Privacy Policy | Rootcause Clinic LLC

Root Cause Clinic — Privacy Policy

Effective Date: January 1st, 2025

Who we are

Root Cause Clinic (“RCC”, “we”, “us”, “our”) provides non-medical, educational services focused on energetic screening and wellness education. We are typically not a HIPAA-covered entity. We implement HIPAA-aligned safeguards but do not represent that our services—or our current configuration of third-party tools—are “HIPAA compliant.”

Scope

This Policy explains how we collect, use, disclose, and retain personal information when you:

visit our websites, pages, or forms,
book appointments or purchase services/products,
participate in calls or video sessions,
receive reports or other communications from us.

If this Policy conflicts with our Terms & Conditions, the Terms & Conditions control.

The information we collect

You provide directly

Contact & account data: name, email, phone, mailing address.
Order & billing data: purchased services, billing address, receipts, chargeback records (payment details are processed by our payment processors).
Wellness inputs (educational use): symptoms, habits, preferences, lifestyle, goals, any other information you choose to share for educational analysis.
Session content: audio/video, chat, and AI-assisted transcripts/summaries/notes from Zoom (or similar).
Support & feedback: inquiries, complaints, testimonials (if you choose).

Collected automatically

Device & usage data: IP address, device/browser type, pages visited, cookies and similar technologies.
Logs & security data: error logs, consent logs, audit events, anti-fraud signals.

From others

Scheduling, payment, analytics, or anti-spam providers may send us limited data needed to operate our services.

Sensitive data note: If you share health-related information, you do so voluntarily for educational (non-diagnostic) purposes. We treat it with heightened care.

How we use your information

Provide services: schedule, conduct, record (with consent), transcribe/summarize, and deliver your educational reports.
AI-assisted support (non-diagnostic): help practitioners research topics, organize notes, and draft educational explanations and protocol suggestions. We do not upload your direct identifiers (e.g., name, contact info, precise dates, images) to public AI tools. We use de-identified snippets or enterprise tools under contractual restrictions.
General research: use mainstream search engines (which may include AI features) with de-identified, general queries only.
Communicate: confirmations, reminders, service messages, and—if you opt in—educational updates.
Security & integrity: prevent fraud/abuse; secure our systems; maintain consent and audit logs.
Compliance: enforce Terms; manage disputes; respond to lawful requests.
Training & education (paid/unpaid): use de-identified case material per our Terms (dates at year-only where feasible; ages 90+ as “90 or older”; county/town only when materially relevant to environmental context). We prohibit re-identification and honor takedown requests.

No automated decisions: We do not make decisions with legal or similarly significant effects based solely on automated processing.

Legal bases (EU/UK only)

Where GDPR/UK GDPR applies, we rely on:

Consent (e.g., recording sessions; processing health-related inputs; using de-identified case material for education),
Contract (to provide services you request),
Legitimate interests (security, anti-fraud, ordinary analytics, quality improvement),
Legal obligation (to comply with laws, court orders).

You may withdraw consent at any time (this won’t affect prior processing). If you withdraw consent to recording/transcription, we may be unable to provide the session.

How we share information

We do not sell personal information. We share limited data with:

Service providers/processors that help us operate:
- Video & collaboration: Zoom (or similar) for sessions/recordings/transcripts/summaries.
- Cloud storage & docs: Microsoft OneDrive/SharePoint for storing recordings, transcripts, and reports.
- Practice management platform: Practice Better for client records/forms/messages.
- Payments: payment processors for transactions and anti-fraud.
- Scheduling, forms, email delivery providers.
- Analytics, anti-spam, and security tools.
Legal & safety: to comply with law, respond to lawful requests, or protect rights, safety, and property.
Business changes: in a merger, acquisition, or asset transfer, consistent with this Policy.

When we publish educational content (including on social media), we use de-identified case information only, per the guardrails above.

International data transfers

We and our service providers may process data in the United States and other countries with different privacy laws. Where required, we use appropriate safeguards (e.g., contractual data-protection terms). By using our websites, booking, or purchasing, you consent to these transfers.

Data retention

We keep personal information only as long as necessary for the purposes described in this Policy, then delete or de-identify it. To meet global disclosure rules, we disclose periods or criteria below. We also retain data longer where required or permitted for legal, security, tax/accounting, or dispute-resolution reasons.

Session recordings / transcripts / AI summaries (Zoom → OneDrive):
Stored in your client folder on Microsoft OneDrive/SharePoint and not deleted by default. If storage constraints require reduction, we may delete content based on objective criteria, beginning with the oldest inactive clients first (inactive meaning no appointments or purchases for at least [X months]). We may also remove individual files that are duplicative or no longer needed for service quality, legal, or security reasons.
Client records in Practice Better (profile, forms, messages, notes):
Stored in Practice Better and retained indefinitely unless you (or we) request deletion or de-identification, subject to lawful holds. We maintain these records to support continuity of service, document history, and handle follow-up or disputes.
Educational reports & case files (outside recordings):
Typically retained for 12 months after delivery to support follow-up questions, then deleted or de-identified, unless part of your enduring Practice Better record.
Orders, invoices, payments & tax records:
Retained 3–7 years (jurisdiction-dependent) to meet legal and accounting requirements.
Website/device logs & security logs:
Retained 12–24 months for security, troubleshooting, and abuse prevention.
Marketing preferences & communications logs:
Retained while you remain subscribed plus 12 months.

Administrative/legal/security retention. Even if you request deletion, we may retain limited information as required or permitted by law (e.g., financial records, dispute files, security logs, arbitration/consent records). When retention ends, we delete or de-identify data on a rolling schedule.

Your choices & rights

Recording & AI notes. Zoom displays a consent prompt before recording. If you do not consent, do not join; contact us to discuss alternatives (availability may vary by service and region).

Email preferences. You can unsubscribe from non-essential emails via the link in the email.

Access, correction, deletion. You may request access to, correction of, or deletion of your personal information. We will honor requests consistent with applicable law and our retention criteria above. Note: Deleting recordings or Practice Better records may limit our ability to provide services or respond to future questions.

EU/UK residents. You may request restriction, portability, or object to certain processing; and you may lodge a complaint with your supervisory authority.

US state privacy rights. Where state laws apply (e.g., CA, CO, CT, VA, UT, OR, TX and others), you may have rights to access, delete, correct, or obtain a copy of your data, and to limit use of sensitive data. We do not sell personal information. To exercise rights, email support@rootcauseclinic.co. If we deny a request, you may have the right to appeal; instructions will be provided in our response.

Takedown for educational posts. If you believe a posted case could identify you, email support@rootcauseclinic.co; we’ll review promptly and remove or further generalize as appropriate.

Children & minors

Our websites are not directed to children under 13. Services for minors require parent/legal guardian purchase/consent, as described in the Terms. Any identifiable use of a minor’s image/voice for marketing requires a separate written media release.

Security

We use reasonable administrative, technical, and physical safeguards (including access controls, least-access permissions, and encryption in transit/at rest where available). No system can be guaranteed 100% secure.

Cookies & similar technologies

We use cookies and similar tools for site functionality, analytics, and security. You can manage cookies in your browser settings; blocking some cookies may limit site functionality.

Where we send your data

Video & collaboration: Zoom (or similar) processes session content to enable recording, transcripts, and AI-assisted summaries.
Cloud storage & docs: Microsoft OneDrive/SharePoint stores recordings, transcripts, reports, and related documents.
Practice management: Practice Better houses client records/forms/messages/notes.
Payments & billing: Payment processors handle transactions and anti-fraud.
Scheduling, email delivery, forms: Providers process necessary contact and scheduling data.
Analytics & security: We use analytics and automated spam/abuse detection services for performance and protection.
We share only what’s necessary for these purposes and apply access controls and retention limits as described above.

Changes to this Policy

We may update this Policy from time to time. Material changes will be posted with a new Effective Date. Your continued use after the Effective Date constitutes acceptance of the updated Policy.