Arizona Wound Care Group

Legal

Privacy Policy

Last updated: 2026-06-29

Effective date:
2026-06-29
Last updated:
2026-06-29

Arizona Wound Care Group ("AWCG," "we," "us," or "our"), operated by AZ Advanced Wound Care Professional Limited, provides this Privacy Policy to explain what information we collect through our public marketing website (the "Site") at woundcaregroup.com, how we use it, and your choices.

1. This Site is a marketing website — not a patient portal

Important. This Site is a public marketing and informational website. It is not a patient portal, a telehealth platform, or any system designed to receive Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").

  • Communications you send through the Site (for example, the contact form or by emailing addresses listed here) are not transmitted through a HIPAA-secure channel and are not treated as part of a HIPAA-regulated patient communication.
  • Please do not submit PHI through the Site. Do not include patient names, diagnoses, chart details, insurance member numbers, dates of birth, Social Security numbers, or other health information in the contact form or in any email to addresses listed on the Site.
  • For clinical questions about a specific patient, contact our office at info@woundcaregroup.com and we will follow up using a HIPAA-compliant channel arranged with you.
  • If you are a current or prospective patient and you have a medical emergency, call 911.

If you nonetheless submit PHI through the Site, we will handle it consistent with applicable law and will purge it from non-secure systems as promptly as reasonably possible.

2. Who we are and how to contact us

Legal entity:
AZ Advanced Wound Care Professional Limited (doing business as Arizona Wound Care Group)
Mailing / business address:
4838 E Baseline Rd, Bldg 2, #113, Mesa, AZ 85206.
Privacy contact email:
info@woundcaregroup.com

3. Information we collect

3.1 Information you provide to us

We collect the information you choose to submit through the Site, which is limited to:

  • Contact form submissions: your name, role (e.g., facility administrator, physician, patient, family member), organization (optional), email address, optional phone number, and the contents of your message.
  • Email correspondence: if you email an address listed on the Site, we receive that email and any attachments.

We have configured forms on the Site to request only non-PHI information. We instruct users not to submit PHI.

3.2 Information collected automatically

  • Cloudflare Web Analytics (cookieless, aggregate). We use Cloudflare's privacy-preserving Web Analytics. It does not set any cookies, does not use device fingerprinting for cross-site tracking, and reports only aggregate, anonymized metrics such as page views, referring sites, country-level location, browser family, and device type. It does not identify individual visitors. See Cloudflare's documentation at cloudflare.com/web-analytics.
  • Server logs. Cloudflare (our hosting and CDN provider) maintains routine network and security logs that may temporarily include IP addresses, user-agent strings, requested URLs, timestamps, and HTTP status codes. These are retained according to Cloudflare's standard retention windows and used for security, abuse prevention, and operational diagnostics.
  • Form-submission delivery metadata. When you submit a form, our form-handling provider may capture submission timestamp and IP address for spam prevention.

3.3 What we do NOT collect on the Site

  • No advertising cookies. No Google Ads, Meta Pixel, LinkedIn Insight, TikTok Pixel, or similar tracking pixels are installed on the Site.
  • No Google Analytics. We deliberately do not use Google Analytics.
  • No session-replay or heatmap tools (e.g., FullStory, Hotjar) are used.
  • No live chat with health-question intake.
  • No patient health records or appointment scheduling are processed through the Site.

4. How we use the information

We use the information described above only to:

  1. Respond to your inquiry or referral request;
  2. Coordinate facility, payer, or referring-provider partnerships;
  3. Maintain and improve the Site (aggregate analytics; troubleshooting);
  4. Protect against fraud, abuse, and security threats;
  5. Comply with legal obligations.

We do not sell or rent personal information. We do not use the information collected through this Site for targeted advertising. We do not share contact-form data with marketing partners.

5. Service providers (third-party processors)

We use a small number of service providers that process limited data on our behalf:

Provider Purpose Data they may process
Cloudflare, Inc. Hosting (Cloudflare Pages), DNS, CDN, DDoS mitigation, cookieless Web Analytics IP address, request metadata, aggregate analytics
Cloudflare Pages Functions Receiving and forwarding contact-form submissions Name, email, phone (optional), organization (optional), message, IP, timestamp
Microsoft 365 (Outlook / Exchange Online) Receiving inbound email from form submissions and direct email Your email and message contents

These providers are bound by their own privacy and security commitments. Where appropriate, we have or will execute Data Processing Addenda. None of these providers are configured to receive PHI through the Site, and we do not maintain Business Associate Agreements ("BAAs") covering the Site (because the Site is not a HIPAA-regulated workflow).

6. Cookies and similar technologies

The Site is designed to operate without any advertising or analytics cookies. The only cookies that may be set are strictly necessary cookies (for example, a Cloudflare security cookie such as __cf_bm used to distinguish humans from bots, or a session cookie required by the form provider). These are not used for tracking across sites and we believe they fall within the "strictly necessary" exemption under common cookie-law frameworks.

We will update this section if we ever add additional cookies, and we will require consent at that time if required by applicable law.

7. Data retention

  • Contact-form submissions received via email: retained in our M365 mailboxes per AWCG's standard email retention schedule (typically up to 24 months), unless they have become part of a business or legal record.
  • Cloudflare Web Analytics aggregate data: retained for up to six (6) months per Cloudflare's documented defaults.
  • Server / security logs: retained per Cloudflare's standard retention windows.
  • We will delete personal information we no longer have a legitimate business need to retain, subject to legal preservation obligations.

8. How we protect information

We use industry-standard technical and organizational safeguards: HTTPS/TLS in transit, HSTS, modern TLS ciphers, Cloudflare DDoS and WAF protection, M365 mailbox security (MFA, conditional access), and access controls limited to authorized staff. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Your choices and rights

Depending on where you live, you may have certain rights regarding your personal information. While Arizona is not a state with a comprehensive consumer privacy law as of the date of this Policy, we extend the following to all visitors as a matter of policy:

  • Access. You may ask what personal information we hold about you that you submitted through the Site.
  • Correction. You may ask us to correct inaccurate information.
  • Deletion. You may ask us to delete information you submitted through the Site, subject to legal retention requirements.
  • Opt-out of communications. You can ask us to stop contacting you about non-clinical matters at any time.

To make a request, email info@woundcaregroup.com from the address you used to contact us. We will respond within a reasonable period.

California residents with rights under the California Consumer Privacy Act ("CCPA"), as amended, may also exercise rights of access, deletion, correction, and opt-out of sale/share — note that we do not sell or share personal information for cross-context behavioral advertising.

EU/UK residents: the Site is targeted to United States visitors. If you reach us from the EU or UK, the limited processing described above is undertaken on the basis of our legitimate interest in operating a website and responding to inquiries; you may contact us to exercise applicable rights.

10. Children's privacy

The Site is intended for adults — facility administrators, referring providers, payers, and adult patients or their caregivers. We do not knowingly collect information from children under 13. If you believe a child has submitted information through the Site, contact us and we will delete it.

12. Do Not Track

Some browsers send a "Do Not Track" signal. Because the Site does not perform cross-site tracking and does not use advertising analytics, this signal has no practical effect on our processing.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be highlighted on the Site for a reasonable period.

14. Notice about HIPAA Notice of Privacy Practices

This Privacy Policy governs the public website only. If you become a patient of AWCG, you will receive a separate Notice of Privacy Practices describing how AWCG handles PHI in its clinical operations, in accordance with HIPAA. The clinical Notice of Privacy Practices governs PHI; this Privacy Policy does not.