Heart of Wellness Website Privacy Policy

Effective date: January 1, 2026
Last updated: January 1, 2026

Introduction

This Privacy Policy explains how Heart of Wellness (“Heart of Wellness,” “we,” “our,” or “us”) collects, uses, and shares information from visitors to heartofwellness.org and any related web pages we operate (the “Website”). It applies only to the Website.

This policy does not cover the information we collect, use, or disclose when you become a patient. Our handling of protected health information as a HIPAA-covered healthcare provider is governed by our Notice of Privacy Practices, which every patient receives at intake and which is posted in our clinic. If you would like another copy, ask the front desk or call 360-570-0401.

By using the Website, you agree to the practices described here. If you do not agree, please do not use the Website.

Who We Are

Heart of Wellness
205 Clark Place SE
Tumwater, WA 98501
Phone: 360-570-0401
Toll-free: 888-675-1828
Fax: 360-570-2060
Email: info@heartofwellness.org

 

Information We Collect From the Website

We collect three categories of information through the Website:

Information you give us directly

If you send us an email through a link on the Website, request a callback, leave a voicemail referenced from the Website, sign up for a newsletter, or otherwise contact us, we receive the information you choose to provide. This typically includes your name, phone number, email address, and any message content you send.

We ask that you do not include detailed health information in unencrypted email. If you need to share clinical details, please call the office or use the secure patient portal.

Information collected automatically

When you visit the Website, our servers and our third-party analytics and advertising providers automatically receive standard web log information, including your IP address, approximate location derived from that IP address, device type, operating system, browser type and version, referring and exit pages, pages viewed, time spent on pages, and interaction events such as clicks and scroll depth.

This information is collected through cookies, pixels, tags, and similar technologies.

Information from third-party services

If you click through to our patient portal, online scheduling system, or online store (hosted by HealthWave HQ), you leave the Website and their privacy terms apply in addition to ours. If you interact with our social media accounts or with third-party review and directory platforms like Yelp, Google, Facebook, Instagram, and similar services, those platforms provide us with limited engagement, review, and audience information subject to their own policies.

How We Use This Information

  • Respond to your questions, requests, and communications.
  • Operate, secure, and improve the Website.
  • Understand how visitors use the Website so we can make it more useful.
  • Provide, measure, and improve our educational and marketing content.
  • Show ads for our services on other websites and social media, and measure whether those ads lead to visits or new patient appointments.
  • Comply with our legal and regulatory obligations.

We do not sell your personal information for money. Some of the advertising and analytics activity described above may qualify as a “sale” or “sharing” under certain state privacy laws, including the California Consumer Privacy Act as amended. See Your Choices and Rights below.

Cookies and Similar Technologies

Cookies are small files stored on your device. We and our providers use several types:

  • Strictly necessary cookies make the Website function.
  • Analytics cookies help us understand traffic and usage.
  • Advertising and retargeting cookies let us show Heart of Wellness ads to people who have visited the Website and measure ad performance.

The third-party services that may be active on the Website include Google (Google Analytics, Google Tag Manager, Google Ads, Google Business Profile, and related Google advertising services), Meta (Facebook Pixel and related tools for audience measurement and advertising on Facebook and Instagram), and Yelp (review, directory, and advertising tools). The specific mix of third-party services active on the Website may change over time as we review and adjust our analytics and advertising tooling.

These providers receive your IP address, the URL of the page you are viewing on our Website, referral information, and identifiers stored in cookies they set. They act as independent controllers of that data under their own privacy policies.

Heart of Wellness periodically reviews the third-party tracking active on the Website to minimize the information shared with advertising platforms, consistent with evolving guidance from the U.S. Department of Health and Human Services Office for Civil Rights on tracking technologies and healthcare.

We do not place advertising or analytics trackers on pages that handle protected health information, and our patient portal, scheduling, billing, and electronic health record systems are separate from the public Website. You can opt out of non-essential tracking at any time using the controls described below.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Your Choices and Rights

Do Not Track and Browser Controls

You can set your browser to block cookies, delete cookies, or warn you before a cookie is stored. Blocking all cookies will affect how the Website works. Many browsers also send a “Do Not Track” or Global Privacy Control signal. We honor the Global Privacy Control as an opt-out of the sale or sharing of personal information where applicable.

Advertising Opt-Outs

You can opt out of interest-based advertising from many participating companies at optout.aboutads.info and optout.networkadvertising.org.

You can also opt out of Google’s personalized advertising at adssettings.google.com and Meta’s at facebook.com/adpreferences.

State Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding personal information we hold about you:

  • The right to know what personal information we collect, use, and disclose.
  • The right to access a copy of that information.
  • The right to correct inaccurate information.
  • The right to delete personal information, subject to legal exceptions.
  • The right to opt out of the sale or sharing of personal information and of targeted advertising.
  • The right to limit the use of sensitive personal information.
  • The right not to be discriminated against for exercising these rights.

These rights are provided by laws such as the California Consumer Privacy Act as amended by the CPRA, the Washington My Health My Data Act, and similar laws in Colorado, Connecticut, Virginia, Oregon, Texas, and other states.

To exercise any of these rights, email info@heartofwellness.org or call 360-570-0401.

Washington My Health My Data Act

If you are a Washington consumer, you have additional rights under the Washington My Health My Data Act regarding any “consumer health data” we collect through the Website. You may withdraw consent, request deletion of consumer health data, and request a list of the third parties with whom we have shared consumer health data. We do not sell consumer health data.

Protected health information already covered by HIPAA is generally exempt from the Washington My Health My Data Act and is governed instead by our Notice of Privacy Practices.

Appeals

If we deny your request, you may appeal by replying to our response or contacting us at info@heartofwellness.org. If you are unsatisfied with the outcome, you may contact your state attorney general.

How We Share Information

We share information collected through the Website only in the circumstances described here:

  • Service providers. We share information with vendors that host the Website, send email on our behalf, provide analytics, serve ads, and support our operations.
  • Advertising and analytics partners. As described above, the analytics and advertising services active on the Website receive certain information automatically.
  • Legal and safety. We may disclose information when we believe in good faith that disclosure is required by law, legal process, or regulatory request.
  • Business transfers. If Heart of Wellness is involved in a merger, acquisition, sale of assets, or reorganization, information may be transferred as part of that transaction.
  • With your direction. We share information when you direct us to, for example, when you ask us to forward a message or submit a referral.

We do not sell personal information for money. We do not intentionally disclose protected health information to advertising or analytics platforms through our public Website, and our electronic health record, patient portal, billing system, and other clinical systems are separate from the public Website and governed by HIPAA and our Notice of Privacy Practices.

Data Retention

We keep Website information only as long as we need it for the purposes described in this policy. Email inquiries are retained while they are relevant to your request and for a reasonable period afterward for recordkeeping. Analytics data is typically retained in aggregated form for up to 26 months. Advertising cookies expire according to each provider’s settings, generally between 30 days and 2 years.

Information that is also part of a patient record is retained under the schedule described in our Notice of Privacy Practices and Washington State recordkeeping law.

Security

We use reasonable administrative, technical, and physical safeguards to protect information collected through the Website. No system is perfectly secure, and we cannot guarantee the security of information transmitted to or from the Website.

Please do not send sensitive health information through unencrypted channels; use the secure patient portal or call the office.

Breach Notification

If we determine that a breach of unsecured personal information collected through the Website has occurred, we will notify affected individuals as required by applicable federal and state law. Breaches involving protected health information are separately addressed by HIPAA and described in our Notice of Privacy Practices.

Children’s Privacy

The Website is directed to adults. We do not knowingly collect personal information from children under 13 through the Website. If you believe a child under 13 has provided us with personal information through the Website, please contact us and we will delete it.

Pediatric patients of the practice are handled through normal clinical intake with parental or guardian involvement, governed by HIPAA.

Links to Other Websites

The Website links to sites we do not operate, including our patient portal and online store at healthwavehq.com, our social media profiles, and educational resources. We are not responsible for the privacy practices of those sites. Review their privacy policies before providing information.

Visitors From Outside the United States

Heart of Wellness operates in the United States. If you access the Website from another country, you understand that your information will be processed in the United States, where privacy laws may differ from those in your country. By using the Website, you consent to that transfer.

Changes to This Policy

We may update this policy from time to time. When we do, we will post the revised version on this page and update the “Last updated” date above. Significant changes will be highlighted on the Website for a reasonable period after they take effect.

How to Contact Us

For questions, requests, or concerns about this policy or our Website privacy practices:

Heart of Wellness
Attn: Privacy
205 Clark Place SE
Tumwater, WA 98501
Email: info@heartofwellness.org
Phone: 360-570-0401

 
For questions about our handling of patient health information, please ask for a copy of our Notice of Privacy Practices or contact our Privacy Officer at the address above.