PRIVACY POLICY

Effective Date: February 1, 2026
Last Updated: February 1, 2026

These policies are subject to review and may be updated

Introduction

Denver Lymphatic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.denlymphatic.com and use our services.

By using our website or services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our website or services.

Information We Collect

Personal Information You Provide:

When you use our website or services, we may collect the following personal information:

  • Contact Information: Name, email address, phone number, mailing address

  • Account Information: Username, password (if you create an account)

  • Health Information: Medical history, conditions, medications, treatment information (Protected Health Information under HIPAA)

  • Payment Information: Credit card details, billing address (processed securely through our payment processor)

  • Appointment Information: Scheduling details, session notes, treatment history

  • Communication Information: Messages, emails, phone calls with our practice

Information Automatically Collected:

When you visit our website, we may automatically collect:

  • Usage Data: IP address, browser type, device information, pages visited, time spent on pages

  • Cookies and Tracking: We use cookies and similar technologies to enhance your experience (see Cookies section below)

  • Analytics Data: We use Google Analytics to understand website usage and improve our services

How We Use Your Information

We use your information for the following purposes:

Providing Services:

  • Schedule and manage appointments

  • Provide Manual Lymphatic Drainage therapy

  • Maintain treatment records

  • Communicate about your care

  • Process payments

  • Send appointment reminders

Business Operations:

  • Respond to inquiries and customer service requests

  • Improve our website and services

  • Analyze usage patterns

  • Comply with legal obligations

  • Prevent fraud and ensure security

Marketing Communications (with your consent):

  • Send newsletters and updates

  • Inform you of promotions or new services

  • You may opt out at any time

Legal Compliance:

  • Comply with HIPAA and healthcare regulations

  • Respond to legal requests

  • Protect our legal rights

How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers:

  • Scheduling Software: Acuity Scheduling (for appointment management)

  • Payment Processors: Square/Stripe (for payment processing)

  • Email Services: Google Workspace (for business communications)

  • Website Hosting: Squarespace (for website hosting)

  • Analytics: Google Analytics (for website analytics)

These third parties are contractually obligated to protect your information and use it only for the purposes we specify.

Healthcare Providers (with your consent):

  • Your referring physician or healthcare provider

  • Other healthcare professionals involved in your care

  • Only with your written authorization

Legal Requirements:

  • When required by law, court order, or legal process

  • To protect our rights, property, or safety

  • To prevent fraud or illegal activity

  • In connection with legal proceedings

Business Transfers:

  • If we are involved in a merger, acquisition, or sale of assets, your information may be transferred (you will be notified)

Protected Health Information (PHI) and HIPAA

As a healthcare provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA). Your health information is Protected Health Information (PHI) and is subject to strict confidentiality requirements.

Our HIPAA Obligations:

  • We maintain physical, technical, and administrative safeguards to protect your PHI

  • We only use and disclose your PHI as permitted by law and our Notice of Privacy Practices

  • You have rights regarding your PHI, including the right to access, amend, and request restrictions

Notice of Privacy Practices: You will receive our Notice of Privacy Practices at your first appointment, which provides detailed information about how we use and disclose your PHI.

For questions about HIPAA or your PHI rights, contact us at the information below.

Data Security

We implement reasonable security measures to protect your information from unauthorized access, use, or disclosure, including:

  • Secure Socket Layer (SSL) encryption for data transmission

  • Secure payment processing (PCI-DSS compliant)

  • Password-protected systems

  • Limited access to personal information (only authorized personnel)

  • Regular security assessments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Cookies and Tracking Technologies

What Are Cookies: Cookies are small data files stored on your device that help us improve your experience.

How We Use Cookies:

  • Essential Cookies: Necessary for website functionality (scheduling, account access)

  • Analytics Cookies: Google Analytics to understand website usage

  • Preference Cookies: Remember your settings and preferences

Managing Cookies: You can control cookies through your browser settings. However, disabling cookies may limit website functionality.

Third-Party Cookies:

  • Google Analytics (analytics and reporting)

  • Square/Stripe (payment processing)

  • Acuity Scheduling (appointment management)

These third parties have their own privacy policies governing their use of cookies.

Your Privacy Rights

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you

Correction: Request correction of inaccurate or incomplete information

Deletion: Request deletion of your personal information (subject to legal obligations)

Restriction: Request restriction of processing in certain circumstances

Portability: Request transfer of your information to another provider

Objection: Object to processing of your information for certain purposes

Opt-Out: Unsubscribe from marketing communications at any time

HIPAA Rights: As a healthcare patient, you have additional rights under HIPAA (see Notice of Privacy Practices)

To Exercise Your Rights: Contact us at contact@denlymphatic.com or [phone number]. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold

  • Right to delete personal information

  • Right to opt-out of sale of personal information (we do not sell personal information)

  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at contact@denlymphatic.com.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it immediately.

If you believe we have collected information from a child, please contact us immediately.

International Users

Our website is operated in the United States and is intended for users in the United States. If you are accessing our website from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

By using our website or services, you consent to the transfer of your information to the United States.

Third-Party Links

Our website may contain links to third-party websites (e.g., social media, professional associations). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any information.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Active Client Records: Duration of client relationship plus 7 years (Colorado requirement)

  • Health Records: Minimum 7 years after last treatment (HIPAA requirement)

  • Financial Records: 7 years (IRS requirement)

  • Marketing Data: Until you opt out or we determine it is no longer needed

After the retention period, we securely delete or anonymize your information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new "Last Updated" date.

For material changes, we will notify you by:

  • Posting a notice on our website

  • Sending an email to the address on file

  • Notifying you at your next appointment

Your continued use of our website or services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Denver Lymphatic
Phone: (720) 251-4884
Email: contact@denlymphatic.com
Website: www.denlymphatic.com