Consumer Health Data Notice

• Self-submitted health details in reviews, questions, messages, or forms (e.g., symptoms, conditions, desired treatments, recovery experiences).
• Intent signals showing you sought health information or services (e.g., searching for a specific procedure, viewing a provider page, sending an inquiry).
• Derived health inferences that may be associated with your activity (e.g., interest in a treatment category).
• Location information related to finding care (e.g., city/ZIP you enter to locate a clinic).
• Research & service feedback you provide in surveys about conditions, outcomes, or product experience.

"Share" below refers to disclosures to third parties; "processors" act on our instructions. We do not sell CHD as defined by CHD laws.

• Collection & Sharing Consent (WA / NV). For Washington and Nevada residents, we obtain opt-in consent before collecting CHD beyond what is necessary to provide a service you request, and before sharing CHD. Separate, time-bound authorization is required to sell CHD; we do not sell CHD.
• Targeted advertising. We do not use your CHD for third-party targeted advertising. Where law requires honoring browser-level universal opt-out mechanisms (e.g., Global Privacy Control) for "sale" or "targeted advertising," we do so.
• Geofencing near health facilities. We do not use geofences to identify, track, collect CHD from, or send targeted health-related messages to consumers within the prohibited distance of a healthcare facility (e.g., within 2,000 feet under WA law).
• Cookies & local storage. Any tags that could collect CHD operate only with appropriate consent and are limited to purposes described here and in our Cookies Policy.

• Verification. We may verify your request (e.g., email or phone confirmation; signed declaration for deletion). For sensitive requests, we may ask for additional data strictly to verify identity and will delete it after verification.
• Authorized agents. You may designate an authorized agent. We may require proof of agency (e.g., signed permission or power of attorney) and direct verification.
• Timelines & appeals. We respond within applicable statutory timelines (e.g., WA generally requires responses within 45 days with a possible extension; deletion within 45 days). If we deny your request, you may appeal by replying to our decision or emailing privacy@clinicbooking.com. If you remain unsatisfied, you may contact your state AG.

• Safeguards. We employ administrative, technical, and physical controls appropriate to the sensitivity of CHD, including encryption in transit and at rest, access controls, logging, least-privilege, vulnerability management, and vendor due diligence.
• Minimization. We collect only what is reasonably necessary to provide services you request or as permitted by law and retain CHD only as long as needed for those purposes or legal obligations, then delete or de-identify.
• De-identified data. We may use de-identified or aggregated data for analytics and service improvement; we commit to maintaining de-identification and not attempting re-identification.

• Children under 13. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete it. Parents/guardians may contact us to request deletion.
• Teens. For minors where state law requires enhanced consent, we seek consent from the minor or their guardian as applicable and do not use CHD for targeted advertising.
• Sensitive locations. We do not apply geofenced health-related tracking/ads near healthcare facilities, consistent with state CHD laws.

We may process data in the United States and other jurisdictions via vetted processors. We use appropriate safeguards for cross-border transfers, and we require processors to follow our instructions and protect CHD to at least this standard.

We may update this notice to reflect changes in our practices or the law. Material changes will be posted here with a new "Last updated" date. Where required, we will seek new consent.