Skip to main content

Privacy Policy

How we handle
your information.

Last updated: June 13, 2026

01

Plain-English summary

We collect the minimum information needed to run our clinic and our website. We never sell your data. We use first-party analytics that can be turned off with one click in our cookie banner. Patient health information is held to the protections required of healthcare providers — both general California privacy law and the additional confidentiality expected of a clinical practice.

If you only read one section, read this one — then jump to Your rights if you want to make a request.

02

Who we are

My Pain Fix is a chiropractic and deep tissue massage clinic operated by Dr. Steven Bartz, DC, located in San Juan Capistrano, California. This policy covers information collected through mypainfix.com, our appointment system, our contact form, our newsletter, and the limited telemetry we use to keep the site running.

03

What we collect

We try to keep collection narrow. Specifically, we collect the following categories — and nothing more — through this website:

  • Contact form submissions. Name, email address, subject line, the service you indicated, and the message you wrote. Used to reply to you.
  • Appointment requests. Name, email address, phone number, requested service, preferred date and time, and any notes you choose to share. Used to schedule and confirm your appointment.
  • Newsletter subscriptions. Your email address and the timestamps of when you subscribed and (if applicable) unsubscribed. We do not require any other field.
  • First-party analytics. A random anonymous identifier stored in a cookie called vid (no name, no email), the pages you view, the time you spent on each, your browser and device type, and a high-level referrer (for example, “Google search”). This runs only after you accept analytics in our cookie banner, or if your browser does not signal a Global Privacy Control preference.
  • Consent record. When you accept or decline analytics, we log that choice with a timestamp and your anonymous id so we can prove we honored your decision.

We do not collect: your Social Security number, financial account information, biometric identifiers, geolocation beyond the country level, or any sensitive personal information as defined by the California Privacy Rights Act — through this website. Information you share in clinic as part of treatment is covered by your patient intake forms and our in-clinic consent process, not this policy.

04

How we use it

  • To reply to your contact form message.
  • To schedule, confirm, and remind you about appointments.
  • To send you newsletter content you have opted in to receive.
  • To understand how visitors find and use the site so we can improve it (only with your consent or where no consent is required).
  • To detect and prevent abuse — for example, rate-limiting form submissions to block spam.
  • To comply with our legal obligations (for example, retaining a consent record if asked to demonstrate compliance).
05

Who we share it with

We do not sell or rent your information. We share it only with service providers that help us operate the website, and only as needed:

  • Resend — sends transactional emails (appointment confirmations, contact form auto-replies) and newsletter mailings. Receives the email address and the message body.
  • Our hosting provider — runs the servers that host this website. Receives standard request logs (IP address, user agent) which are retained briefly for diagnostics.

We may also disclose information if required by valid legal process or to protect against fraud or harm — and we will push back on overbroad requests.

06

Cookies and tracking

We use a small number of first-party cookies. We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting.

  • vid — an anonymous visitor id, used by our first-party analytics. Expires after 13 months.
  • analytics_consent — remembers your choice in the cookie banner so we don't ask again. Stored in localStorage.
  • a11y_prefs_v1 — remembers your accessibility widget preferences (high contrast, larger text, etc.). Stored in localStorage.

You can reset your cookie choices at any time by clicking “Cookie settings” in the site footer. If your browser sends the Global Privacy Control (GPC) signal, we treat that as an automatic “decline analytics” and never ask again.

07

How long we keep it

  • Contact form submissions — kept for up to 24 months after our last reply, then deleted.
  • Appointment requests — kept until the appointment cycle is complete, then merged into our clinical records governed by healthcare retention requirements (typically 7 years for adult patients in California).
  • Newsletter subscriptions — kept until you unsubscribe, then we keep a suppression record (your email only) so we don't re-add you by mistake.
  • Analytics records — kept for up to 13 months at row level, then aggregated.
  • Consent log — kept for 24 months after your most recent consent event to demonstrate compliance.
08

Your rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Know. Request a list of the categories and specific pieces of personal information we have about you.
  • Delete. Ask us to delete personal information we collected from you, subject to clinical-record retention requirements.
  • Correct. Ask us to correct inaccurate personal information.
  • Opt out of sale or sharing. We do not sell or share your information, so this right is honored by default. The Global Privacy Control signal counts as a binding opt-out.
  • Limit use of sensitive personal information. We do not collect SPI through this website.
  • Non-discrimination. We will not deny you service or change pricing because you exercised a privacy right.

To make a request, email steve@mypainfix.com with the subject line “Privacy Request.” We will verify your identity before fulfilling any request and respond within 45 days (with one allowed 45-day extension if the request is complex).

09

How we protect it

Patient health data is encrypted in transit and at rest. Access is limited to clinic staff who need it to do their job. Our admin tools require strong passwords plus session tokens that expire automatically. No system is perfectly secure; if we ever experience a breach that affects you, we will notify you as required by California law.

10

Children's privacy

This site is intended for visitors aged 18 and over. We do not knowingly collect personal information from anyone under 13. If you believe we have, please email us at steve@mypainfix.com and we will delete it.

11

Changes to this policy

If we make material changes to how we handle your information we will update the “last updated” date at the top of this page and, where appropriate, notify newsletter subscribers. Continued use of the site after a change indicates your agreement to the revised policy.

12

Contact us

Questions about your privacy or this policy? Email steve@mypainfix.com or call (949) 248-7246. We are located in San Juan Capistrano, California.

Have a privacy question?

Email us at hello@mypainfix.com or call (949) 248-7246 — we're happy to walk you through anything.

Use the contact form