COOKIE & TRACKING TECHNOLOGIES DISCLOSURE
Effective Date: June 25, 2026 — Version 2.0
OVERVIEW
This Cookie & Tracking Technologies Disclosure (“Cookie Disclosure”) explains how Black Forest MD uses cookies and similar technologies on blackforestmd.com (the “Site”). This Cookie Disclosure supplements our Privacy Policy and HIPAA Notice of Privacy Practices.
“Black Forest MD” is the consumer-facing brand under which Black Forest Management Services LLC (“BFMS”) and Black Forest MD of Florida, PLLC (the “Practice”) operate the Site.
Our central commitment: We do not transmit any protected health information (“PHI”) to Meta, Google, TikTok, LinkedIn, or any other third-party advertising platform. We use a HIPAA-eligible analytics architecture that strips PHI before any data is forwarded to third parties.
1. THE TWO-ZONE ARCHITECTURE
Our Site is divided into two zones with distinct tracking practices:
Zone 1: Marketing Pages (no PHI collected)
Pages in this zone include:
- Homepage (
/) - About (
/about) - Science (
/science) - FAQ (
/faq) - Blog (
/blog) - Generic informational pages
On marketing pages, we may use:
- Strictly necessary cookies (for the Site to function)
- Functional cookies (to remember preferences)
- Performance / analytics cookies (Google Analytics 4)
- Advertising cookies (Meta Pixel, Google Ads, TikTok Pixel, LinkedIn Insight Tag) — only with your consent in jurisdictions that require it
Zone 2: Patient / PHI Pages (where you enter health information)
Pages in this zone include:
- Intake / signup forms (
/intake,/get-started) - Account and profile pages (
/account,/dashboard) - Health questionnaires
- Consultation pages (
/consult) - Patient portal pages
- Treatment, refill, and renewal pages
- Any page accessed after authentication
On PHI pages, we use only:
- Strictly necessary cookies (for the page to function)
- HIPAA-eligible analytics that strip PHI before any third-party transmission
We do not use on PHI pages:
- × Meta Pixel
- × Google Analytics 4 (standard)
- × TikTok Pixel
- × LinkedIn Insight Tag
- × Snap Pixel, Pinterest Tag, Reddit Pixel
- × Hotjar, Microsoft Clarity, FullStory (standard versions)
- × Any other third-party advertising or session replay tracker
2. HOW WE STILL RUN ADS WITHOUT LEAKING YOUR HEALTH DATA
We use a HIPAA-eligible analytics platform. That platform:
- Captures events on our Site (e.g., “patient enrolled,” “subscription started”)
- Removes any personally identifying information and PHI server-side
- Forwards only sanitized, anonymized event data to advertising platforms for conversion tracking
This means advertising platforms can optimize ad campaigns based on whether anonymous conversions occurred, but they do not receive your health information, identity, or any data that could be tied to you personally.
3. TYPES OF COOKIES WE USE
| Cookie type | Purpose | Used on Marketing pages? | Used on PHI pages? |
|---|---|---|---|
| Strictly Necessary | Required for the Site to function (e.g., authentication, security) | Yes | Yes |
| Functional | Remember preferences (e.g., language, region) | Yes | Limited |
| Performance / Analytics | Measure how the Site is used (e.g., page views, navigation) | Yes (GA4) | Yes — but HIPAA-eligible only |
| Advertising / Targeting | Used for ad targeting and conversion measurement | Yes — with your consent | No — never |
4. THIRD-PARTY VENDORS
We work with a limited set of vendors to operate the Site and the Service. Vendors that handle your information are contractually required to protect it and to use it only to provide services to us:
| Vendor | Service |
|---|---|
| Canvas Medical | EHR |
| HIPAA-eligible analytics provider | Operational analytics |
| Stripe | Payment processing |
| Twilio | Patient SMS/voice communications (HIPAA-eligible products only) |
| Postmark / Paubox | Transactional patient email |
| AWS / GCP | Hosting and storage (HIPAA-eligible services only) |
Advertising platforms (Meta, Google, TikTok, LinkedIn) do NOT have access to your health information. They are used only on marketing-zone pages and receive only sanitized conversion data from our HIPAA-eligible analytics provider where appropriate.
5. YOUR CHOICES
5.1 Cookie Consent Banner
On your first visit to the Site, you will see a cookie consent banner. You may accept all cookies, reject non-essential cookies, or customize your preferences.
5.2 Browser Controls
Most browsers allow you to view, manage, and delete cookies. Refer to your browser’s help documentation for instructions.
5.3 Industry Opt-Outs
You may opt out of certain advertising cookies through:
- Digital Advertising Alliance: aboutads.info/choices
- Network Advertising Initiative: optout.networkadvertising.org
- European Interactive Digital Advertising Alliance: youronlinechoices.eu
5.4 Do Not Track / Global Privacy Control
We respect “Do Not Track” browser signals where technically feasible, and we honor Global Privacy Control (GPC) signals as a valid opt-out of the “sale” or “sharing” of personal information under applicable state law.
5.5 State Privacy Law Opt-Outs
Where applicable state privacy law (e.g., California, Virginia, Colorado, Connecticut) gives you rights to opt out of “sale” or “sharing” of personal information for advertising purposes, you may exercise those rights via our cookie consent banner or by contacting us at [email protected].
6. CROSS-DOMAIN INDEPENDENCE FROM BLACK FOREST SUPPLEMENTS
This Site (blackforestmd.com) is operated separately from blackforestsupplements.com (our affiliated supplement business). We do not share cookies, pixels, identifiers, or analytics data between the two domains. Activity on blackforestmd.com is not transmitted to blackforestsupplements.com’s advertising or analytics systems, and vice versa.
7. CHANGES TO THIS DISCLOSURE
We may update this Cookie Disclosure from time to time. The “Effective Date” will be updated, and material changes will be communicated via the Site.
8. CONTACT
Questions about cookies or tracking:
Privacy Officer
Black Forest Management Services LLC
1000 Brickell Avenue, Suite 550, Miami, FL 33131
Email: [email protected]
