Privacy policy

Monarch Massage Therapy Privacy Policy

Last updated: September 15, 2024

Introduction

This Privacy Policy describes how Monarch Massage Therapy of Eugene ("we", "us", or "our") collects, uses, and discloses your personal information when you visit or make a purchase from monarcheugene.com (the “Site”). This policy also outlines our compliance with HIPAA, describing how we handle sensitive Personal Health Information (PHI) through HIPAA-compliant platforms like PocketSuite.

By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree to these terms, please refrain from using our Services.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Please refer to the “Last Updated” date above to confirm recent changes.

How We Collect and Use Your Information

We collect both personal information and usage data. Your personal information may include contact details such as name, email, phone number, and other details necessary for processing transactions or providing services. However, we follow strict guidelines for handling sensitive information, particularly Personal Health Information (PHI), in accordance with HIPAA regulations.

HIPAA Compliance and Third-Party Platforms

Monarch Massage Therapy uses a third-party service, PocketSuite, to process payments and manage appointments in a HIPAA-compliant manner. Any personal information or PHI shared for these purposes is encrypted and secured. We do not use Shopify's checkout for PHI-related transactions. Please be aware that while Shopify supports our storefront, no PHI is shared with Shopify or any non-HIPAA-compliant third party.

For further protection, our primary communications with clients (e.g., scheduling appointments, intake forms) take place through PocketSuite’s secure and HIPAA-compliant platform. We do not discuss PHI via email and encourage clients to use HIPAA-compliant forms for sensitive information.

Cookies and Usage Data

Like many websites, monarcheugene.com uses cookies for functionality and analytics. However, we do not use cookies to track PHI or engage in behavior that violates HIPAA regulations. Usage data (e.g., IP address, browsing behavior) is collected primarily to enhance your website experience.

Google Ads and Marketing

Monarch Massage Therapy uses Google Ads strictly for advertising purposes. We do not use enhanced conversions or any mechanisms that track or collect Protected Health Information (PHI) during these activities. Conversion tracking is applied only to general website interactions and not to any pages that involve health-related transactions or sensitive data. Specifically, no tracking occurs on checkout pages or other areas where PHI may be entered, ensuring that no user health behavior or transaction information is monitored or shared with Google or third parties. This approach aligns with HIPAA's privacy and security standards to protect user health data.

How We Disclose Information

We do not share or sell PHI with third parties for advertising purposes. The only third parties we engage are those that provide HIPAA-compliant services. For non-PHI-related information, we may work with service providers such as Shopify and Google Ads in compliance with privacy laws, but not for the processing or storage of health-related data.

HIPAA-Compliant Communications

The majority of our client communications occur via text and phone through PocketSuite, a HIPAA-compliant service. Occasionally, we send general inquiries or promotional emails through our email address Jennifer@monarcheugene.com, which is hosted by our domain registrar, Epik, without a Business Associate Agreement (BAA); however, we do not share PHI over email. We strongly discourage clients from sending any sensitive health information via email and prefer that PHI is discussed in person or through secure intake forms on PocketSuite.

Security and Retention of Your Information

While we take every reasonable step to ensure the security of your data, please be aware that no security measure is perfect. We retain PHI for as long as necessary to provide our services, comply with legal obligations, or resolve disputes. Any data transmitted via non-secure channels (e.g., standard email) is at risk, and we advise against sending PHI using such methods.

Your Rights

As a user, you have the right to:

  • Request access to the personal information we hold about you.
  • Request deletion of your personal information.
  • Correct inaccuracies in your personal information.
  • Withdraw consent to process your information.

Contact Us

For any concerns related to your personal information, privacy, or HIPAA compliance, please contact us at: