Haven OBGYN Website Privacy Policy

Effective date: November 1, 2025
Applies to: havenobgyn.com and any Haven OBGYN web pages, forms, or widgets that link to this Privacy Policy

Haven OBGYN ("Haven," "we," "us," or "our") respects your privacy. This Privacy Policy explains what we collect through the Site, how we use and disclose that information, and the choices you have. This policy covers website and form data. It does not govern your clinical medical record. For information about how your protected health information (PHI) is used and disclosed by Haven under the Health Insurance Portability and Accountability Act (HIPAA), please see our Notice of Privacy Practices.

1) Who we are & scope

Haven OBGYN is a women's health practice offering in-person and virtual services. This Privacy Policy applies to information we collect online through the Site, including contact/lead forms, appointment requests, educational resources, and messaging tools described here. It does not apply to:

  • PHI in your medical record (see NPP);
  • Information collected offline (e.g., at check-in);
  • Third-party sites, apps, or services we don't control (see "Third-Party Links").

Our Site is intended for U.S. residents ages 18+. If you are under 18, please do not submit information through the Site.

2) Information we collect

A. Information you provide directly

  • Contact details (name, phone, email, preferred contact method)
  • Demographics (date of birth, general location such as city/ZIP)
  • Scheduling context (reason for visit, urgency preference, preferred date/time, telehealth preference)
  • Insurance status (e.g., "have insurance/self-pay/unsure") and plan name (when volunteered)
  • Messages or notes you submit via forms or website input fields
  • Marketing preferences (e.g., consent to receive promotional texts)

Minimum necessary: Our public intake forms ask only for information needed to contact you and route your request. Please do not include detailed medical history in open text fields on the Site.

B. Information collected automatically

When you use the Site, we and our service providers may automatically collect:

  • Device & usage data (IP address, device type, browser type, operating system)
  • Site activity (pages viewed, links clicked, time on page, referring/exit pages)
  • General location derived from IP address (city/region level)

We also use cookies and similar technologies (see Section 6).

C. Information from other sources

  • Scheduling & communications tools (e.g., Microsoft 365 services we use to host forms, files, and messages)
  • Practice systems (e.g., we may match your form details with an existing patient record in our electronic health record, Epic)

3) How we use your information

We use the information described above to:

  • Respond to inquiries and contact you to coordinate an appointment;
  • Route and triage requests to the appropriate service/clinician;
  • Operate, maintain, secure, and improve the Site and our workflows;
  • Send transactional communications (confirmations, reminders, logistics);
  • Respect your preferences (e.g., text vs. call; marketing opt-ins);
  • Analyze Site performance and plan capacity (aggregate, de-identified);
  • Comply with law and protect rights (fraud prevention, security, recordkeeping).

We may de-identify or aggregate information and use it for any lawful purpose.

4) How we share information

We do not sell or "share" your personal information for cross-context behavioral advertising as defined by California law.

We disclose information:

  • Service providers/Processors (e.g., Microsoft 365 for forms, secure storage, and communications; website hosting; basic analytics) under written agreements that limit their use to our instructions;
  • Operational partners as needed to fulfill your request (e.g., confirming an appointment slot);
  • Legal, safety, and compliance (e.g., to comply with law, court orders, or to protect rights, safety, and security);
  • Business transfers (e.g., a merger or acquisition) where your information is part of the transferred assets.

PHI: When your request involves care, information may be added to your Epic medical record and handled under our HIPAA NPP (not this website policy).

Service Providers (including our website developer)

We engage third parties to host, develop, and support our website and online forms. These service providers—including our website development partner, Healthsight—act on our instructions under written agreements and, where applicable, a Business Associate Agreement (BAA). They are not permitted to use your information for their own purposes.

5) Electronic communications (texts & email)

By providing your mobile number or email and submitting a Site form, you consent to receive transactional communications related to your care, such as scheduling coordination, reminders, or instructions. Message/data rates may apply. Message frequency may vary.

Text HELP to [Clinic Support Number] for help; reply STOP to opt out of automated texts.

Opting out of marketing texts does not affect transactional communications necessary for your appointment.

For details, see our Electronic Communications & Texting Policy.

6) Cookies & similar technologies

We use cookies, pixels, and similar tools to help the Site function and to understand aggregate usage. Categories may include:

  • Strictly necessary (security, load balancing, form submission)
  • Performance/analytics (how the Site is used, to improve content)

You can control cookies through your browser settings. Some features may not work without certain cookies. Where required, we will present a cookie notice and provide a Cookie Settings link for choices.

Do Not Track: The Site does not respond to browser "Do Not Track" signals.

7) Data retention

We retain Site-collected information for as long as needed to fulfill the purposes described in this Policy (e.g., contacting you, quality assurance), comply with legal obligations, and resolve disputes. Clinical records are retained per applicable medical-record laws and our NPP.

8) Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle, including encryption in transit, access controls, and multi-factor authentication for staff accounts. Website and form submissions are processed and stored in Microsoft 365 under our Business Associate Agreement (BAA) with Microsoft. No method of transmission or storage is 100% secure; please avoid sending detailed medical history through open text fields on the Site.

9) Your choices & rights

Your choices

  • Limit what you submit: Provide only the information needed for us to contact you.
  • Text preferences: Reply STOP to opt out of promotional texts; use HELP for support.
  • Cookies: Manage cookies in your browser and via our cookie settings (where implemented).

Access, deletion, and correction

  • Website/form data: You may request access to, correction of, or deletion of personal information we hold that was collected via the Site (subject to applicable law and necessary recordkeeping).
  • Medical record (PHI): For access, amendment, or accounting of disclosures, please see our NPP and use the patient portal or contact our Privacy Officer.

State privacy rights (e.g., California)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), including rights to know, access, delete, correct, and opt out of sale/share (we do not sell or share as defined by CPRA). We will verify your identity before fulfilling requests and will not discriminate against you for exercising your rights. You may use an authorized agent with proper authorization.

To exercise rights, contact contact@haven-obgyn.com (see Section 13).

10) Children's privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information via the Site, contact us and we will delete it. Individuals under 18 should not use the Site's forms; a parent/guardian should contact us by phone.

11) Third-party links & services

The Site may link to third-party sites or services we do not control. This Policy does not apply to those sites. Review their privacy policies before providing information. If you interact with embedded tools (e.g., maps, video, scheduling links), the third party may collect information per its own policies.

12) U.S. service; international visitors

We operate in the United States and the Site is intended for U.S. residents. If you access the Site from outside the U.S., you understand that your information will be transferred to, stored, and processed in the U.S., where laws may differ from those of your country.

13) How to contact us

Questions, requests, or complaints about this Privacy Policy or our privacy practices:

Appeals: If you believe we did not address your privacy request, you may submit an appeal to contact@haven-obgyn.com. You may also contact your state Attorney General if your concern remains unresolved.

For HIPAA/PHI matters, please consult our Notice of Privacy Practices or contact our Privacy Officer using the details above.

14) Changes to this Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top indicates when it last changed. Material changes will be posted on this page. Your continued use of the Site after changes are posted means you accept the revised Policy.

16) Relationship to HIPAA (Important)

Important: This Privacy Policy governs website/form data. Your clinical information (PHI) is governed by our Notice of Privacy Practices, not this Policy. When your inquiry results in care, information may be added to your Epic record and used/disclosed under HIPAA.
← Back to Appointment Request