Effective date: April 28, 2026
1. Who We Are
ExpertESA ("we," "us," or "our") connects clients with licensed mental health professionals who can issue Emotional Support Animal (ESA) letters and Psychiatric Service Dog (PSD) letters for housing and travel accommodation. ExpertESA is not a law firm and does not provide legal advice.
2. Information We Collect
When you submit our intake form or use the client portal, we collect:
- Contact information, name, email address, phone number (optional), and U.S. state of residence.
- Health-related information, the mental health conditions you disclose on the intake form (e.g., anxiety, depression, PTSD) and any notes you provide.
- Animal information, pet name, species, breed, age, and any photos you upload.
- Account information, email and password for portal sign-in (passwords are hashed by our auth provider; we never store them in plaintext).
- Letter delivery information, your verification code, letter type, and issued letter file.
If you purchase an evaluation, payment is processed by Stripe, Inc. We do not store your full card number, CVV, or billing address, these are handled directly by Stripe. We retain a record of your transaction ID, amount, and date for billing, refunds, and fraud prevention.
3. How We Use Your Information
- To match you with a licensed therapist who can evaluate your eligibility for an ESA or PSD letter.
- To deliver your letter and respond to support requests.
- To verify the authenticity of letters when a landlord or third party submits a verification code.
- To send service-related emails (intake confirmation, status updates, letter ready).
- To improve the service and detect fraud or abuse.
We do not sell your personal information. We do not share your information with advertisers.
4. How We Store and Protect Your Information
Your data is stored with Supabase, our database and authentication provider, in encrypted form at rest and in transit. Pet photos are served via a public CDN URL so they display in your portal; the bucket is not browsable, but anyone with the direct URL can view the image. We recommend not uploading photos that contain identifying information beyond the animal itself — for example, government IDs, full home addresses, or other people.
Access to your records inside our admin panel is restricted to authorized ExpertESA staff and the licensed therapist evaluating your case.
5. Landlord Verification
When a landlord or property manager enters your verification code on our verification page, we confirm only the letter type, issue date, and validity. We do not disclose your name, email, phone number, conditions, or any other personal information to the verifier. The PDF of your letter is never shared through the verification page; only you can download it from your portal.
6. Therapist Communication and HIPAA
Communications with the licensed mental health professional evaluating your case are subject to HIPAA and state-level confidentiality laws on the clinician's side. ExpertESA itself is a referral and document-hosting platform and is not a HIPAA-covered entity. We collect only the self-reported conditions you provide on the intake form (for example, "anxiety," "depression," "PTSD") so we can route you to a clinician licensed in your state; we do not request or store prior medical records, treatment history, or external clinician notes. Landlords and third parties cannot access your self-reported conditions through ExpertESA.
7. Your Rights
Depending on your state of residence, you have the following rights regarding your personal information:
All users. You may: (1) request a copy of the personal information we hold about you; (2) ask us to correct inaccuracies; (3) ask us to delete your information, subject to any legal retention obligations; and (4) withdraw consent for future processing (note: this may end our ability to provide service).
California residents (CCPA/CPRA). The mental health information you share on our intake form is "sensitive personal information" under the California Consumer Privacy Act as amended by the California Privacy Rights Act. You have the right to: limit our use of your sensitive personal information to purposes necessary to provide the service; know what personal information we have collected and how it is used; request deletion; request correction; and be free from discrimination for exercising these rights. We do not sell or share your personal information for cross-context behavioral advertising. We process your sensitive information solely to evaluate your eligibility for an ESA/PSD letter and deliver the service you requested, this falls within the permitted uses under CPRA.
Virginia, Colorado, Connecticut, Texas, Indiana, Kentucky, and Rhode Island residents. Under applicable state data protection laws (VCDPA, CPA, CTDPA, TDPSA, INCDPA, KCDPA, and RIDTPPA), mental and physical health information is classified as sensitive personal data. We obtain your consent before processing this information for any purpose beyond delivering the service you requested. You have the right to access, correct, delete, and obtain a portable copy of your personal data. Connecticut residents also have the right to opt out of any profiling that produces legal or similarly significant effects.
Utah residents. Utah's Consumer Privacy Act classifies health information as sensitive data. You have the right to opt out of processing your sensitive data for purposes other than delivering the service you requested, and the right to correct inaccuracies in your personal data.
To exercise any of these rights, email support@expertesa.com. We will respond within 45 days (or sooner as required by your state's law) and may ask you to verify your identity before fulfilling a request.
8. Cookies and Tracking
ExpertESA uses cookies and local storage only to keep you signed in and to remember basic session state. We do not use third-party advertising trackers or behavioral analytics. If that changes, this policy will be updated before any new tracking is implemented.
9. Children
ExpertESA's service is intended for adults 18 and older. We do not knowingly collect information from anyone under 18.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the site. The "Effective date" at the top of this page reflects the latest revision.
11. Contact
Questions about this policy? Email support@expertesa.com.