- Effective date:
- 2026-06-29
- Last updated:
- 2026-06-29
Arizona Wound Care Group ("AWCG," "we,"
"us," or "our"), operated by AZ Advanced Wound Care
Professional Limited, provides this Privacy Policy to explain what information we collect
through our public marketing website (the "Site") at
woundcaregroup.com, how we use it, and
your choices.
1. This Site is a marketing website — not a patient portal
Important. This Site is a public marketing and informational website. It is not a patient portal, a telehealth platform, or any system designed to receive Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").
- Communications you send through the Site (for example, the contact form or by emailing addresses listed here) are not transmitted through a HIPAA-secure channel and are not treated as part of a HIPAA-regulated patient communication.
- Please do not submit PHI through the Site. Do not include patient names, diagnoses, chart details, insurance member numbers, dates of birth, Social Security numbers, or other health information in the contact form or in any email to addresses listed on the Site.
- For clinical questions about a specific patient, contact our office at info@woundcaregroup.com and we will follow up using a HIPAA-compliant channel arranged with you.
- If you are a current or prospective patient and you have a medical emergency, call 911.
If you nonetheless submit PHI through the Site, we will handle it consistent with applicable law and will purge it from non-secure systems as promptly as reasonably possible.
2. Who we are and how to contact us
- Legal entity:
- AZ Advanced Wound Care Professional Limited (doing business as Arizona Wound Care Group)
- Mailing / business address:
- 4838 E Baseline Rd, Bldg 2, #113, Mesa, AZ 85206.
- Privacy contact email:
- info@woundcaregroup.com
3. Information we collect
3.1 Information you provide to us
We collect the information you choose to submit through the Site, which is limited to:
- Contact form submissions: your name, role (e.g., facility administrator, physician, patient, family member), organization (optional), email address, optional phone number, and the contents of your message.
- Email correspondence: if you email an address listed on the Site, we receive that email and any attachments.
We have configured forms on the Site to request only non-PHI information. We instruct users not to submit PHI.
3.2 Information collected automatically
- Cloudflare Web Analytics (cookieless, aggregate). We use Cloudflare's privacy-preserving Web Analytics. It does not set any cookies, does not use device fingerprinting for cross-site tracking, and reports only aggregate, anonymized metrics such as page views, referring sites, country-level location, browser family, and device type. It does not identify individual visitors. See Cloudflare's documentation at cloudflare.com/web-analytics.
- Server logs. Cloudflare (our hosting and CDN provider) maintains routine network and security logs that may temporarily include IP addresses, user-agent strings, requested URLs, timestamps, and HTTP status codes. These are retained according to Cloudflare's standard retention windows and used for security, abuse prevention, and operational diagnostics.
- Form-submission delivery metadata. When you submit a form, our form-handling provider may capture submission timestamp and IP address for spam prevention.
3.3 What we do NOT collect on the Site
- No advertising cookies. No Google Ads, Meta Pixel, LinkedIn Insight, TikTok Pixel, or similar tracking pixels are installed on the Site.
- No Google Analytics. We deliberately do not use Google Analytics.
- No session-replay or heatmap tools (e.g., FullStory, Hotjar) are used.
- No live chat with health-question intake.
- No patient health records or appointment scheduling are processed through the Site.
4. How we use the information
We use the information described above only to:
- Respond to your inquiry or referral request;
- Coordinate facility, payer, or referring-provider partnerships;
- Maintain and improve the Site (aggregate analytics; troubleshooting);
- Protect against fraud, abuse, and security threats;
- Comply with legal obligations.
We do not sell or rent personal information. We do not use the information collected through this Site for targeted advertising. We do not share contact-form data with marketing partners.
5. Service providers (third-party processors)
We use a small number of service providers that process limited data on our behalf:
| Provider | Purpose | Data they may process |
|---|---|---|
| Cloudflare, Inc. | Hosting (Cloudflare Pages), DNS, CDN, DDoS mitigation, cookieless Web Analytics | IP address, request metadata, aggregate analytics |
| Cloudflare Pages Functions | Receiving and forwarding contact-form submissions | Name, email, phone (optional), organization (optional), message, IP, timestamp |
| Microsoft 365 (Outlook / Exchange Online) | Receiving inbound email from form submissions and direct email | Your email and message contents |
These providers are bound by their own privacy and security commitments. Where appropriate, we have or will execute Data Processing Addenda. None of these providers are configured to receive PHI through the Site, and we do not maintain Business Associate Agreements ("BAAs") covering the Site (because the Site is not a HIPAA-regulated workflow).
7. Data retention
- Contact-form submissions received via email: retained in our M365 mailboxes per AWCG's standard email retention schedule (typically up to 24 months), unless they have become part of a business or legal record.
- Cloudflare Web Analytics aggregate data: retained for up to six (6) months per Cloudflare's documented defaults.
- Server / security logs: retained per Cloudflare's standard retention windows.
- We will delete personal information we no longer have a legitimate business need to retain, subject to legal preservation obligations.
8. How we protect information
We use industry-standard technical and organizational safeguards: HTTPS/TLS in transit, HSTS, modern TLS ciphers, Cloudflare DDoS and WAF protection, M365 mailbox security (MFA, conditional access), and access controls limited to authorized staff. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
9. Your choices and rights
Depending on where you live, you may have certain rights regarding your personal information. While Arizona is not a state with a comprehensive consumer privacy law as of the date of this Policy, we extend the following to all visitors as a matter of policy:
- Access. You may ask what personal information we hold about you that you submitted through the Site.
- Correction. You may ask us to correct inaccurate information.
- Deletion. You may ask us to delete information you submitted through the Site, subject to legal retention requirements.
- Opt-out of communications. You can ask us to stop contacting you about non-clinical matters at any time.
To make a request, email info@woundcaregroup.com from the address you used to contact us. We will respond within a reasonable period.
California residents with rights under the California Consumer Privacy Act ("CCPA"), as amended, may also exercise rights of access, deletion, correction, and opt-out of sale/share — note that we do not sell or share personal information for cross-context behavioral advertising.
EU/UK residents: the Site is targeted to United States visitors. If you reach us from the EU or UK, the limited processing described above is undertaken on the basis of our legitimate interest in operating a website and responding to inquiries; you may contact us to exercise applicable rights.
10. Children's privacy
The Site is intended for adults — facility administrators, referring providers, payers, and adult patients or their caregivers. We do not knowingly collect information from children under 13. If you believe a child has submitted information through the Site, contact us and we will delete it.
11. Links to third-party sites
The Site may link to third-party websites (for example, payer or partner sites). We are not responsible for the privacy practices of those sites. Review their policies before submitting information.
12. Do Not Track
Some browsers send a "Do Not Track" signal. Because the Site does not perform cross-site tracking and does not use advertising analytics, this signal has no practical effect on our processing.
13. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be highlighted on the Site for a reasonable period.
14. Notice about HIPAA Notice of Privacy Practices
This Privacy Policy governs the public website only. If you become a patient of AWCG, you will receive a separate Notice of Privacy Practices describing how AWCG handles PHI in its clinical operations, in accordance with HIPAA. The clinical Notice of Privacy Practices governs PHI; this Privacy Policy does not.