COOKIE & TRACKING TECHNOLOGIES DISCLOSURE

Effective Date: June 25, 2026 — Version 2.0

OVERVIEW

This Cookie & Tracking Technologies Disclosure (“Cookie Disclosure”) explains how Black Forest MD uses cookies and similar technologies on blackforestmd.com (the “Site”). This Cookie Disclosure supplements our Privacy Policy and HIPAA Notice of Privacy Practices.

“Black Forest MD” is the consumer-facing brand under which Black Forest Management Services LLC (“BFMS”) and Black Forest MD of Florida, PLLC (the “Practice”) operate the Site.

Our central commitment: We do not transmit any protected health information (“PHI”) to Meta, Google, TikTok, LinkedIn, or any other third-party advertising platform. We use a HIPAA-eligible analytics architecture that strips PHI before any data is forwarded to third parties.

1. THE TWO-ZONE ARCHITECTURE

Our Site is divided into two zones with distinct tracking practices:

Zone 1: Marketing Pages (no PHI collected)

Pages in this zone include:

  • Homepage (/)
  • About (/about)
  • Science (/science)
  • FAQ (/faq)
  • Blog (/blog)
  • Generic informational pages

On marketing pages, we may use:

  • Strictly necessary cookies (for the Site to function)
  • Functional cookies (to remember preferences)
  • Performance / analytics cookies (Google Analytics 4)
  • Advertising cookies (Meta Pixel, Google Ads, TikTok Pixel, LinkedIn Insight Tag) — only with your consent in jurisdictions that require it

Zone 2: Patient / PHI Pages (where you enter health information)

Pages in this zone include:

  • Intake / signup forms (/intake, /get-started)
  • Account and profile pages (/account, /dashboard)
  • Health questionnaires
  • Consultation pages (/consult)
  • Patient portal pages
  • Treatment, refill, and renewal pages
  • Any page accessed after authentication

On PHI pages, we use only:

  • Strictly necessary cookies (for the page to function)
  • HIPAA-eligible analytics that strip PHI before any third-party transmission

We do not use on PHI pages:

  • × Meta Pixel
  • × Google Analytics 4 (standard)
  • × TikTok Pixel
  • × LinkedIn Insight Tag
  • × Snap Pixel, Pinterest Tag, Reddit Pixel
  • × Hotjar, Microsoft Clarity, FullStory (standard versions)
  • × Any other third-party advertising or session replay tracker

2. HOW WE STILL RUN ADS WITHOUT LEAKING YOUR HEALTH DATA

We use a HIPAA-eligible analytics platform. That platform:

  • Captures events on our Site (e.g., “patient enrolled,” “subscription started”)
  • Removes any personally identifying information and PHI server-side
  • Forwards only sanitized, anonymized event data to advertising platforms for conversion tracking

This means advertising platforms can optimize ad campaigns based on whether anonymous conversions occurred, but they do not receive your health information, identity, or any data that could be tied to you personally.

3. TYPES OF COOKIES WE USE

Cookie typePurposeUsed on Marketing pages?Used on PHI pages?
Strictly NecessaryRequired for the Site to function (e.g., authentication, security)YesYes
FunctionalRemember preferences (e.g., language, region)YesLimited
Performance / AnalyticsMeasure how the Site is used (e.g., page views, navigation)Yes (GA4)Yes — but HIPAA-eligible only
Advertising / TargetingUsed for ad targeting and conversion measurementYes — with your consentNo — never

4. THIRD-PARTY VENDORS

We work with a limited set of vendors to operate the Site and the Service. Vendors that handle your information are contractually required to protect it and to use it only to provide services to us:

VendorService
Canvas MedicalEHR
HIPAA-eligible analytics providerOperational analytics
StripePayment processing
TwilioPatient SMS/voice communications (HIPAA-eligible products only)
Postmark / PauboxTransactional patient email
AWS / GCPHosting and storage (HIPAA-eligible services only)

Advertising platforms (Meta, Google, TikTok, LinkedIn) do NOT have access to your health information. They are used only on marketing-zone pages and receive only sanitized conversion data from our HIPAA-eligible analytics provider where appropriate.

5. YOUR CHOICES

5.1 Cookie Consent Banner

On your first visit to the Site, you will see a cookie consent banner. You may accept all cookies, reject non-essential cookies, or customize your preferences.

5.2 Browser Controls

Most browsers allow you to view, manage, and delete cookies. Refer to your browser’s help documentation for instructions.

5.3 Industry Opt-Outs

You may opt out of certain advertising cookies through:

5.4 Do Not Track / Global Privacy Control

We respect “Do Not Track” browser signals where technically feasible, and we honor Global Privacy Control (GPC) signals as a valid opt-out of the “sale” or “sharing” of personal information under applicable state law.

5.5 State Privacy Law Opt-Outs

Where applicable state privacy law (e.g., California, Virginia, Colorado, Connecticut) gives you rights to opt out of “sale” or “sharing” of personal information for advertising purposes, you may exercise those rights via our cookie consent banner or by contacting us at [email protected].

6. CROSS-DOMAIN INDEPENDENCE FROM BLACK FOREST SUPPLEMENTS

This Site (blackforestmd.com) is operated separately from blackforestsupplements.com (our affiliated supplement business). We do not share cookies, pixels, identifiers, or analytics data between the two domains. Activity on blackforestmd.com is not transmitted to blackforestsupplements.com’s advertising or analytics systems, and vice versa.

7. CHANGES TO THIS DISCLOSURE

We may update this Cookie Disclosure from time to time. The “Effective Date” will be updated, and material changes will be communicated via the Site.

8. CONTACT

Questions about cookies or tracking:

Privacy Officer
Black Forest Management Services LLC
1000 Brickell Avenue, Suite 550, Miami, FL 33131
Email: [email protected]