Privacy Policy

1. Introduction

This Privacy Policy describes how Dr. John Timberlake (“we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit this website (the “Site”) or use certain features we make available online. We are committed to protecting your privacy and handling information responsibly.

By using the Site, you agree to this Privacy Policy. If you do not agree, please do not use the Site.

2. Scope: website information vs. clinical records

This policy applies to information collected through this Site (for example, when you submit a contact form or browse pages). Clinical services and protected health information (PHI) may be governed by separate legal requirements (including the Health Insurance Portability and Accountability Act (“HIPAA”), where applicable) and by a separate Notice of Privacy Practices or similar document provided in the course of care. If you are a patient or client, please refer to materials provided directly by the practice for how medical or mental health records are handled.

3. Information we collect

3.1 Information you provide

We may collect information that you voluntarily submit, such as:

• Contact form: name, email address, phone number (if provided), and the content of your message.
• Any other information you choose to send us by email or through the Site.

Please do not submit highly sensitive health details through the contact form unless you are comfortable with that information being processed as described here; when in doubt, call the office or use channels your provider directs you to use.

3.2 Information collected automatically

When you visit the Site, our servers and hosting providers may automatically receive and record certain information, such as:

• IP address and general location (e.g., city or region)
• Browser type, device type, and operating system
• Pages viewed, approximate time and date of access, and referring URLs

We use this information to operate and secure the Site, understand aggregate usage, and improve performance.

3.3 Riptide Swimmer (on-device storage)

The optional “Riptide Swimmer” experience stores certain session-related information in your browser (for example, using local storage) when you choose to save progress on your device. That data stays on your device unless you clear it; it is not sent to us merely because you use that feature, except as otherwise described if you submit information through a separate form or service.

4. How we use your information

We may use the information we collect to:

• Respond to inquiries sent through the contact form or other channels
• Operate, maintain, and improve the Site and its security
• Analyze aggregate or de-identified usage trends
• Comply with applicable law, regulation, or legal process
• Protect the rights, safety, and property of visitors, our practice, or others

We do not sell your personal information as that term is commonly understood under California law, and we do not use contact form data for unrelated marketing unless we obtain appropriate consent where required.

5. How we share information

We may share information with:

• Service providers who assist us in hosting the Site, storing data, analytics, email delivery, or security—subject to confidentiality and use limitations consistent with this policy.
• Legal and safety: when required by law, court order, or government request, or when we believe disclosure is necessary to protect rights, safety, or security.
• Business transfers: in connection with a merger, acquisition, or sale of assets, in which case we will require the successor to honor this policy or notify you of changes.

6. Cookies and similar technologies

The Site may use cookies or similar technologies to remember preferences, maintain sessions, or measure basic performance. You can control cookies through your browser settings. If you disable cookies, some features of the Site may not work as intended.

7. Data retention

We retain contact submissions and related records only as long as needed to respond to your request, maintain our operations, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on context and legal requirements. Server logs may be retained for a limited period for security and troubleshooting.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, or misuse. No method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security.

9. Your privacy rights (California residents)

If you are a California resident, the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) may provide you with additional rights regarding personal information, which can include:

• The right to know what personal information we collect and how we use it
• The right to request deletion of personal information, subject to exceptions
• The right to correct inaccurate personal information, where applicable
• The right to opt out of certain types of sharing (we do not “sell” personal information in the conventional sense as described in our practices above)
• The right not to receive discriminatory treatment for exercising these rights

To exercise these rights, contact us using the information in Section 12. We may need to verify your request before responding. You may designate an authorized agent under applicable law; we may require proof of authorization.

10. Children’s privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will take steps to delete it promptly.

11. Third-party links

The Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies before providing any information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top will reflect the latest version. Continued use of the Site after changes constitutes acceptance of the updated policy, except where prohibited by law.

13. Contact us

If you have questions about this Privacy Policy or wish to exercise privacy rights, please contact us through our Contact page or reach the practice using the contact information listed on the Site.