Privacy Policy

Last revised: September 22, 2025

Medical Disclaimer

Please note that any health-related content on our website or in our communications is for informational and educational purposes only. Nothing on our site, newsletters, or other communications is intended to be a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified healthcare provider with any questions you have regarding a medical condition or before starting any new treatment or wellness program. Do not disregard professional medical advice or delay seeking it because of something you have read on our site. Using our website or communicating with us does not establish a doctor-patient relationship unless and until you formally become our patient (e.g., by registering through our Cerbo platform and being seen by our providers). If you are experiencing a medical emergency, call 911 immediately. The Healthy Place Clinic is not an emergency care provider, and our online services should not be used in urgent situations.

Introduction

Welcome to The Healthy Place Clinic (“we,” “us,” or “our”) Privacy Policy. The Healthy Place Clinic is an integrative and functional medicine clinic based in Madison, Wisconsin that is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or use our services, including any information provided through our HIPAA-compliant patient platform. It also outlines your rights regarding your personal data. We comply with applicable U.S. privacy laws, including the Health Insurance Portability and Accountability Act (“HIPAA”), Federal Trade Commission (FTC) guidelines, and relevant state laws. By using our website or services, you consent to the practices described in this Policy.

Note: This Privacy Policy is focused on U.S. laws. It is not intended to address GDPR or CCPA requirements, as those generally do not apply to our clinic. If you are an international user, be aware that our services are designed to comply with U.S. privacy laws.

Information We Collect

We collect personal information from our website users. The ways you interact with us determine the type of information we collect and how it is collected:

  • Personal Information (Non-PHI): When you use our website (as a non-patient visitor or prospective patient), we may collect personal information that is not part of your medical record. For example:

     

    • Contact and Inquiry Information: If you fill out a contact form, request information, or sign up for our email newsletter, we may collect your name, email address, phone number, and any information you choose to provide in your message.

       

    • Newsletter Sign-Up: We use a third-party service called Klaviyo to manage our email newsletter subscriptions. When you subscribe to our wellness newsletter, we collect your email address (and optionally your name) to send you periodic updates.

       

    • Website Usage Data: We use cookies and analytics tools (like Google Analytics) to automatically collect information about your device and browsing actions on our site. This may include your IP address, browser type, pages visited, referring URL, and the date/time of visits. This data helps us understand how our website is used and improve user experience. (See Cookies and Tracking Technologies below for more details.)

       

    • Online Forms and Scheduling: In some cases, our website may embed secure forms or links for scheduling appointments or patient intake through our Cerbo platform. When you enter information into those forms (e.g. to request an appointment), that information is collected and transmitted securely to our HIPAA-compliant system.

       

    • Social Media or Reviews: If you engage with us on social media or leave reviews/testimonials (with your consent), we may receive publicly available information about you from those platforms. We will treat such information in accordance with this Policy.

Note: Information that you provide that is not health-related (for example, signing up for a general newsletter or requesting a callback for more information) is not considered PHI and is not protected by HIPAA. However, we still treat such personal information with care under applicable consumer privacy laws. If you are not yet a patient, please do not share detailed medical information on general inquiry forms or via unsecure email; any health details you submit before establishing a patient relationship may not be subject to HIPAA until you become an actual patient of our clinic.

How We Use Your Information

Use of Non-PHI Personal Information: For website visitors and others who provide personal information, we use that information for legitimate business and communication purposes, including:

  • Providing Information or Services: If you submit a contact form or request information about our clinic or services, we will use your contact details to respond to your inquiry. For example, if you ask a question via our website, we will use your email or phone number to reply and provide the requested information.
  • Email Newsletters and Updates: If you sign up for our newsletter or mailing list, we will use your email address to send you our wellness tips, clinic news, upcoming events, or marketing communications about our services. We will only send marketing emails to those who have subscribed or otherwise explicitly consented to receive them. You always have the option to unsubscribe (opt-out) from these emails (see Email Communications below).
  • Analytics and Improvements: We use data collected through cookies and Google Analytics to understand how users navigate our website and to improve design, content, and functionality. For instance, we may analyze which pages are most visited or how users found our site, in order to optimize the user experience. This information is generally aggregated and not intended to identify individual users; we do not use analytics data to profile you individually for any decisions.
  • Advertising and Tracking: We use Google Analytics for analytics purposes only, and we do not serve targeted advertisements based on your browsing behavior. We also use Facebook Pixel to help us understand engagement and improve our services. If we add additional advertising or retargeting services in the future, we will update this Policy and provide appropriate opt-out mechanisms.
  • Operational Communications: We may use your contact information to send administrative communications related to our services. For example, we might email you to confirm an appointment request, notify you of changes to our services or policies, or send customer satisfaction surveys. These communications are generally not marketing in nature but are necessary as part of our service delivery or legal obligations.

No Sale of Personal Information: We want to reassure you that we do not sell your personal information to third parties for their own commercial use. We do not rent, trade, or share your information with outside marketers. Any information we share with third parties is only to support our operational needs as described in this Policy (e.g., with service providers under contract) and not for those third parties’ independent use. In particular, we do not sell any personal data for monetary gain. (Given our current practices, there is no need for you to “opt out” of sale of data, as no such sale is occurring.)

Note: Some state laws (e.g., in California and other states) define “sale” broadly to include certain data sharing. We do not engage in data sharing that would be considered a “sale” under those definitions. If you have questions about how we handle your data, please contact us.

Third-Party Service Providers and Data Sharing

We use trusted third-party services to help us operate our clinic and website. Whenever we share personal information with these third parties, we do so under strict conditions that protect your data. Key service providers we use include:

  • Klaviyo (Email Marketing Platform): We use Klaviyo to manage our email marketing campaigns and newsletter subscriber list. If you subscribe to our newsletter or opt in to marketing emails, your name and email address are stored in Klaviyo’s system. Klaviyo acts as our service provider for sending emails and analyzing email engagement (e.g., open rates, link clicks). They may use cookies or pixel tags in those emails to help us know if you opened an email or clicked a link. Klaviyo is not permitted to use your information except to send emails on our behalf; we do not allow them to share or sell your data. Every marketing email we send via Klaviyo will include an “Unsubscribe” link so you can opt out at any time. (Klaviyo’s platform is a widely used marketing tool; while it is not a healthcare platform, we ensure that we do not include personally identifiable information in our marketing emails. We use it mainly for general wellness content and clinic news to those who signed up.)
  • Google Analytics: Our website uses Google Analytics to collect general usage data. Google Analytics sets cookies in your browser to gather information such as your IP address (which may be truncated or anonymized by Google), browser type, device identifiers, the pages you visit, and how long you spend on the site. Google provides reports that help us understand website traffic and usage patterns. We use this information for internal purposes like improving site navigation, content, and overall user experience. We do not combine Google Analytics data with any personally identifiable information (we do not, for example, try to identify you by name through analytics data). Google Analytics may use its own technologies to track you across websites; however, we have not enabled Google’s advertising features on our site at this time. You can learn more about how Google Analytics processes data in Google’s own Privacy Policy. If you wish, you can opt out of Google Analytics tracking by using the Google Analytics Opt-Out Browser Add-on or by adjusting your browser’s Do Not Track settings (see Cookies below).

  • Payment Processors: If you make payments for services (such as paying for a visit or program online), those payments may be processed by third-party payment processors integrated with our systems (for example, Stripe via Cerbo or another secure payment gateway). These third-party processors will receive the necessary billing information (such as your name, payment card details, and billing address) to process the transaction. They are required to maintain PCI DSS compliance and secure your financial data. We do not store full credit card numbers on our own servers; any payment information you provide is tokenized and handled securely by the payment processor.
  • Other Vendors: In addition to the above, we may share information with other vendors for website hosting, data storage/backup, or email delivery (for appointment reminders, etc.). We require these service providers to protect your data and use it only under our instructions.
  • Third-Party Links: Our website may contain links to third-party websites or services that we do not operate or control. For example, we may provide a link to Fullscript (an online supplement dispensary) for visitors to purchase supplements, or links to external resources/articles. If you click on a third-party link, you will be directed to that third party’s site.

Note: This Privacy Policy does not apply to any website or service that we do not own. We are not responsible for the content, security, or privacy practices of external sites. We strongly encourage you to review the privacy policies of any third-party sites you visit through our links. 

Cookies and Tracking Technologies

Cookies: Like most websites, our site uses cookies and similar tracking technologies to enhance user experience and analyze usage. Cookies are small text files placed on your device that allow us or our service providers to recognize your browser. We use cookies for a few key purposes:

  • Essential Cookies: Some cookies are necessary for our website to function properly. For example, if our site has a patient login or scheduling feature, cookies might be used to keep you logged in securely or to remember your preferences.

     

  • Analytics Cookies: We use cookies set by Google Analytics to collect information about how visitors interact with our site (see “Google Analytics” above). These cookies collect information in an anonymous form (such as number of visitors, pages visited, time spent). This helps us improve the site’s content and structure.

     

  • Marketing Cookies: Currently, we do not use third-party advertising cookies on our site. If this changes (for example, if we implement re-targeting ads or social media pixels in the future), we will update this Policy and obtain consent if required by law.

     

Web Beacons and Pixels: Our marketing emails may contain a small electronic file called a web beacon (or pixel tag) that allows us to know when you open the email or click on a link. This helps us gauge the effectiveness of our communications and topics of interest. You can disable remote images in your email client if you prefer not to be tracked in this way, or simply unsubscribe if you do not want to receive further marketing emails.

Your Choices (Cookies): When you first visit our website, you may see a banner or notice about cookies. By continuing to use our site, you consent to our use of cookies as described. You have the ability to control or delete cookies through your browser settings. Most web browsers allow you to refuse some or all cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you disable cookies, some parts of our site (such as embedded scheduling or login features) may not function properly.

We currently do not respond to “Do Not Track” (DNT) signals from web browsers because there is no consistent industry standard for DNT. However, you can generally opt out of analytics as described above.

Email and SMS Communications

Email Communications: We may use your email address to communicate with you in various ways:

  • Marketing Emails (Newsletter): As noted, if you join our mailing list or are an existing patient who has opted in, we will send periodic newsletters, articles, or announcements. These emails are optional, and you can unsubscribe at any time by clicking the “unsubscribe” link in the footer of the email or by contacting us. We comply with the CAN-SPAM Act, meaning our marketing emails will clearly identify our clinic as the sender, avoid using misleading subject lines, and will include our contact address and a way to opt-out of future communications.

  • Email Safety and Privacy: Please note that standard email (outside of our secure patient portal) is not encrypted and may not be secure. If you choose to email us directly (for example, by sending a question to our info@clinic email address), do not include highly sensitive personal health information. While we will keep any such communications confidential, there is a risk that unencrypted email could be intercepted or accessed by unauthorized parties. For your privacy, we may respond to inquiries of a personal nature by suggesting you use our secure messaging platform or by asking you to schedule an appointment with us as a new or returning patient.

SMS/Text Messages: If you provide your mobile phone number to us, we may use it to send you text messages in certain situations:

  • Marketing/Wellness Texts: We generally will not send marketing text messages (SMS) about promotions or events unless you have separately opted in to such text notifications. If in the future we offer a program where you can opt in to receive wellness tips or promotional texts, we will obtain your explicit consent and provide clear instructions for stopping messages.
  • Your Choices (Texts): Providing a phone number for text messages is usually optional (except where needed for two-factor authentication or critical appointment communications). If at any time you prefer not to receive text messages from us, you can opt out. To stop receiving SMS, you may respond with keywords like “STOP” to any message (which should unsubscribe you automatically), or contact us to remove your number from text communications. Standard messaging and data rates from your carrier may apply to any texts we send or that you send to us.

No Emergency Use: Please do not use email or text messages to communicate urgent or emergency medical matters. Such communications can be delayed or overlooked. If you are experiencing a medical emergency or an urgent health issue, call 911 or go to the nearest emergency room. For urgent but non-emergency matters related to our services, please call our office directly. We do not monitor our email or texts 24/7, and we cannot guarantee an immediate response through these channels. Additionally, we are not an emergency or urgent care clinic and do not provide acute care services. 

Data Security

We take data security seriously and implement a combination of administrative, technical, and physical safeguards to protect your information:

  • Secure Technologies: Our website and patient portal use encryption to protect data in transit. For example, when you access our site or the Cerbo portal, the connection is encrypted with industry-standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) technology. You can verify this by looking for “https://” and a lock icon in your browser’s address bar when interacting with our site. The Cerbo platform also encrypts PHI while at rest on its servers, adding an extra layer of protection for stored data.
  • Access Controls: We limit access to personal information to those personnel who need it to perform their job duties (for example, our medical providers, billing staff, or customer service staff). Each staff member is trained on confidentiality and is required to follow policies protecting your data. Our electronic systems are password-protected, and we implement access controls within our EHR so that employees only access the minimum necessary information to do their work (in compliance with HIPAA’s minimum necessary rule).
  • Continuous Monitoring: We maintain up-to-date security software, firewalls, and antivirus protections on our systems. We monitor for any unauthorized access attempts and have procedures to investigate and respond to any suspicious activity.

Despite our rigorous efforts, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of data. However, we follow all applicable requirements under federal and state laws to protect your data. In the unlikely event of a security breach that compromises the privacy or security of your personal information or PHI, we will notify you as required by law. 

If you have any questions about the security of your data, feel free to contact us (see Contact Information below). We are happy to explain our safeguards in more detail or address specific concerns.

Data Retention and Destruction

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, and to comply with legal and professional obligations:

  • Website, Contact, and Marketing Data: Personal information that you provide to us outside of the medical context (for example, a contact form submission or newsletter subscription) will be retained for as long as we have an ongoing relationship with you and for a reasonable period thereafter. If you have subscribed to our newsletter, we will retain your email on our mailing list until you unsubscribe or until we decide to discontinue the newsletter service. If you unsubscribe, we may keep your email on a suppression list to ensure we honor your opt-out. Contact form inquiries may be retained for some time in our email archives or databases; we periodically review and delete inquiry data that is no longer needed.
  • Analytics Data: Data collected via Google Analytics and cookies is retained according to Google’s policies. We have set our Google Analytics data retention settings to a reasonable period (e.g., 14 months) after which user-level and event-level data stored by Google is deleted. We only view aggregate reports and do not store raw analytics data in a way that can be tied back to an individual over the long term.
  • Deletion of Data: If you wish to have us delete any information you have provided (such as your website account or email on file), you may contact us with a deletion request. We will honor such requests to the extent feasible and consistent with any legal obligations. For example, if you requested deletion of a general inquiry you sent us, we can delete correspondence from our active systems.  We also might not delete information that is anonymized or aggregated, as it no longer identifies you. Additionally, we maintain regular backups of our systems; your data might remain in secure backups for a time until those backups cycle out, even after active deletion.

When we dispose of data, we follow industry standards for secure deletion. Paper records are shredded or incinerated. Electronic data is deleted in a manner that prevents recovery, and hardware containing sensitive data is wiped or destroyed.

Children’s Privacy

Our services are primarily intended for adults, and we do not direct our website or marketing toward children under the age of 13. We do not knowingly collect personal information online from children under 13 without parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA). If you are under 13, please do not submit any personal information through our website. If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information.

We do not provide clinical services to minors under the age of 18 without parental or guardian consent. If a minor patient does receive services, we will require proper parental consent and will handle the minor’s health information in compliance with HIPAA and applicable Wisconsin laws on minor consent.

Parents or guardians: if you believe your child under 13 may have provided personal information on our site, please contact us and we will promptly investigate and remove any such information.

Phone: 608-467-8116
Email: hello@thehealthyplaceclinic.com


Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we update the Policy, we will revise the “Last Updated” date at the top of this page. If changes are significant, we may provide a more prominent notice (such as a banner on our website or an email notification to those affected or to our mailing list). We encourage you to review this Privacy Policy periodically for any changes.

Any changes will become effective when posted to our website, unless otherwise indicated. If you continue to use our website or services after a Privacy Policy update, it signifies your acceptance of the revised terms. 

If we ever plan to use or disclose personal information in a way that is materially different from what is stated in this Policy, we will notify affected individuals and allow an opportunity to consent or opt-out, as applicable, before the new use or disclosure.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

The Healthy Place Clinic 
515 Junction Road. Madison, WI 53717
Phone: 608-467-8116
Email: hello@thehealthyplaceclinic.com

You may also contact us in person at our clinic location during business hours.

We thank you for trusting The Healthy Place Clinic with your personal information. Your privacy is important to us. If you have any questions about this Privacy Policy or any privacy/security matter, please do not hesitate to reach out using the contact information above.