Privacy Policy

Casden Integrative Women's Health
Operated by Melissa Casden Medical PLLC

Effective Date: May 7, 2026
Last Updated: May 7, 2026

1. Introduction

This Privacy Policy describes how Melissa Casden Medical PLLC, doing business as Casden Integrative Women's Health ("we," "us," "our," or "Practice"), collects, uses, and protects information you provide when you visit our website at casdenhealth.com (the "Website").

This Privacy Policy applies only to information collected through this Website. It does not apply to:

  • Protected Health Information ("PHI") collected as part of clinical care, which is governed by our separate Notice of Privacy Practices ("NPP") under the Health Insurance Portability and Accountability Act ("HIPAA");
  • Information collected by third-party platforms we link to (Google, Quest Diagnostics, LabCorp, etc.);
  • Information you provide via secure patient portal communications, which are governed by our HIPAA NPP.

By using the Website, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Website.

2. Information We Collect

We collect two types of information when you visit our Website:

2.1 Information You Provide Voluntarily

When you interact with the Website, we may collect the following information depending on which form you use:

Consult Inquiry Form (powered by Formspree):

  • First and last name
  • Email address

This form is intentionally limited to name and email only. We do not collect health information through this form. After you submit, we respond by email with information about scheduling, pricing, and the steps to become a patient.

General Contact Form:

  • Name
  • Email address
  • Message content

If you submit a message through the general contact form, please do not include sensitive medical history, symptoms, Social Security numbers, financial information, or other Protected Health Information ("PHI"). The contact form is not a HIPAA-secure channel. Clinical communication should occur only through approved channels after a doctor-patient relationship has been established.

Newsletter or Updates Signup (if applicable):

  • Email address
  • Optionally, first name

2.2 Information Collected Automatically

When you visit the Website, certain information is collected automatically through cookies, web beacons, and similar technologies, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, tablet, mobile)
  • Referring website
  • Pages visited and time spent on the Website
  • Geographic location (general region, not precise location)
  • Date and time of visit

This information helps us understand how visitors use our Website and improve our content.

3. Cookies and Tracking Technologies

3.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the Website to recognize your browser and remember preferences.

3.2 Types of Cookies We Use

  • Essential cookies: Required for the Website to function properly.
  • Analytics cookies: Help us understand how visitors interact with the Website (e.g., Google Analytics).
  • Functional cookies: Remember your preferences (e.g., display settings).

3.3 Third-Party Analytics

We may use third-party analytics tools, including but not limited to:

3.4 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, if you disable cookies, some features of the Website may not function properly.

To opt out of Google Analytics specifically, you can install the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

4. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries submitted through the contact form;
  • Schedule consultations or send appointment-related communications;
  • Send you newsletters or educational content, but only if you have opted in;
  • Improve the Website, including understanding which pages are most useful;
  • Comply with legal obligations;
  • Protect the security and integrity of our Website and Practice;
  • Maintain administrative records of our communications.

We do not use Website information for clinical decision-making. Clinical care relies exclusively on information collected through HIPAA-compliant channels.

5. How We Share Your Information

5.1 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Service Providers

We may share information with trusted third-party service providers who help operate the Website or our practice, including:

  • Squarespace (website hosting)
  • Formspree (form processing for our consult inquiry form and contact form)
  • Google Workspace (email and collaboration)
  • Google Analytics (Website analytics)
  • Scheduling tools (when applicable, after a doctor-patient relationship has been established)

These providers are required to use your information only for the services they provide to us and to maintain appropriate security measures.

Important note on Formspree: Our consult inquiry form is intentionally limited to collecting only your name and email address. We deliberately do not collect medical history, symptoms, or other health information through this form. Health-related conversation occurs only after you have formally become a patient through our HIPAA-compliant clinical channels.

5.3 Legal Requirements

We may disclose your information when required to do so by law, court order, or government investigation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

If our Practice undergoes a merger, sale, or transfer of assets, your information may be transferred as part of that transaction, subject to applicable privacy obligations.

6. Data Security

We implement reasonable technical, administrative, and physical safeguards to protect Website information against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encrypted website connections (SSL/TLS);
  • Limited access to personal information by authorized personnel;
  • Secure passwords and access controls;
  • Regular review of security practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain Website-collected information only as long as necessary for the purposes described in this Privacy Policy or as required by law.

  • Contact form submissions are typically retained for up to 2 years, then deleted, unless you become a patient (in which case relevant communications may be transferred to your medical record under HIPAA).
  • Newsletter subscription information is retained until you unsubscribe.
  • Website analytics data is retained according to Google Analytics' default retention settings.

8. Your Privacy Rights

8.1 General Rights

You have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Request deletion of your information, subject to legal exceptions;
  • Opt out of marketing communications by clicking "unsubscribe" or contacting us;
  • Restrict or object to certain types of processing.

8.2 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including:

  • The right to know what personal information we collect;
  • The right to delete your personal information;
  • The right to opt out of the sale or sharing of personal information (we do not sell your information);
  • The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at drcasden@casdenhealth.com.

8.3 Other State Privacy Laws

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, and others) may have similar rights. Contact us to exercise applicable rights under your state's law.

8.4 EU/UK Residents (GDPR)

If you are located in the European Union or United Kingdom, you may have rights under the General Data Protection Regulation, including the rights to access, rectify, erase, restrict processing, and data portability. You also have the right to lodge a complaint with your local supervisory authority.

9. Children's Privacy

The Website is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact us at drcasden@casdenhealth.com, and we will delete such information.

10. HIPAA and Protected Health Information

10.1 The Difference Between Website Information and PHI

This Privacy Policy applies to information collected through our Website (e.g., contact forms, newsletter signups, browsing data). It does not apply to Protected Health Information ("PHI") collected as part of clinical care.

PHI includes information about your health, healthcare services, or payment for healthcare. PHI is governed by:

  • The Health Insurance Portability and Accountability Act ("HIPAA");
  • Our Notice of Privacy Practices, available upon request and provided to all patients at the start of clinical care;
  • Applicable New York State health privacy laws.

10.2 Do Not Submit PHI Through the Website

The contact form, email, or social media channels associated with this Website are not secure channels for PHI. Please do not submit medical history, current medications, symptoms, diagnoses, or other clinical information through unsecured Website forms.

For secure clinical communication, please use the HIPAA-compliant patient portal provided by our practice (CharmHealth) after you have established care.

11. Third-Party Websites

Our Website may contain links to third-party websites (including blog references, supplement vendors, lab portals, and social media). These third-party sites have their own privacy policies, and we are not responsible for their practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Do Not Track Signals

Some browsers send "Do Not Track" signals to websites. Because there is currently no industry standard for responding to these signals, our Website does not specifically respond to Do Not Track signals. We continue to monitor developments in this area.

13. Marketing Communications

If you opt in to receive newsletters or other marketing communications from us, you can unsubscribe at any time by:

  • Clicking the "unsubscribe" link in any marketing email;
  • Contacting us at drcasden@casdenhealth.com.

We will process unsubscribe requests within a reasonable timeframe.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most recent version will always be posted on this page with an updated "Effective Date."

For material changes, we will provide additional notice (such as a prominent notice on the Website or an email to subscribers) where appropriate.

Your continued use of the Website after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have any concerns about how we handle your information, please contact us:

Casden Integrative Women's Health
Melissa Casden Medical PLLC
112 Alexander Avenue, Suite B
Lake Grove, NY 11755
Email: drcasden@casdenhealth.com

By using our Website, you acknowledge that you have read and understood this Privacy Policy.