Privacy Policy

Download PDF

Effective: 11/13/2025

1) Who We Are (Controller)

COBC Brands Direct Primary Care LLC d/b/a Colorado Springs Health Collective – Direct Primary Care ("Company," "we," "our," "us")

Covered domains: https://coshealthcollective.com and https://dpc.coshealthcollective.com

2) Scope and Relationship to Our HIPAA Notice of Privacy Practices (NPP)

This Privacy Policy explains how we collect, use, disclose, and protect personal information collected through our public websites, waitlist/interest forms, and non-clinical communications (the "Site"). Uses and disclosures of protected health information (PHI) in connection with patient care, the patient portal, and clinical communications through Hint are governed by our Notice of Privacy Practices (NPP), not this Privacy Policy. Please do not submit PHI through public web forms or email.

3) Patients Age 2+; Children's Privacy

Our membership and clinical services are available to patients age 2 and older.

The Site is intended for adults, but parents/guardians may use our public forms on behalf of minors. We do not knowingly collect personal information directly from children under 13 through the Site. If we learn that a child has provided information directly, we will delete it.

A parent/guardian who believes a child submitted information may contact us at dpc@coshealthcollective.com to request deletion.

4) Personal Information We Collect (Website)

Depending on how you use the Site, we may collect:

  • Identifiers and contact information (name, email, phone).
  • Commercial information (interest in membership or services).
  • Internet/technical information (device/browser type, pages viewed, referring/exit pages, timestamps, basic log data).
  • Inferences from the above (e.g., interest level in services).

Sensitive data: We do not collect precise geolocation via the Site. Do not submit medical details through public forms.

Sources

  • You (via waitlist and contact forms powered by SheetMonkey).
  • Automatic collection via cookies/analytics (Google Analytics).
  • Advertising platforms configured for measurement (Google Ads, Meta Ads).

5) How We Use Personal Information

  • Provide, maintain, troubleshoot, and improve the Site.
  • Respond to inquiries and send non-clinical communications you request (e.g., waitlist updates).
  • Measure traffic and campaign performance in the aggregate (analytics and ad platform conversion reporting).
  • Detect and prevent fraud, security incidents, and misuse.
  • Comply with legal obligations and exercise legal rights.

6) Cookies, Analytics, and Ad Platforms (No Targeted Advertising)

We use Google Analytics to understand Site usage in the aggregate. We may also implement Google Ads and Meta pixel strictly for conversion measurement (e.g., how many people reached the waitlist page) and not for targeted advertising. We do not "sell" personal data or "share" personal data for targeted advertising. You can control cookies via your browser settings. We honor Global Privacy Control (GPC) signals where applicable.

7) How We Disclose Personal Information

We disclose personal information to:

  • Service providers/Processors acting on our instructions and bound by contract (e.g., SiteGround for hosting, Google Workspace for business email, Replit for development/hosting services, SheetMonkey for forms).
  • Legal, safety, and compliance recipients when required (e.g., to comply with law, enforce terms, or protect our rights, security, and users).

We do not sell personal information and do not share personal information for targeted advertising.

About PHI: Disclosures of PHI related to patient care are governed by our NPP (e.g., Hint as patient portal/billing). The Site's public forms are not for PHI.

8) Your Privacy Rights (Colorado)

If you are a Colorado resident, you may exercise the following rights regarding personal data collected via the Site:

  • Access: request confirmation and access to your personal data.
  • Correction: request that we correct inaccuracies.
  • Deletion: request deletion of personal data we collected from you.
  • Portability: request a copy of your data in a portable format.
  • Opt-Out: opt out of processing for targeted advertising, sale, or certain profiling (we do not conduct these activities).

Timing: We will respond within 45 days (with a possible 45-day extension where permitted). We will verify your identity before fulfilling certain requests.

How to Submit a Request

Email: dpc@coshealthcollective.com with the subject "Privacy Request" and tell us which right you wish to exercise. If submitting on someone else's behalf, include proof of authority.

Appeals

If we deny your request, you may appeal by emailing dpc@coshealthcollective.com with the subject "Privacy Appeal." If you remain dissatisfied, you may contact the Colorado Attorney General.

Global Privacy Control (GPC)

We honor browser-based GPC signals to the extent required.

9) Data Retention (Website Data)

We retain website-related personal information only as long as reasonably necessary for the purposes described above or as required by law:

  • Contact/waitlist form submissions (SheetMonkey): up to 24 months, then deletion or de-identification.
  • Server and security logs (hosting): ~90 days unless needed longer for security or investigations.
  • Marketing communications: until you unsubscribe or 24 months of inactivity.
  • Google Analytics data: generally up to 14 months (configure in GA admin).

PHI retention is governed by our HIPAA policies and NPP (not this Policy).

10) Security

We maintain appropriate technical and organizational safeguards to protect Site-collected personal information against accidental, unlawful, or unauthorized access, use, loss, or disclosure. No system is perfectly secure, and we cannot guarantee absolute security. HIPAA safeguards for PHI are described in our internal policies and NPP.

11) Data Location (US Only)

We store and process personal information in the United States and do not transfer it internationally.

12) Third-Party Links

The Site may link to third-party websites and services we do not control. Their privacy practices are governed by their own policies.

13) Changes to This Privacy Policy

We may update this Policy from time to time. If changes are material, we will provide a reasonable notice method (e.g., posting the updated Policy date at the top of this page and/or a site banner).

14) Contact Us (and Privacy Officer)

COBC Brands Direct Primary Care LLC d/b/a Colorado Springs Health Collective – Direct Primary Care

Attn: Privacy Officer (Logan Crist, PA-C)

1497 Solitaire St., Colorado Springs, CO 80905

Email: dpc@coshealthcollective.com

15) Relationship to Other Terms

This Policy applies to the Site. Your clinical relationship, PHI, and patient portal/billing via Hint are governed by our NPP and applicable patient/member agreements.