Privacy Policy
We at Wholehearted Nutrition and Wellness PLLC are committed to protecting your privacy and health information to the best of our abilities.
This policy outlines how this website, and any subdomains or connected EHR platforms we utilize, uses and safeguards the information you provide when using our website.
If you have any questions or concerns on the safety of your health information, please feel free to contact us through your preferred method of communication.
PRIVACY POLICY
What Data Do We Collect
We collection information when you:
Fill out a form (ex. contact, newsletter, etc.) or schedule a service with us including, but not limited to, your name, email address, telephone number, location, and home address.
Sign a contract for services to be rendered, which may require additional details such as medical history and credit card information. This information is securely stored via Practice Better, a HIPAA-Compliant Electronic Medical Record (EMR) platform.
Visit our website or social media pages, where we use cookies and tracking tools such as Squarespace Analytics, Google Analytics, Meta Pixel, Zapier, and Hubspot to analyze visitor and customer behavior.
You may disable cookies in your browser or opt out of Google Analytics tracking at any time using Google’s opt-out tool.
Why We Collect Data
We collect data on our websites, subdomains, and social media pages to:
Improve our user experience
Manage client interactions
Measure marketing effectiveness
Data provided from form submissions and bookings may be sent to Google Business Tools via Zapier to track submissions and create emailing lists as appropriate.
Legal Compliance
We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations:
All health-related data is securely stored on Practice Better’s servers with appropriate level of encryption
All third-parties that receive or have access to private health information has a signed Business Associates Agreement (BAA) on file
Users can withdraw consent for holding private health information and request data removal by emailing us directly.
How We Share Data
We will never sell or rent your data. We may share information with trusted third-parties to provide our services, including:
Practice Better for secure consultation management (HIPAA-Compliant)
Proton Mail and Spruce Health for HIPPA-Compliant communications
Squarespace Analytics, Google Analytics, and Meta Pixel for website analytics
Google Ads for conversion tracking and ad optimization
Zapier and Hubspot for client communication and management
Payment processors for billing and transactions
Some third-party providers may store data outside of the United States in compliance with data protection laws.
SMS Consent and Communications
By explicitly opting into receiving SMS from a web form or other medium, you agree to receive SMS messages from Wholehearted Nutrition and Wellness PLLC. These messages may include:
Appointment scheduling
Appointment reminders
Communication from customer services to assist with booking and/or scheduling
Messaging frequency may vary. Message and data rates may apply. Your consent to receive SMS messages will not be shared with third parties or utilizes for marketing purposes.
Data Retention and Deletion
We may retain personal data based on legal and business requirements:
Medical records are kept for up to 6 years per U.S. HIPAA requirements
Financial Records are kept for 6-7 years for tax compliance
Non-medical data may be kept as long as necessary or until user requests for deletion are received and approved.
Inactive data is deleted manually after the retention period has passed. Users can request their personal data be deleted via written communication with the exception of financial records as required by law.
Your Rights and Options
Access, Correct, or Delete Data: Users may request a copy of their personal data (identity verification is required and caregivers must have written approval from the individual on file for release of information)
Marketing Opt-Out: Users can unsubscribe from marketing emails, calls, or texts at any time.
Service-Related Texts or Calls: Phone numbers provided to us may be used for notifications per your explicit consent and you may opt-out at any time from receiving SMS communication.
Cookie Preferences: Cookies on this website may be utilized for marketing purposes only. Users can adjust or opt-out of these through adjustment in their browser settings at any time.
Security & Data Breach Policy
We utilize the Practice Better EMR platform which offers:
HIPAA Compliance
PCI Compliance for payment processing (credit card information is not stored on Practice Better’s servers)
Multifactorial Authentication
Industry-standard AES-256 bit server storage encryption and TSL 1.2 encryption for communication between browsers and their servers
Data backups on encrypted hard-drives for 60 days within North America
Regular auditing of logs for compliance and security
In the case of a data breach, all affected users will be notified within 72 hours of identification.
Children’s Privacy Policy
As we are an adult-focused business, we do not collect or store data from minors. In the event information is received from an individual under the age of 18 (per Washington state law) we will refuse and cancel any ordered services and delete all data stored in our files per standard regulations.
Privacy Policy Updates
We retain the right to update our Privacy Policy periodically and without notice and all changes will be effective upon the date they are publicly posted. By continuing to utilize this website and our services, you are acknowledging and agreeing to this notice and the contents therein. Significant changes may be communicated via notification post on our website.
Last Updated: September 23rd, 2025