Copergrine
Get Started

Legal

Privacy Policy

Effective April 13, 2026

1. Introduction and Scope

Copergrine LLC(“Copergrine,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information through our public marketing website at copergrine.com (the “Site”). Copergrine is a Houston, Texas–based integrated healthcare organization with three operating arms: (i) Copergrine Health & Wellness, a medical and wellness clinic; (ii) a telehealth and electronic medical records platform at telehealth.copergrine.com; and (iii) a medical courier and STAT specimen delivery service at courier.copergrine.com.

This Privacy Policy governs only the copergrine.com marketing website.It does not govern the clinical services provided by our affiliated clinic, the telehealth platform, or the courier operations, each of which is governed by its own notices, agreements, and — where applicable — the HIPAA Notice of Privacy Practices of the covered entity delivering care.

The Site is a marketing and informational property only.It offers general information about our services, contact forms, and a job application form. We do not use the Site to deliver clinical care, diagnose, treat, or knowingly collect protected health information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations at 45 C.F.R. Parts 160 and 164. If you wish to communicate PHI to a clinician, please contact our clinic directly by telephone or through the patient portal on health.copergrine.com — do not submit PHI through the marketing Site.

Our affiliated clinic is a HIPAA covered entity, and its handling of PHI is governed by our separate Notice of Privacy Practices. Our courier arm acts as a HIPAA business associate to its client healthcare providers and handles PHI only pursuant to written Business Associate Agreements under 45 C.F.R. §164.504(e).

2. Categories of Personal Information We Collect

In the twelve (12) months preceding the effective date of this Policy, and on an ongoing basis, we may collect the following categories of “personal information” as that term is defined by the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code §1798.140(v):

  • Identifiers: name, postal address, email address, telephone number, IP address, online identifiers, and similar.
  • Customer records information (Cal. Civ. Code §1798.80): name, signature, address, telephone number, employment history (via job applications), and professional license numbers where applicable.
  • Protected classification characteristics: where voluntarily provided on job applications (e.g., veteran status, EEO self-identification).
  • Commercial information: records of services inquired about.
  • Internet or other electronic network activity: browsing history on the Site, referring URLs, pages viewed, time spent, and interactions with content.
  • Geolocation data: general (city-level) location derived from IP address. We do not collect precise geolocation.
  • Professional or employment-related information: resumes, CVs, work history, references, and cover letters submitted through the careers page.
  • Inferences: general interest categories drawn from Site behavior for analytics.

We do notknowingly collect biometric information, genetic information, sensitive personal information (as defined at Cal. Civ. Code §1798.140(ae)), or information from children under 13. We do not knowingly collect PHI through the Site.

3. Sources of Personal Information

We obtain the categories above from: (a) you directly, when you fill out a contact, quote, newsletter, or job application form; (b) automatically, through cookies, log files, pixels, and similar technologies when you visit the Site; (c) service providers that assist us with analytics, hosting, form processing, and recruiting; and (d) publicly available sources (for example, professional licensing boards for physician-credential pages).

4. Business and Commercial Purposes

We process personal information for the following purposes, each of which qualifies as a “business purpose” under Cal. Civ. Code §1798.140(e) and a compatible processing purpose under the Texas Data Privacy and Security Act (“TDPSA”), Tex. Bus. & Com. Code Chapter 541:

  • Responding to contact-form inquiries and quote requests
  • Processing employment applications and recruiting
  • Operating, maintaining, securing, and improving the Site
  • Detecting security incidents and protecting against fraud
  • Auditing consumer interactions and measuring marketing effectiveness
  • Short-term, transient use (for example, contextual rendering)
  • Complying with legal obligations and responding to lawful requests
  • Defending legal claims

We will not process personal information for materially different or incompatible purposes without notifying you and, where required, obtaining your consent.

5. Disclosures to Third Parties and Service Providers

We disclose personal information to categories of third parties that help us operate the Site and our business:

  • Hosting and cloud infrastructure providers
  • Analytics providers (e.g., privacy-respecting web analytics)
  • Email, form-processing, and customer-relationship-management providers
  • Recruiting and applicant-tracking providers
  • Professional advisors (legal, accounting, insurance)
  • Government authorities where required by law, subpoena, or court order
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to the protections of this Policy

Each service provider and contractor is bound by contract to process personal information only on our documented instructions, for the limited purposes we specify, and consistent with the CCPA service-provider restrictions (Cal. Civ. Code §1798.140(ag), (ai)) and the TDPSA processor obligations.

6. Sale and Sharing of Personal Information

We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA.We do not sell sensitive personal data or biometric data, and accordingly we are not required to, and do not, display the TDPSA “NOTICE: We may sell your sensitive personal data” or “NOTICE: We may sell your biometric personal data” disclosures.

We have not sold or shared personal information in the twelve (12) months preceding the effective date of this Policy. We do not use personal information for targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects.

7. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary cookies, which enable core Site functionality (form submission, load balancing).
  • Analytics cookies (Google Analytics 4 via Google Tag Manager), which help us understand aggregate Site usage, traffic sources, and conversion paths. These cookies are set only after you grant consent via the cookie banner at the bottom of the page. If you reject analytics cookies, no Google scripts are loaded and no data is sent to Google. GA4 data is used solely for Site improvement and Google Ads attribution — we do not use it to identify individual patients or share it with third parties for advertising purposes. You may revoke consent at any time by clearing your browser cookies; the consent banner will reappear on your next visit.
  • Preference cookies, which remember accessibility and display choices.

We do not currently use advertising cookies or third-party pixels that enable cross-site tracking. You may disable cookies through your browser settings; however, some features may no longer function. We honor the Global Privacy Control (“GPC”)signal as a valid opt-out of any “sale” or “sharing” of personal information for California residents and as a universal opt-out mechanism for Texas, Colorado, and Connecticut residents, consistent with applicable regulations.

We do not track users across third-party websites and therefore do not respond to Do-Not-Track browser signals other than by following the substantive practices described in this Policy.

8. Your Rights as a Texas Resident (TDPSA)

Under the Texas Data Privacy and Security Act, Tex. Bus. & Com. Code Chapter 541 (effective July 1, 2024), Texas residents have the right to:

  1. Confirm whether we process your personal data and access that data;
  2. Correct inaccuracies;
  3. Delete personal data provided by or obtained about you;
  4. Obtain a portable copy of personal data you previously provided;
  5. Opt out of processing for purposes of (a) targeted advertising, (b) the sale of personal data, or (c) profiling in furtherance of decisions that produce legal or similarly significant effects.

We will respond to verifiable consumer requests within forty-five (45) days, with one 45-day extension permitted when reasonably necessary. If we decline a request, you may appeal our decision within a reasonable period, and if the appeal is denied, you may contact the Texas Attorney General.

To the extent any information we process about you constitutes PHI governed by HIPAA, that information is exempt from the TDPSA and is instead governed by our HIPAA Notice of Privacy Practices.

9. Your Rights as a California Resident (CCPA/CPRA)

California residents have the following rights, which we honor in compliance with the CCPA as amended by the CPRA and regulations effective January 1, 2026:

  • Right to know the categories and specific pieces of personal information collected, the categories of sources, the business or commercial purposes, and the categories of third parties with whom we disclose the information. Look-back periods for right-to-know requests may extend back to January 1, 2022.
  • Right to delete personal information we collected from you, subject to statutory exceptions (Cal. Civ. Code §1798.105(d)).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — not applicable because we do not sell or share.
  • Right to limit use of sensitive personal information — not applicable because we do not collect SPI for purposes requiring this right.
  • Right to non-discrimination for exercising your rights (Cal. Civ. Code §1798.125).
  • Right to data portability.

Shine the Light (Cal. Civ. Code §1798.83).California residents may request information about disclosures of personal information to third parties for those third parties’ direct marketing purposes. We do not make such disclosures.

Financial Incentives. We do not offer financial incentives in exchange for personal information.

To submit a request, email compliance@copergrine.com with “California Privacy Request” in the subject line, or call (832) 205-8404. We will respond within 45 days, extendable by an additional 45 days where reasonably necessary, as permitted by Cal. Civ. Code §1798.130.

Authorized agents may submit requests on your behalf with written, signed permission and proof of identity.

10. Other State Rights (Colorado, Virginia, Connecticut, and Others)

Residents of Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA), Oregon, Montana, and other states with comprehensive privacy laws have rights substantially similar to those described above, including rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale, and profiling. To exercise those rights, contact us at compliance@copergrine.com. Colorado and Connecticut residents may appeal a denied request by replying to our response.

11. How to Submit a Request; Verification; Appeals

Submitting a request

Email compliance@copergrine.com or call (832) 205-8404. Include your name, state of residence, the nature of the request, and enough information for us to locate your records.

Verification

We will verify your identity by matching the information you provide against information in our records. For sensitive requests (deletion, correction), we may require additional verification, such as a signed declaration under penalty of perjury, to prevent fraudulent requests. We will not use verification information for any purpose other than verification.

Appeals

If we decline your request, you may appeal by replying to our response within sixty (60) days. We will respond to appeals within sixty (60) days, or as otherwise required by applicable state law. If we deny the appeal, we will provide contact information for the applicable state Attorney General.

12. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, or as required by law:

  • Contact form inquiries: up to 24 months after last interaction.
  • Job applications (not hired): up to 2 years, or longer where required by EEOC recordkeeping rules.
  • Job applications (hired): retained as part of the employment record per applicable employment and tax law.
  • Web analytics (aggregated): up to 26 months.
  • Server logs: up to 90 days in operational form.
  • Marketing email list: until you unsubscribe plus a short suppression period.
  • Records required for legal, tax, audit, or compliance purposes: for the statutory retention period.

13. Data Security

We maintain reasonable administrative, physical, and technical safeguards appropriate to the nature of the information we process, including encryption in transit (TLS 1.2+), access controls, least-privilege principles, logging, vendor due diligence, and periodic review of our security practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we are committed to protecting your information in a manner consistent with applicable law, including the safeguards reasonably required by the TDPSA.

14. Children’s Privacy (COPPA)

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children’s Online Privacy Protection Act, 15 U.S.C. §§6501–6506, and its implementing Rule at 16 C.F.R. Part 312. If you believe a child has provided us information, please contact compliance@copergrine.com and we will delete it promptly. Parents may request review, deletion, or refusal of further collection of a child’s information by contacting us.

15. Third-Party Links

The Site may link to third-party websites (for example, professional licensing boards, scheduling tools, or social media). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing information.

16. International Transfers

Copergrine is based in Texas and the Site is intended for U.S. audiences. If you access the Site from outside the United States, you acknowledge that your information will be processed in the United States, which may have data-protection laws that differ from those in your country.

17. Changes to This Policy

We may update this Policy from time to time. Material changes will be indicated by updating the Effective Date above and, where appropriate, by a prominent notice on the Site. Continued use of the Site after such changes constitutes acceptance of the revised Policy.

18. Contact

Copergrine LLC — Privacy Officer
13100 Wortham Center Dr, 3rd Floor
Houston, TX 77065
Email: compliance@copergrine.com
Phone: (832) 205-8404