Privacy Policy
Effective date: May 1, 2026
This Privacy Policy describes how RC Family, Virtual Care & Wellness(“we,” “us,” or “our practice”) collects, uses, and protects personal information when you visit our website or use our services. For the use and disclosure of your health information, our HIPAA Notice of Privacy Practices governs and takes precedence.
1. Information we collect
We collect information you provide directly, including:
- Contact details (name, email address, phone number, mailing address)
- Appointment booking information (service requested, preferred date and time, modality)
- Patient portal account credentials
- Messages you send through our contact form or patient portal
- Payment information processed by our payment provider (Stripe)
We also collect limited technical information automatically, including your IP address, browser type, pages visited, and referring URL. We do not use third-party analytics trackers inside the patient portal or clinical dashboard.
2. How we use your information
We use your information to:
- Schedule and confirm appointments
- Send appointment reminders and post-visit follow-up communications
- Process payments and issue receipts
- Respond to inquiries submitted through our contact form
- Maintain the security and functionality of our website and patient portal
- Comply with applicable legal and regulatory requirements
3. Sharing your information
We do not sell your personal information. We share information only with service providers who help us operate the practice and who are contractually bound to protect it, including:
- Supabase — secure database and authentication hosting
- Stripe — payment processing
- LiveKit — encrypted telehealth video
- Resend — transactional email delivery
- Twilio — appointment reminder SMS
Each provider handling protected health information has signed a HIPAA Business Associate Agreement with our practice. We may also disclose information when required by law or to protect the safety of patients or the public.
4. Cookies and tracking
Our website uses session cookies required for authentication and security. We do not place advertising cookies or cross-site tracking pixels. The patient portal and clinical dashboard contain no third-party analytics scripts.
5. Data retention
We retain patient records in accordance with Florida state law requirements for medical record retention (minimum 5 years from the date of service, or until the patient reaches age 18 if a minor). Non-clinical personal information is retained for as long as necessary to fulfill the purposes described in this Policy, then securely deleted.
6. Your rights
You have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate information
- Request deletion of information where we have no legal obligation to retain it
- Opt out of non-essential communications at any time
Requests related to your health information are handled under our HIPAA Notice of Privacy Practices.
7. Security
We implement technical safeguards including AES-256 encryption for clinical data at rest, TLS encryption in transit, row-level security on all database tables containing personal information, and mandatory multi-factor authentication for clinical staff. No system is completely secure; we encourage you to use a strong unique password and enable MFA on your patient portal account.
8. Children
Our website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent. If you believe a child has provided us with personal information without consent, please contact us so we can delete it.
9. Changes to this Policy
We may update this Policy periodically. The current version will be posted on this page with the effective date. Material changes will be communicated to active patients by email.
10. Contact
Questions or requests about this Privacy Policy may be directed to our Privacy Officer at info@rcfamilycare.com or (407) 555-1234.