Last Updated: March 10, 2026
I. Introduction
This Privacy Policy describes how Dr. Amy Tomlinson, MD ("we," "us," or "our") collects, uses, and discloses your personal information when you visit our website at dramytomlinson.com (the "Site"), use our services, purchase products, or otherwise communicate with us (collectively, the "Services").
For the purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a patient, a website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described herein. If you do not agree, please do not use or access any of the Services.
II. Information We Collect
We collect and process various types of personal information depending on your interaction with our Services. This information includes both general personal data and, for our patients, Protected Health Information (PHI).
A. Personal Information
This is information that identifies, relates to, or could reasonably be linked with you.
| Category | Examples |
|---|---|
| Contact Details | Name, billing address, shipping address, phone number, email address. |
| Account Information | Username, password, security questions, preferences. |
| Financial Information | Payment card details, financial account information, transaction details, and payment confirmation. |
| Transaction Information | Items you view, add to your cart, purchase, return, or exchange. |
| Communications | Information you include in communications with us (e.g., customer support inquiries). |
| Device & Usage Information | IP address, browser type, network connection details, and your interaction with our Services. |
We collect this information from:
- Directly from you: When you create an account, make a purchase, or communicate with us.
- Automatically: Through cookies and similar technologies when you navigate our Site.
- From third parties: Including our service providers and business partners, such as Shopify.
B. Protected Health Information (PHI)
As a healthcare provider, we are bound by the Health Insurance Portability and Accountability Act (HIPAA) to protect your PHI. PHI is individually identifiable health information related to your past, present, or future health, treatment, or payment for healthcare services.
III. How We Use Your Information
A. Use of Personal Information
We use your general personal information for the following purposes:
- Providing and Improving Services: To process payments, fulfill orders, manage your account, arrange for shipping, and create a customized experience.
- Marketing and Advertising: To send promotional communications by email or text message and to show you relevant advertisements. You may opt out of marketing communications at any time.
- Security and Fraud Prevention: To authenticate your account, provide a secure shopping experience, and investigate potential fraudulent or illegal activity.
- Communicating with You: To provide customer support and maintain our business relationship.
- Legal Compliance: To comply with applicable laws, respond to legal requests, and enforce our terms and policies.
B. Use and Disclosure of Protected Health Information (PHI)
We use and disclose PHI primarily for:
- Treatment: To provide, coordinate, and manage your healthcare.
- Payment: To obtain payment for healthcare services from you or your health plan.
- Healthcare Operations: For quality assessment, training, and other business activities.
We will only use or disclose your PHI for other purposes as required by law or with your explicit written authorization.
IV. How We Disclose Information
We may disclose your personal information to third parties in the following circumstances:
- With service providers: We share information with vendors who perform services on our behalf, such as payment processing (Shopify Payments), data analytics, customer support, and shipping.
- With business and marketing partners: To provide services and advertise to you. Our partners will use your information in accordance with their own privacy notices.
- With your consent: When you direct us to disclose information, such as through social media widgets or login integrations.
- For legal and security reasons: In connection with a business transaction (e.g., merger), to comply with legal obligations, or to protect our rights and the rights of our users.
V. Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute and may apply only in certain circumstances.
A. General Privacy Rights
- Right to Access / Know: You may have a right to request access to the personal information we hold about you.
- Right to Delete: You may have a right to request that we delete the personal information we maintain about you.
- Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-out of Sale or Sharing for Targeted Advertising: You have the right to direct us not to "sell" or "share" your personal information for targeted advertising.
B. HIPAA Rights (for Patients)
- Right to Inspect and Copy PHI: You can ask to see or get a copy of your health records.
- Right to Amend PHI: You can ask us to correct health information about you that you think is incorrect or incomplete.
- Right to an Accounting of Disclosures: You can request a list of the times we've shared your health information for six years prior to the date you ask.
To exercise any of these rights, please contact us using the details provided below.
VI. Communications
We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe link in the emails. If you opt out, we may still send you non-promotional emails, such as those about your account or orders.
By providing your phone number, you consent to receive text messages related to your care, appointments, or administrative communications from our office. Message frequency may vary. Message and data rates may apply. Text messaging is not used for marketing purposes, and you may opt out at any time by replying STOP.
VII. Relationship with Shopify
Our store is powered by Shopify. Shopify collects and processes your personal information to provide and improve its services. Information you submit will be transmitted to and shared with Shopify and its partners. For more information on how Shopify handles your data, please review the Shopify Consumer Privacy Policy.
VIII. Security and Retention
We implement security measures to protect your information, but no system is impenetrable. We cannot guarantee "perfect security." We retain your personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our policies.
IX. Children's Data
The Services are not intended for use by children, and we do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with their information, please contact us to request its deletion.
X. International Transfers
Your personal information may be transferred, stored, and processed outside the country you live in. If we transfer your information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses.
XI. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the revised policy on this website and update the "Last Updated" date.
XII. Contact Information
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us at:
- Email: help@dramytomlinson.com
- Address: 965 N. Ten Mile Dr, Suite A1, Frisco, CO, 80443, US
