Privacy Policy

1. About This Policy

This Privacy Policy describes how California Institute of Cosmetic and Reconstructive Surgery, Inc. (“CICRS,” “we,” “us,” or “our”) collects, uses, and discloses information about visitors to cicrsmed.com (the “Site”). This Policy applies only to information collected by the Site itself and does not govern protected health information — see Section 2 below.

2. Protected Health Information & HIPAA

The Site does not itself collect, store, or transmit protected health information (“PHI”). When you submit a consultation request, insurance information, or other health-related information, you do so through forms hosted by Tebra, Inc., our practice management and patient portal partner. Any PHI submitted through Tebra is governed by our Notice of Privacy Practices, which describes how we use and disclose PHI in compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).

The Notice of Privacy Practices is available online or by request at our office. This Privacy Policy does not modify or replace the Notice of Privacy Practices.

3. Information We Collect

The Site is informational and does not require you to provide any personal information to use it. We collect the following limited information automatically when you visit:

• Server log information — IP address, browser type, operating system, referring URL, pages viewed, and timestamps. This information is collected by our hosting provider, GoDaddy, in the ordinary course of operating a website and is used for security, performance, and troubleshooting.
• Font delivery requests — the Site loads typography from Google Fonts. Your browser may make a request to fonts.gstatic.com, which is governed by Google’s privacy practices.

The Site itself does not currently set cookies, web beacons, pixels, or behavioral analytics tools.

4. How We Use Information

We use the limited information described above only to operate, maintain, and improve the Site; to detect, prevent, and respond to security threats, fraud, or technical issues; and to comply with legal obligations. We do not sell, rent, or share visitor information for marketing or advertising purposes.

5. How We Share Information

We share information only with service providers who host the Site or provide infrastructure (currently GoDaddy and Google Fonts), and with authorities when required by valid legal process. We do not sell or share visitor information for cross-context behavioral advertising as defined under California law.

6. Third-Party Services

The Site uses or links to the following third-party services. Each is governed by its own privacy policy:

• GoDaddy (hosting) — godaddy.com/legal/agreements/privacy-policy
• Google Fonts (typography CDN) — policies.google.com/privacy
• Tebra (patient forms and portal — accessed via outbound links from this Site) — tebra.com/privacy-notice

7. Cookies and Tracking

The Site itself sets no cookies. As of the effective date above, we do not use Google Analytics, Meta Pixel, advertising trackers, or behavioral analytics on this Site. If we add such tools in the future, this Policy will be updated and the change will be reflected in the “Last updated” date above.

8. California Residents’ Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), including the right to know what personal information we have collected about you, the right to delete that information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. As described above, we do not sell or share personal information for cross-context behavioral advertising. To exercise any rights, please contact us using the information in Section 12.

9. Children’s Privacy

The Site is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We use commercially reasonable measures to protect information collected through the Site. No method of transmission over the internet or electronic storage is fully secure, however, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be noted prominently. Your continued use of the Site after a change becomes effective indicates your acceptance of the updated Policy.

12. Contact Us

Questions about this Policy may be directed to: