS: Do not send PHI via text.
Vendor: We use Quo (Formerly OpenPhone) to facilitate SMS delivery.
Retention: SMS logs are retained for up to 6 months.
We may engage third-party service providers (hosting, communications, analytics, security). They may only access Personal Data to perform services for us and are bound by confidentiality agreements.
We may use third-party analytics (e.g., Google Analytics). You can opt out using Google’s opt-out browser add-on.
The Service is operated in the U.S. Information may be stored and processed here. We use safeguards such as TLS encryption, least-privilege access, and audit logging.
We may disclose information:
To comply with applicable law or legal process
To protect the safety, rights, or property of Glasshouse, our patients, users, or the public
To service providers acting on our behalf
In connection with a reorganization, merger, or transfer of assets
42 CFR Part 2: We will not redisclose protected records without written consent unless allowed by law.
SMS logs: up to 6 months
PHI and treatment records: retained/disposed under HIPAA & 42 CFR Part 2
The Service may contain links to third-party sites. We are not responsible for their privacy practices.
We do not knowingly collect data from individuals under 18. If you believe a minor has submitted information, contact us so we can delete it.
The Service may not respond to “Do Not Track” signals. Cookie notices or banners will be displayed where required.
Residents of California (CCPA/CPRA) and certain other states (Virginia, Colorado, Connecticut, Utah) may request access, correction, or deletion of certain Personal Data (excluding PHI). Email: admin@glasshouserecovery.com.
We may update this Privacy Policy periodically. Updates will be posted with a new effective date.
Glasshouse Recovery, LLC
8318 Forrest Street, Suite 100
Ellicott City, MD 21043
Phone: (410) 970-3374
Email: admin@glasshouserecovery.com
We may notify you about material changes to the Service
We may allow participation in interactive features you choose to use
We monitor usage to prevent and address technical issues
If you are outside the U.S. and submit data, you consent to processing in the U.S.
We may be required to disclose data to public authorities
We advise reviewing third-party privacy policies for linked sites