PRIVACY POLICY

Last Updated: [December 10, 2025]

This Privacy Policy describes how 3 Roots Concierge Medicine (“3 Roots,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you visit our website and use any online services we provide (collectively, the “Site”).

This Privacy Policy applies only to information collected through the Site and not to information collected offline, in our office, or through separate patient forms and systems.

If you become a patient of 3 Roots Concierge Medicine, the privacy and security of your protected health information (PHI) will be governed by our Notice of Privacy Practices, which is provided separately and available in our office.

1. WHO WE ARE & HOW TO CONTACT US

3 Roots Concierge Medicine

Attn: Dr. Alison Neff

212 W. Main Street

Mason, OH 45040

Phone: (513) 813-7668

Fax: (513) 637-0445

Email: [email protected]

2. INFORMATION WE COLLECT

We may collect the following categories of information through our Site:

a. Information You Provide Directly

This may include:

Contact information such as your name, email address, phone number, and mailing address.

Inquiry details such as messages you submit through contact forms, appointment request forms, or newsletter sign-ups.

Demographic or preference information you choose to share (e.g., interests, preferred contact times).

Please do not send sensitive medical details, Social Security numbers, or payment information through regular email or non-secure contact forms.

b. Information Collected Automatically

When you visit the Site, we may automatically collect certain information about your device and usage, such as:

IP address;

Browser type and version;

Device type and operating system;

Pages you visit on the Site, the time and date of your visit, and the time spent on each page;

Referring and exit pages; and/or

Other standard log information and diagnostic data.

This information may be collected via cookies, pixels, and similar technologies.

c. Information from Third Parties

We may receive information from third-party service providers that help us with:

Website analytics;

Email marketing;

Online scheduling; or

Other practice management tools.

These third parties are generally prohibited from using your information for their own purposes and may only process it on our behalf.

3. HOW WE USE YOUR INFORMATION

We may use information collected through the Site to:

Respond to your inquiries and communicate with you about appointments, services, or questions you submit;

Operate, maintain, and improve the Site and user experience;

Send administrative information, such as confirmations, updates, or changes to this Policy;

Send informational or promotional communications about our practice or services, where permitted by law and with any necessary consents;

Protect our rights, privacy, safety, and property, as well as that of our patients, staff, and others;

Comply with applicable laws and regulations or respond to lawful requests and legal processes.

If you become a patient, additional uses and disclosures of your health information will be governed by our Notice of Privacy Practices.

4. COOKIES & TRACKING TECHNOLOGIES

We may use cookies and similar technologies to:

Remember your preferences;

Understand how visitors use the Site;

Improve performance and content; and

Support basic security functions.

You can usually adjust your browser settings to refuse cookies or alert you when cookies are being sent. However, some features of the Site may not function properly without cookies.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information.

We may share information collected via the Site in the following circumstances:

Service Providers: With trusted vendors and service providers who perform functions on our behalf (e.g., website hosting, analytics, email delivery, practice management tools). They may only use your information as necessary to provide the services we request.

Legal Requirements & Protection: When we believe disclosure is necessary or appropriate to comply with the law, a court order, or legal process; to protect the rights, property, or safety of 3 Roots Concierge Medicine, our patients, or others; or to detect and prevent fraud or security issues.

Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

If you are a patient, PHI will be used and disclosed only as described in our Notice of Privacy Practices or as permitted by law.

6. PROTECTED HEALTH INFORMATION (PHI) & NOTICE OF PRIVACY PRACTICES

If you become a patient of 3 Roots Concierge Medicine, the information we create, receive, maintain, or transmit about your health may be considered Protected Health Information (PHI) under applicable law (such as HIPAA).

The ways in which we may use and disclose PHI, and your rights regarding PHI, are described in our Notice of Privacy Practices.

The Notice of Privacy Practices is separate from this online Privacy Policy and is available in our office and upon request.

This Privacy Policy primarily addresses information gathered via the Site and is not intended to replace the Notice of Privacy Practices.

7. DATA SECURITY

We use reasonable administrative, technical, and physical safeguards to protect information collected via the Site from unauthorized access, use, or disclosure.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Email and contact forms may not be fully secure. Please avoid sending highly sensitive information through regular email or non-encrypted forms.

8. DATA RETENTION

We retain information collected through the Site for as long as necessary to:

Fulfill the purposes described in this Privacy Policy;

Comply with our legal obligations;

Resolve disputes; and

Enforce our agreements.

If you become a patient, we will retain your medical records and PHI in accordance with applicable laws and professional guidelines.

9. CHILDREN’S PRIVACY

The Site is not intended for children under 13 years of age. We do not knowingly collect personal information online from children under 13.

If you believe that a child under 13 has provided us with personal information via the Site, please contact us at [email protected], and we will take appropriate steps to delete such information as required by law.

10. YOUR CHOICES & RIGHTS

Depending on where you live, you may have certain rights regarding your personal information, such as:

The right to access and request a copy of certain information we hold about you;

The right to request correction of inaccurate information;

The right to request deletion of certain information, subject to legal and clinical record-keeping requirements;

The right to opt out of marketing or promotional emails.

You can:

Opt out of emails by using the unsubscribe link in any marketing email or by contacting us at [email protected].

Request updates or corrections to your information by contacting us at the same email or mailing address.

If you are a patient, your rights regarding PHI (such as the right to access your medical record) are detailed in our Notice of Privacy Practices.

11. STATE-SPECIFIC RIGHTS

Some states provide additional privacy rights to residents under state law. If you are a resident of such a state, you may have additional rights regarding how we use and disclose your personal information.

If you have questions about your privacy rights under state law, please contact us at [email protected].