Privacy Policy

Effective date: January 2025

Joyful Roots Chiropractic (“we,” “us,” or “our”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at [https://www.joyfulrootschiropractic.com] (“Site”), schedule appointments, contact us, or otherwise interact with us online or offline.

This Policy is designed to comply with applicable privacy laws and to align with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) where they apply to us as a covered entity or business associate.

If you are a patient receiving care from us, your protected health information (“PHI”) is also governed by our Notice of Privacy Practices (NPP) under HIPAA. If any terms in this Privacy Policy conflict with our NPP as to PHI, the NPP controls for PHI.

1) Scope

This Policy applies to information collected through:
- Our public website and landing pages
- Contact, request, or scheduling forms you submit
- Phone, email, SMS, and chat communications
- Advertising and analytics tools used on our public website
This Policy does not apply to PHI created or received in the course of your treatment, payment, or health care operations that is subject to HIPAA and covered by our NPP.

2) Information We Collect

We may collect the following categories of information:

Contact and inquiry information: name, email, phone number, and message content
Appointment-related details you choose to submit through public forms
Marketing and analytics data: device identifiers, IP address, pages visited, time on page, referring URLs, and interactions with our content
Preference and cookie data collected via cookies, pixels, tags, SDKs, and similar technologies
Limited approximate location derived from IP address
Job or practice information if you submit it to us
PHI: To the extent you provide health-related information through non-clinical channels, we avoid collecting PHI through public tracking technologies and do not use PHI for advertising. PHI obtained in connection with care is handled per HIPAA and our NPP.

3) How We Use Information

We use information to:

Provide and improve our website, services, and customer support
Respond to inquiries and schedule appointments
Measure, analyze, and improve website performance and content
Conduct non-personalized marketing and, where permitted, present ads about our services
Detect, prevent, and respond to security incidents and misuse
Comply with laws, regulations, and legal processes

We do not use PHI for advertising or remarketing.

4) HIPAA, PHI, and De-identification

PHI created or received in the provision of care is safeguarded under HIPAA and our NPP.
We do not intentionally send PHI to advertising platforms, including Meta (Facebook and Instagram).
We take steps to avoid the collection or disclosure of PHI via public-facing tracking technologies. These steps may include:
- Segregating clinical portals from the marketing site
- Disabling or limiting tracking on pages where PHI may be entered
- Avoiding the use of user inputs that may include PHI for matching or targeting
- De-identifying data where appropriate per HIPAA de-identification standards

5) Facebook Ads, Meta Pixel, and Conversions API

We may use Meta’s advertising and analytics tools, including Meta Pixel and Conversions API, on our public website to understand site traffic and improve our outreach. We implement these tools to prevent the use or disclosure of PHI.

Our practices include:

No PHI for ads: We do not use PHI for targeting, retargeting, or creating lookalike audiences.
Limited Data Use: We configure Meta tools to classify data under Meta’s Limited Data Use and to restrict sensitive uses where available.
URL and form hygiene: We avoid sending health condition terms, appointment details, or other PHI in URLs, form fields, or custom events to Meta.
Advanced Matching controls: We disable or limit Advanced Matching where there is a risk of including PHI. We do not use fields like diagnosis, treatment details, insurance information, or other PHI for matching.
Segregation: We do not place Meta Pixel or similar tags on patient portals or pages that collect or display PHI.
Data minimization: We send only the minimum non-sensitive data necessary for site measurement.

Your choices related to Facebook Ads:

Manage ad preferences in your Facebook account to control how ads are shown.
Adjust cookie settings on our site using our cookie banner or your browser settings to limit tracking.
Opting out of cookies may affect site functionality.

For more information about how Meta processes data, visit Facebook’s Data Policy and Ad Preferences pages.

6) Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to:

Enable site functionality and security
Measure and improve performance
Understand aggregate usage to improve content

Types of cookies we may use:

Strictly necessary: required for basic site functionality
Performance and analytics: help us understand how the site is used
Advertising: used to measure the effectiveness of campaigns on our public site

You can manage cookies through our cookie settings banner and your browser preferences. Disabling certain cookies may limit site functionality.

7) How We Share Information

We may share information with:

Service providers that perform services for us, under contracts that require confidentiality and restrict use to providing services
Analytics and advertising vendors operating on our behalf on the public website
Law enforcement, regulators, or other parties when required by law or to protect rights and safety
Successors in interest in the event of a merger, acquisition, or asset transfer

We do not sell PHI. We do not disclose PHI to advertising platforms. Any disclosures of PHI to vendors are governed by Business Associate Agreements (BAAs) where required by HIPAA.

8) Data Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

9) Data Retention

We retain information for as long as needed for the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. PHI is retained in accordance with HIPAA and applicable state recordkeeping laws.

10) Your Choices

Marketing communications: Opt out of marketing emails by using the unsubscribe link in our emails.
Cookies and tracking: Manage cookie preferences via our banner and your browser settings. You can also use industry opt-out tools such as the Digital Advertising Alliance or Network Advertising Initiative websites to control interest-based advertising.
Facebook ad preferences: Adjust your ad settings within Facebook and Instagram to influence how ads are shown.

These choices do not affect our use of PHI for treatment, payment, or health care operations.

11) Patient Rights Under HIPAA

If HIPAA applies to your relationship with us as a patient, you may have rights to:

Access and obtain a copy of your PHI
Request corrections to your PHI
Request restrictions on certain uses and disclosures
Request confidential communications
Receive an accounting of disclosures
Obtain a copy of our Notice of Privacy Practices

To exercise HIPAA rights, please contact us using the information below or inquire during your visit.

12) Children’s Privacy

Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13 without appropriate parental consent.

13) International Visitors

Our services are intended for use in the United States. If you access the site from outside the U.S., information may be processed in the U.S. where laws may differ from those in your jurisdiction.

14) Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” above indicates when this Policy was last revised. Please review it periodically.