SurroStudy

Menu

SurroStudy

Privacy Policy

Effective Date: February 26, 2026

Last Updated: February 26, 2026

1. INTRODUCTION

SurroStudy (“we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of personal information collected through our website (https://surrostudy.com) and during the provision of our independent home evaluation services for surrogacy arrangements.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services. By using our website or services, you consent to the data practices described in this policy.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

  • Information collected through our website (https://surrostudy.com)
  • Information collected during consultations, intake processes, and evaluations
  • Information received from third parties in connection with our services
  • Communications between SurroStudy and clients, evaluation subjects, and third parties

This policy applies to all users of our website and services, including intended parents, gestational carriers, surrogacy agencies, fertility clinics, attorneys, and other professionals involved in surrogacy arrangements.

3. INFORMATION WE COLLECT

3.1 Personal Identifying Information

We collect personal identifying information including:

  • Full legal name, date of birth, Social Security Number
  • Current and previous addresses
  • Contact information (phone numbers, email addresses)
  • Government-issued identification (driver’s license, passport)
  • Emergency contact information

3.2 Family and Relationship Information

  • Marital status and relationship history
  • Information about spouse or partner
  • Information about children and other household members
  • Extended family information
  • Support system and social network details

3.3 Medical and Mental Health Information

  • Medical history and current health conditions
  • Mental health history and treatment
  • Medication and prescription information
  • Reproductive history (for gestational carriers)
  • Pregnancy and childbirth history
  • Substance use history
  • Healthcare provider information

3.4 Financial Information

  • Income and employment information
  • Assets and liabilities
  • Credit history information (when applicable)
  • Tax information
  • Bank account information
  • Payment card information for service fees

3.5 Background and Criminal History

  • Criminal history and background check results
  • Child protective services involvement history
  • Legal history and litigation
  • Driving records

3.6 Employment and Education Information

  • Employment history and current employment status
  • Employer contact information
  • Educational background
  • Professional licenses and certifications

3.7 Home Environment Information

  • Photographs of home interior and exterior
  • Home ownership or rental status
  • Living conditions and household composition
  • Safety and suitability assessments
  • Neighborhood and community information

3.8 References and Third-Party Information

  • Names and contact information of personal references
  • Professional references
  • Statements and assessments from references
  • Information from previous home evaluations

3.9 Information About Minor Children

When evaluating intended parents or gestational carriers who have minor children, we collect:

  • Names, ages, and relationships of children in the household
  • Educational and developmental information
  • Childcare arrangements
  • Observations of parent-child interactions

3.10 Website Usage Information

When you visit our website, we automatically collect:

  • IP address and geographic location
  • Browser type and version
  • Pages visited and time spent on pages
  • Referring website or source
  • Device information (type, operating system)
  • Cookies and similar tracking technologies

3.11 Communications and Correspondence

  • Email communications
  • Phone call logs and recordings (if applicable)
  • Video conference recordings (if applicable)
  • Contact form submissions
  • Interview notes and transcripts

Note: We will inform you if interviews or consultations are being recorded and obtain your consent before recording.

4. HOW WE COLLECT INFORMATION

4.1 Directly From You

We collect most information directly from you through:

  • Consultation request forms on our website
  • Intake questionnaires and applications
  • Interviews (in-person, phone, or video)
  • Email and other written correspondence
  • Document submissions (tax returns, medical records, etc.)
  • Home visits and observations

4.2 From Third Parties

We may receive information about you from:

  • Surrogacy agencies that engage our services on your behalf
  • Fertility clinics and medical providers
  • Attorneys and legal representatives
  • Personal and professional references you provide
  • Background check providers and verification services
  • Previous home evaluation providers
  • Public records and databases

4.3 Through Third-Party Service Providers

We use third-party services to collect certain information:

  • Background check services for criminal history verification
  • Credit reporting agencies (when applicable)
  • Employment and reference verification services
  • Website analytics providers (e.g., Google Analytics)
  • Payment processors for service fees

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

5.1 Primary Service Delivery

  • Conducting comprehensive home evaluations
  • Preparing evaluation reports and documentation
  • Assessing suitability and readiness for surrogacy
  • Identifying potential risks or concerns
  • Ensuring informed consent of all parties

5.2 Communication and Coordination

  • Responding to inquiries and consultation requests
  • Scheduling appointments and interviews
  • Coordinating with surrogacy agencies, clinics, and attorneys
  • Providing updates on evaluation status
  • Clarifying report contents and responding to questions

5.3 Administrative and Business Operations

  • Processing payments and managing billing
  • Maintaining client records and files
  • Managing service agreements and contracts
  • Generating invoices and financial records

5.4 Legal and Professional Compliance

  • Complying with legal and regulatory requirements
  • Fulfilling mandatory reporting obligations
  • Responding to court orders and legal process
  • Meeting professional standards and ethical requirements
  • Maintaining professional liability insurance

5.5 Quality Improvement and Professional Development

  • Internal quality assurance and improvement
  • Professional consultation and supervision (with de-identified information)
  • Training and education purposes (aggregated and de-identified data only)
  • Evaluation of service effectiveness

5.6 Website Functionality and Security

  • Operating and maintaining our website
  • Analyzing website usage and improving user experience
  • Preventing fraud and enhancing security
  • Troubleshooting technical issues

We do not use your personal information for marketing, advertising, or promotional purposes without your explicit consent.

6. INFORMATION SHARING AND DISCLOSURE

To maintain the highest standards of data security and legal compliance, SurroStudy strictly limits the sharing of personal and health information to third parties who have executed a formal Business Associate Agreement (BAA) as defined by the Health Insurance Portability and Accountability Act (HIPAA). 

6.1 Sharing of Evaluation Reports

We will only share your evaluation report and sensitive data with authorized recipients who meet these criteria:

  • The client who engaged and paid for our services (which may be you, a surrogacy agency, or intended parents)
  • The evaluation subject (if different from the client)
  • Surrogacy agencies involved in the arrangement
  • Fertility clinics and medical professionals
  • Attorneys representing parties to the surrogacy arrangement
  • Matching intended parents and gestational carriers (when appropriate to the specific arrangement)
  • Other parties specifically authorized by you in writing

We obtain appropriate consent and authorization before sharing reports. The scope and recipients of report distribution are established during the intake process and documented in our service agreement.

6.2 Disclosures Required by Law

We may disclose your information without your consent when required by law:

  • In response to court orders, subpoenas, or other legal process
  • To comply with mandatory reporting obligations for:

  Suspected child abuse or neglect

  Suspected elder or dependent adult abuse

  Imminent danger to self or others

  • In response to government agency investigations or inquiries
  • To professional licensing boards when required
  • To law enforcement when legally obligated

6.3 Third-Party Service Providers

We share limited information with service providers who assist us in delivering our services:

  • Background check and verification services: We provide identifying information necessary to conduct criminal background checks, employment verification, and reference checks.
  • Credit reporting agencies: When financial information is required for evaluation purposes, we may use credit reporting services.
  • Payment processors: We share payment information necessary to process service fees.
  • Technology service providers: Email services, cloud storage providers, and other technology vendors receive information necessary to deliver their services.
  • Website hosting and analytics providers: These services receive website usage data.

All service providers are contractually bound to protect your information, use it only for specified purposes, and maintain confidentiality in accordance with applicable laws and professional standards.

6.4 Professional Consultation

We may consult with other professionals regarding evaluation cases when necessary for quality assurance, complex cases, or professional development. In such cases:

  • Information is de-identified to the greatest extent possible
  • Consultants are bound by confidentiality obligations
  • Only information necessary for consultation purposes is shared
  • Consultations are conducted in accordance with professional ethical standards

6.5 Business Transfers

If SurroStudy is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

6.6 What We Do NOT Share

We do not:

  • Sell your personal information to third parties
  • Share your information for marketing purposes without your consent
  • Disclose your information to unauthorized parties
  • Use your information for purposes unrelated to the services you engaged
  • Share evaluation reports beyond authorized recipients without your consent

6.7 Multi-State Data Transfer

Because we serve clients nationwide, your information may be transferred to and processed in states other than where you reside. We take appropriate measures to ensure your information is protected regardless of location, in accordance with applicable state privacy laws.

7. HEALTH INFORMATION AND HIPAA COMPLIANCE

7.1 HIPAA Status

SurroStudy is not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) as we do not submit electronic healthcare claims to insurance companies. However, we handle sensitive health information with the same level of care and protection as if we were HIPAA-covered.

7.2 Protected Health Information (PHI)

We collect and maintain Protected Health Information (PHI) including medical history, mental health information, reproductive history, and other health-related data. This information is:

  • Stored securely using encryption and access controls
  • Accessed only by authorized personnel
  • Shared only as authorized and necessary for evaluation purposes
  • Protected in accordance with industry best practices

7.3 Business Associate Agreements

When we work with HIPAA-covered entities such as fertility clinics, we enter into Business Associate Agreements (BAAs) as required. These agreements ensure that any PHI we receive from covered entities is handled in accordance with HIPAA requirements.

8. DATA SECURITY AND PROTECTION

8.1 Security Measures

We implement comprehensive security measures to protect your information:

  • Encryption: Data is encrypted both in transit (using SSL/TLS) and at rest (using industry-standard encryption protocols)
  • Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive information
  • Authentication: Multi-factor authentication for systems containing sensitive data
  • Physical Security: Paper records stored in locked, secure locations with limited access
  • Network Security: Firewalls, intrusion detection, and regular security updates
  • Secure Communication: Encrypted email for sensitive communications
  • Regular Backups: Encrypted backups stored securely
  • Audit Logs: Tracking of access to sensitive information

8.2 Employee Training and Confidentiality

All SurroStudy employees, contractors, and consultants:

  • Sign confidentiality agreements
  • Receive regular training on privacy and security practices
  • Have access only to information necessary for their job functions
  • Are subject to disciplinary action for privacy or security violations

8.3 Email and Communication Security

Important security considerations:

  • Email is not completely secure: Standard email is not fully encrypted and may be intercepted
  • We offer secure portals: For highly sensitive information, we provide secure file transfer options
  • Client responsibility: You should avoid including extremely sensitive information in unencrypted emails
  • Encrypted options available: Contact us if you prefer encrypted communication methods

8.4 Limitations of Security

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge and accept this inherent risk when providing information to us electronically.

9. DATA RETENTION AND DESTRUCTION

9.1 Retention Periods

We retain your information for the following periods:

  • Completed Evaluations: Minimum of seven (7) years from the date of the final report, in accordance with professional standards and legal requirements
  • Incomplete Evaluations: Three (3) years from the date of last contact
  • Consultation Inquiries (no services rendered): One (1) year from date of inquiry
  • Financial Records: Seven (7) years from date of transaction, as required by tax laws
  • Website Usage Data: Typically 24-36 months, or as configured in analytics tools

9.2 Extended Retention

We may retain information beyond standard retention periods when:

  • Required by law or court order
  • Necessary for legal proceedings or potential claims
  • Required for professional liability insurance purposes
  • You specifically request continued retention

9.3 Secure Destruction

When retention periods expire and information is no longer needed, we securely destroy it using:

  • Secure deletion or degaussing for electronic records
  • Shredding or pulverization for paper records
  • Secure erasure of backup copies

9.4 Withdrawal and Cancellation

If you withdraw from the evaluation process or cancel services:

  • Information collected up to the point of withdrawal is retained according to our standard retention policy
  • You may request deletion of certain information, subject to legal and professional obligations
  • We cannot delete information when retention is required by law or professional standards
  • Partial evaluations and preliminary assessments may still be subject to retention requirements

See Section 12 for information about your data privacy rights, including deletion requests.

10. DATA BREACH NOTIFICATION

10.1 What Constitutes a Breach

A data breach occurs when there is unauthorized access to, disclosure of, or loss of personal information that compromises the security, confidentiality, or integrity of that information.

10.2 Notification Procedures

In the event of a data breach involving your personal information, we will:

  • Investigate the breach promptly
  • Notify affected individuals without unreasonable delay, and no later than required by applicable law (typically within 60-72 hours for serious breaches)
  • Notify applicable regulatory authorities as required by law
  • Notify third parties who received your information if appropriate

10.3 Notification Contents

Breach notifications will include:

  • Description of what happened
  • Types of information involved
  • Steps we are taking to address the breach
  • Recommendations for protecting yourself
  • Contact information for questions

10.4 Remediation

Following a breach, we will:

  • Take immediate steps to contain and mitigate the breach
  • Conduct a thorough investigation
  • Implement additional security measures to prevent future incidents
  • Offer credit monitoring or identity theft protection services if appropriate
  • Provide ongoing updates as the situation develops

If you believe your information has been compromised, please contact us immediately using the contact information in Section 19.

11. COOKIES AND WEBSITE TRACKING TECHNOLOGIES

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us understand how you use our site and improve your experience.

11.2 Types of Cookies We Use

  • Essential Cookies: Required for basic website functionality (e.g., security, form submission)
  • Analytics Cookies: Help us understand website usage through services like Google Analytics
  • Functional Cookies: Remember your preferences and settings
  • Performance Cookies: Monitor website performance and identify technical issues

11.3 Third-Party Analytics

We use Google Analytics to analyze website traffic and usage patterns. Google Analytics uses cookies to collect information such as:

  • Pages visited and time spent on site
  • Browser type and device information
  • Geographic location (city/state level)
  • Referring websites

This information is anonymized and aggregated. Google’s use of this data is governed by their privacy policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

11.4 Managing Cookies

You can control cookies through your browser settings:

  • Block all cookies
  • Block third-party cookies only
  • Delete existing cookies
  • Receive notifications when cookies are set

Note that blocking or deleting cookies may affect website functionality.

11.5 Do Not Track Signals

Some browsers have “Do Not Track” features. Currently, there is no industry standard for responding to Do Not Track signals, and our website does not respond to these signals. We will update this policy if we implement Do Not Track functionality in the future.

12. YOUR PRIVACY RIGHTS

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request information about the personal information we have collected about you, including:

  Categories of personal information collected

  Sources from which information was collected

  Business or commercial purposes for collection

  Categories of third parties with whom we share information

  Specific pieces of personal information we hold about you

  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions (legal obligations, professional requirements, etc.)
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information as defined by CCPA/CPRA
  • Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information to purposes necessary to provide our services
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

12.2 Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have similar rights, including:

  • Right to access personal information
  • Right to correct inaccuracies
  • Right to delete personal information
  • Right to data portability
  • Right to opt out of targeted advertising and sale of personal information

12.3 How to Exercise Your Rights

To exercise your privacy rights, you may:

  • Email us at: hello@surrostudy.com
  • Call us at: 307-228-7444

You may also designate an authorized agent to make requests on your behalf. The authorized agent must provide proof of authorization.

12.4 Verification Process

To protect your privacy, we must verify your identity before responding to privacy rights requests. We may ask for:

  • Name, date of birth, and contact information
  • Last four digits of Social Security Number
  • Answers to security questions
  • Confirmation of information previously provided to us

12.5 Response Timeline

We will acknowledge receipt of your request within 10 business days and respond substantively within 45 days. If we need additional time (up to 90 days total), we will notify you of the extension and the reason.

12.6 Limitations on Rights

Your privacy rights are subject to certain limitations:

  • We cannot delete information when retention is required by law
  • We cannot delete evaluation records subject to professional record retention requirements
  • We may retain information necessary for legal proceedings or compliance
  • We cannot provide information that would violate attorney-client privilege or other legal protections
  • Some information may not be retrievable or may be commingled with other records

12.7 Right to Appeal

If we deny your privacy rights request, you have the right to appeal that decision. Appeal instructions will be provided with any denial notice. Residents of certain states may also have the right to file a complaint with their state attorney general.

13. CONFLICTS BETWEEN PRIVACY RIGHTS AND PROFESSIONAL OBLIGATIONS

In some cases, your privacy rights may conflict with our professional, legal, or ethical obligations. When such conflicts arise:

  • Professional Record Retention: We must retain evaluation records for minimum periods regardless of deletion requests
  • Legal Obligations: Court orders, subpoenas, and mandatory reporting requirements override privacy preferences
  • Evaluation Integrity: Completed evaluation reports cannot be altered or deleted at the request of subjects if doing so would compromise professional integrity
  • Third-Party Rights: When multiple parties have rights to evaluation reports (e.g., intended parents and gestational carriers), we balance competing privacy interests
  • Safety Concerns: Information related to mandatory reporting obligations (child abuse, danger to self or others) cannot be deleted or limited

We will explain any such conflicts when responding to your privacy rights requests and work with you to honor your preferences to the greatest extent possible within our legal and professional constraints.

14. CHILDREN’S PRIVACY

14.1 Services Not Directed to Children

Our website and services are not directed to children under 18. We do not knowingly collect personal information from children through our website or marketing activities.

14.2 Information About Children in Evaluations

During home evaluations, we collect information about minor children living in the households of intended parents or gestational carriers. This information:

  • Is collected only as necessary for evaluation purposes
  • Is protected with the same security measures as adult information
  • Is disclosed only as part of authorized evaluation reports
  • Is subject to enhanced protections under applicable law

14.3 Parental Rights

Parents and legal guardians have the right to:

  • Review information collected about their minor children
  • Request correction of inaccurate information
  • Request deletion of children’s information (subject to evaluation record retention requirements)

14.4 Notification to Parents

If we discover that we have inadvertently collected personal information from a child under 13 through our website, we will delete that information immediately and notify the child’s parent or guardian if contact information is available.

15. INTERNATIONAL USERS AND DATA TRANSFERS

15.1 U.S.-Based Services

SurroStudy is based in the United States and our services are primarily provided to U.S. residents. Our servers and data storage facilities are located in the United States.

15.2 International Clients

If you are located outside the United States and choose to use our services:

  • Your information will be transferred to and processed in the United States
  • U.S. data protection laws may differ from those in your country
  • By using our services, you consent to the transfer of your information to the United States

15.3 GDPR Rights (European Union Residents)

If you are a resident of the European Union, you have rights under the General Data Protection Regulation (GDPR), including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Contact us using the information in Section 19 to exercise these rights.

16. THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites, services, or resources (such as surrogacy agencies, fertility clinics, or professional organizations). This Privacy Policy does not apply to those third-party sites.

We are not responsible for the privacy practices of third-party websites. We encourage you to read the privacy policies of any third-party sites you visit.

When we share your evaluation report with third parties (agencies, clinics, attorneys) as authorized, those third parties become independently responsible for protecting your information in accordance with their own privacy policies and applicable laws.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

17.1 How We Notify You of Changes

  • Material Changes: We will notify active clients via email at least 30 days before material changes take effect
  • Minor Changes: We will post updated policies on our website with a revised “Last Updated” date
  • Website Notice: A prominent notice will appear on our homepage when significant changes are made

17.2 Your Acceptance of Changes

Continued use of our website or services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should discontinue use of our services and may request deletion of your information (subject to retention requirements).

17.3 Previous Versions

We maintain archived versions of previous Privacy Policies. You may request copies of previous versions by contacting us.

18. QUESTIONS, COMPLAINTS, AND CONCERNS

18.1 Contacting Us About Privacy

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

Email: hello@surrostudy.com (Subject line: Privacy Inquiry)

Phone: 307-228-7444

18.2 Response Timeline

We will acknowledge receipt of privacy inquiries within 5 business days and provide a substantive response within 30 days.

18.3 Regulatory Complaints

You also have the right to file a complaint with:

  • California residents: California Attorney General’s Office
  • EU residents: Your local Data Protection Authority
  • Other state residents: Your state Attorney General or consumer protection office

We encourage you to contact us first so we can address your concerns directly.

19. CONTACT INFORMATION

SurroStudy

Phone: 307-228-7444

Email: hello@surrostudy.com

Website: https://surrostudy.com

20. ACKNOWLEDGMENT AND CONSENT

BY USING OUR WEBSITE OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE OUR WEBSITE OR SERVICES.

* * *

This Privacy Policy is effective as of the date listed above and applies to all information collected by SurroStudy on or after that date.