What this website collects, and what it doesn’t.

1. What we collect on the Site

The Site itself collects very little information. Specifically:

• Low-T self-assessment quiz: The quiz runs entirely in your browser. Your answers are not transmitted to our servers, not stored, and not shared. They are discarded when you close the page or refresh.
• Contact form: When you submit the contact form on the Contact page, the details you enter (your name and phone number, plus any email, city, reason, or message you choose to add) are sent to our server and delivered by email to info@castellanomd.com so the office can respond. Email delivery is handled on our behalf by Resend, a third-party email service. The Site does not store contact form submissions in a database; the message is passed through for delivery and then handled at the office per standard email procedures. If you provide your email address, we send you a one-time automated confirmation that your message was received. Please do not include medical history, lab values, medications, or other protected health information in the form.
• Server logs: Our hosting provider (Vercel) maintains standard server logs (IP address, browser type, pages requested, timestamps) for security and operational purposes per its own privacy policy.

2. Cookies, analytics, and your choices

When you first visit the Site, we ask for your consent before loading any analytics cookies. Until you click Accept, we run no analytics and set no analytics cookies. You can change your choice at any time using the “Your Privacy Choices” link in the footer.

If you accept, the Site loads:

• Google Analytics 4: Measures how the Site is used — pages viewed, general location, and device type — so we can improve it. It does not receive anything you type into the Low-T quiz or the contact form. Operated by Google under its own privacy policy. Google Analytics stays off until you accept.

Global Privacy Control (GPC). If your browser sends a Global Privacy Control signal, we treat it as a choice to decline — analytics stays off automatically and you won’t see a banner. The Site does not use a Meta (Facebook) Pixel, Google Tag Manager, or any advertising pixel.

Separately, the Site uses two third-party services that provide visible features and may set their own cookies per their own privacy policies. These are not part of the analytics choice above:

• Elfsight (Google Reviews widget): We display reviews from our Google Business Profile using Elfsight’s embed (elfsightcdn.com/platform.js), which may set cookies for widget functionality.
• Google Maps: The Contact page embeds a Google Maps frame so you can see the clinic location. Google may set its own cookies through the embed.

3. How we use information

Information that does reach us — primarily email messages you send through the contact form and standard server logs — is used only to respond to you, schedule visits, operate and secure the Site, and meet legal obligations. We do not sell information to third parties.

4. California residents (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion of personal information we hold about you, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. You can review and change how the Site uses analytics cookies on your device at any time using the “Your Privacy Choices” link in the footer, and we honor the Global Privacy Control (GPC) browser signal as a request to opt out.

The Low-T self-assessment may collect what CCPA defines as “sensitive personal information” (symptom-related answers), but as noted above, those answers stay in your browser and are not transmitted to us. To exercise any of your rights, contact us using the information below.

5. Children

The Site is not directed to children under 13 and we do not knowingly collect personal information from children under 13.

6. Patient health information (HIPAA)

This policy covers the Site only. Health information you share inside the medical practice — in person, by phone, or through any patient portal the clinic operates separately — is governed by HIPAA and the office’s clinical privacy procedures, not this policy. Please do not include detailed medical history, lab values, medications, or other protected health information in any message sent through the Site’s contact form; use the office phone line for anything clinical.

7. Changes to this policy

We may update this policy as the Site or applicable law changes. Changes are effective when posted to this page; the date at the top reflects the most recent revision.

8. Contact

Privacy questions or requests: info@castellanomd.com or (714) 530-2183. Mail: Castellano Health Institute, 12460 S Euclid St, #101, Garden Grove, CA 92840.