What this website collects, and what it doesn’t.

1. What we collect on the Site

The Site itself collects very little information. Specifically:

• Low-T self-assessment quiz: The quiz runs entirely in your browser. Your answers are not transmitted to our servers, not stored, and not shared. They are discarded when you close the page or refresh.
• Contact form: The contact form on the Contact page opens your own email application (a “mailto” link) and sends the message to info@castellanomd.com. The Site does not store contact form submissions on its own servers. Once the email arrives at the office, it is handled per standard email procedures.
• Server logs: Our hosting provider (Vercel) maintains standard server logs (IP address, browser type, pages requested, timestamps) for security and operational purposes per its own privacy policy.

2. Third-party services the Site loads

The Site uses two third-party services that may set their own cookies and collect their own data per their own privacy policies:

• Elfsight (Google Reviews widget): We display reviews from our Google Business Profile on the homepage using Elfsight’s embed. Elfsight loads its script (elfsightcdn.com/platform.js) on every page and may set cookies for widget functionality and aggregated analytics.
• Google Maps: The Contact page embeds a Google Maps frame so you can see the clinic location. Google may set its own cookies through the embed.

The Site does not use Google Analytics, Meta (Facebook) Pixel, Google Tag Manager, or other first-party tracking or advertising pixels.

3. How we use information

Information that does reach us — primarily email messages you send through the contact form and standard server logs — is used only to respond to you, schedule visits, operate and secure the Site, and meet legal obligations. We do not sell information to third parties.

4. California residents (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion of personal information we hold about you, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.

The Low-T self-assessment may collect what CCPA defines as “sensitive personal information” (symptom-related answers), but as noted above, those answers stay in your browser and are not transmitted to us. To exercise any of your rights, contact us using the information below.

5. Children

The Site is not directed to children under 13 and we do not knowingly collect personal information from children under 13.

6. Patient health information (HIPAA)

This policy covers the Site only. Health information you share inside the medical practice — in person, by phone, or through any patient portal the clinic operates separately — is governed by HIPAA and the office’s clinical privacy procedures, not this policy. Please do not include detailed medical history, lab values, medications, or other protected health information in any message sent through the Site’s contact form; use the office phone line for anything clinical.

7. Changes to this policy

We may update this policy as the Site or applicable law changes. Changes are effective when posted to this page; the date at the top reflects the most recent revision.

8. Contact

Privacy questions or requests: info@castellanomd.com or (714) 530-2183. Mail: Castellano Health Institute, 12460 S Euclid St, #101, Garden Grove, CA 92840.