Privacy Policy

Last updated: June 2026

GentleRevive Medical Clinic (“GentleRevive,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at gentlerevive.com, use our services, or otherwise interact with us.

This policy is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), the Montana Consumer Data Privacy Act (MCDPA), and other applicable federal and state privacy laws.

1. Information We Collect

Personal Information You Provide

We may collect the following categories of personal information directly from you:

  • Identifiers: Name, email address, phone number, mailing address
  • Health Information: Medical history, symptoms, treatment preferences, and other information necessary for providing healthcare services (Protected Health Information under HIPAA)
  • Commercial Information: Records of services purchased, treatment plans
  • Financial Information: Payment card details, insurance information (processed securely by third-party payment processors)
  • Communication Records: Messages you send through our contact forms, appointment requests, quiz responses

Information Collected Automatically

When you visit our website, we may automatically collect:

  • Internet/Network Activity: IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages
  • Device Information: Device type, screen resolution, language preferences
  • Geolocation Data: Approximate location based on IP address
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

We may receive information from third-party services we use, including analytics providers (Google Analytics), advertising platforms, and social media platforms, subject to your consent preferences.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Healthcare Services: To provide, coordinate, and manage your medical care and treatments
  • Communication: To respond to your inquiries, send appointment reminders, and provide treatment follow-up information
  • Payment Processing: To process payments and insurance claims
  • Website Improvement: To analyze how visitors use our site and improve the user experience (only with your consent for analytics cookies)
  • Marketing: To send you promotional communications about our services (only with your consent; you can opt out at any time)
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Safety & Security: To protect against fraud, unauthorized access, and other security threats

3. HIPAA Compliance

As a healthcare provider, we are fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is handled in accordance with our Notice of Privacy Practices.

  • We use and disclose PHI only as permitted or required by HIPAA
  • We maintain administrative, technical, and physical safeguards to protect PHI
  • We train all staff on HIPAA privacy and security requirements
  • We do not use PHI for marketing purposes without your written authorization
  • You have the right to request a copy of your medical records, request amendments, and receive an accounting of disclosures

Important: HIPAA-regulated health information is generally exempt from state consumer privacy laws (CCPA, CPA, VCDPA, etc.). This section governs our handling of your health data; the state-specific rights below apply to other personal information we collect.

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Before placing any non-essential cookies, we request your consent through our cookie consent banner. You can manage your preferences at any time through our Privacy Preferences page.

We honor Global Privacy Control (GPC) signals and Do Not Track (DNT) browser settings. When detected, we treat these as valid opt-out requests for analytics and marketing cookies.

For a detailed list of cookies we use, please see our Cookie Policy.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With vendors who assist us in operating our website, processing payments, and delivering services (e.g., payment processors, email services, website hosting). These providers are contractually bound to use your information only for the services they provide to us.
  • Healthcare Coordination: With other healthcare providers as necessary for your treatment and care coordination, as permitted by HIPAA
  • Insurance Companies: For billing and claims processing, as permitted by HIPAA
  • Analytics Providers: Aggregated, anonymized data with analytics providers (e.g., Google Analytics) to understand website usage, only with your consent
  • Legal Requirements: When required by law, regulation, legal process, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with continued protection of your information

6. Your Privacy Rights by State

Depending on where you reside, you may have specific privacy rights under state law. The following sections describe your rights under applicable state privacy laws.

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

  • Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You can request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. We do not sell your personal information. We share limited data with analytics and advertising partners only with your consent.
  • Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use and disclosure of your sensitive personal information to purposes necessary to provide our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf by providing written authorization.

Shine the Light: California Civil Code Section 1798.83 allows California residents to request a list of third parties to which we have disclosed personal information for their direct marketing purposes. We do not share personal information with third parties for their own marketing purposes.

Colorado Residents (CPA)

Under the Colorado Privacy Act, Colorado residents have the right to:

  • Confirm whether we are processing their personal data and access that data
  • Correct inaccuracies in their personal data
  • Delete personal data
  • Obtain a portable copy of their personal data
  • Opt out of processing for targeted advertising, sale of personal data, or profiling

Virginia Residents (VCDPA)

Under the Virginia Consumer Data Protection Act, Virginia residents have the right to:

  • Confirm whether we are processing their personal data and access that data
  • Correct inaccuracies in their personal data
  • Delete personal data
  • Obtain a copy of their personal data in a portable format
  • Opt out of processing for targeted advertising, sale of personal data, or profiling

Connecticut Residents (CTDPA)

Under the Connecticut Data Privacy Act, Connecticut residents have the right to:

  • Confirm whether we are processing their personal data and access that data
  • Correct inaccuracies, delete, and obtain a portable copy of their personal data
  • Opt out of targeted advertising, sale of personal data, and profiling

Utah Residents (UCPA)

Under the Utah Consumer Privacy Act, Utah residents have the right to:

  • Confirm whether we are processing their personal data and access that data
  • Delete personal data they have provided to us
  • Obtain a portable copy of their personal data
  • Opt out of the sale of personal data and targeted advertising

Texas Residents (TDPSA)

Under the Texas Data Privacy and Security Act, Texas residents have the right to:

  • Confirm processing and access personal data
  • Correct, delete, and obtain portable copies of personal data
  • Opt out of targeted advertising, sale of personal data, and profiling

Oregon, Montana, and Other States

If you reside in Oregon (OCPA), Montana (MCDPA), or any other state with consumer privacy legislation, you may have similar rights to access, correct, delete, and port your personal data, as well as the right to opt out of sales and targeted advertising. Please contact us to exercise your rights.

7. How to Exercise Your Rights

To submit a privacy rights request, you may:

We will verify your identity before processing your request. We aim to respond to all verifiable requests within 45 days. If additional time is needed, we will inform you of the reason and the extension period (up to an additional 45 days).

Appeals: If we decline your request, you have the right to appeal. To appeal, email us at [email protected] with the subject line “Privacy Rights Appeal.” If your appeal is denied, you may contact your state’s Attorney General.

8. Do Not Sell or Share My Personal Information

We do not sell your personal information as defined by the CCPA or any other state privacy law. We do not exchange your personal data for monetary or other valuable consideration.

We may share certain information (such as device identifiers and browsing activity) with analytics and advertising partners for purposes that could be considered “sharing” under the CCPA. This sharing is controlled by your cookie consent preferences. You can opt out at any time by:

  • Visiting our Privacy Preferences page
  • Enabling Global Privacy Control (GPC) in your browser
  • Clicking “Reject All” on our cookie consent banner

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

  • Medical Records: Retained in accordance with HIPAA and Utah medical record retention requirements (minimum 7 years from last date of service, or as otherwise required by law)
  • Website Analytics Data: Retained in anonymized/aggregated form
  • Contact Form Submissions: Retained for up to 3 years after last interaction
  • Cookie Consent Records: Retained for the duration of your consent (up to 1 year)

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data privacy and security
  • HIPAA-compliant safeguards for protected health information

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We encourage you to take precautions to protect your personal information.

11. Children’s Privacy

Our website and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. Third-Party Links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Material changes will be communicated through a notice on our website.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

GentleRevive Medical Clinic
275 W 200 N #350
Lindon, UT 84042