Privacy Policy

Updated January 30, 2026

Effective Date: November 19, 2025

Pinnacle Wound Care (“Pinnacle Wound Care,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your information is handled in a legal, ethical, and moral manner. This Website Privacy Policy explains how we collect, use, protect, and share information when you visit https://pinnaclewc.com
(the “Website”).

This Policy applies to information collected online through the Website, including forms, cookies, analytics, and SMS/text messaging. It does not apply to Protected Health Information (“PHI”) collected during clinical care. All PHI is governed exclusively by our Notice of Privacy Practices (NPP), which is the controlling document for all PHI.

Scope of the Policy | This Policy applies to:
• Website visitors
• Individuals who submit information through forms
• Users who opt in to SMS/text messaging
• Cookies, analytics tools, and tracking technologies

This Policy does not apply to PHI collected through medical care or offline interactions. Those activities are governed by our Notice of Privacy Practices (NPP).

Information We Collect
A. Protected Health Information (PHI)
If you provide health-related information via online forms, SMS/text messages, or document uploads, it becomes PHI. PHI may include:
• Name and contact details
• Insurance information
• Medical history or symptoms
• Any health information you voluntarily submit

PHI collected online is protected under HIPAA, HITECH, and the Arkansas Medical Records Act and is governed by our Notice of Privacy Practices (NPP).

B. Personal Information (Non-PHI)
We may collect Website-related information such as:
• IP address
• Device type and browser
• Pages viewed
• Time spent on the Website
• Referral source
• Clickstream behavior

C. Cookies and Tracking Technologies
The Website uses cookies for basic functionality, security, analytics, and performance. Users may disable cookies through browser settings. Some Website functions may not operate properly if cookies are disabled.

How We Use Information
Website-collected information may be used to:
• Respond to inquiries
• Process appointment requests
• Provide SMS/text updates to users who opt in
• Improve Website performance
• Enhance security
• Analyze traffic patterns
• Comply with legal or regulatory obligations

We do not sell personal information or PHI.

How We Share Information
A. Business Associates
PHI may be shared with HIPAA-compliant Business Associates who support scheduling, secure messaging, hosting, encrypted forms, and technical services.

B. Third-Party Website Services (Non-PHI)
We use tools such as Google Analytics, CAPTCHA, and hosting services to analyze Website performance. These services do not collect PHI.

C. Legal Requirements
We may disclose information as required to comply with laws, respond to lawful requests, or protect safety and security.

To avoid limiting legally required uses of PHI, the Website Privacy Policy affirms that:
• PHI submitted through Website forms or text messages may be used or disclosed as permitted under our Notice of Privacy Practices (NPP).
• All uses and disclosures of PHI for treatment, payment, health care operations, or legal obligations follow the NPP.
• For PHI collected digitally, all legally required disclosures (such as public health reporting, law enforcement, or judicial orders) follow the NPP.

HIPAA Rights for Online PHI
If you submit PHI online, your HIPAA rights apply. These include the right to request access, amendments, restrictions, confidential communications, and an accounting of disclosures.

HIPAA inquiries:
Privacy Officer: Devin Sessions
Phone: 501-359-6655
Email: info@pinnaclewc.com

Arkansas Requirements
We comply with the Arkansas Personal Information Protection Act and the Arkansas Medical Records Act.

Cookie Controls
Users may manage cookies through their browser or via the Google Analytics opt-out tool:
https://tools.google.com/dlpage/gaoptout/

For EU/UK visitors, non-essential cookies require explicit consent.

SMS & Mobile Data Sharing
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

Text messaging originator opt-in data and consent will not be shared with any third parties or affiliates under any circumstances.

This includes phone numbers collected through Website forms, intake forms, SMS opt-in keywords, or written consent.

SMS/Text Messaging (TCPA, HIPAA, and RingCentral Compliance)
By opting in to SMS/text messaging, you consent to receive messages related to scheduling, appointment confirmations, follow-up reminders, and administrative or care-related communication. Messages may be sent through RingCentral or another HIPAA-compliant platform.

Message and data rates may apply. Frequency may vary. Consent is not required for care.

Reply STOP to opt out. Reply HELP for assistance. STOP requests are processed immediately.

SMS/text messaging is not encrypted and may not be fully secure. Avoid sending sensitive details unless necessary. Any medical information you provide becomes PHI and is covered by the NPP.

SMS/text messages may be stored securely and may be added to your medical record when appropriate. If your number is reassigned, we honor STOP requests from the new recipient.

Consent for SMS may be collected through Website forms, intake forms, checkboxes, or by voluntarily texting the clinic.

Data Security
We use administrative, technical, and physical safeguards, including access controls, secure servers, encryption where required, and system monitoring. No system can guarantee absolute security.

Children’s Privacy
The Website is not intended for children under age 13. We do not knowingly collect information from children without parental consent.

Third-Party Links
External websites linked from our Website have separate privacy practices. We are not responsible for their content, security, or policies.

User Rights (Non-PHI)
Users may request access to personal information collected through the Website, request deletion of non-PHI where permitted, modify cookie settings, opt out of analytics, and opt out of SMS messages. PHI rights must be exercised through the Privacy Officer.

GDPR Compliance for EU/UK Visitors
If you access the Website from the EU/UK, the following rights apply:

A. Data Controller
Pinnacle Wound Care
1225 Breckenridge Drive, Suite 110
Little Rock, AR 72205
Email: info@pinnaclewc.com

B. Legal Basis for Processing
We process data under consent, legitimate interest, contract, legal obligations, vital interests, and health care–related purposes as allowed under GDPR.

C. International Transfers
Data may be transferred to U.S.-based servers. Safeguards include Standard Contractual Clauses (SCCs), HIPAA-level security, and technical protections.

D. GDPR Rights
EU/UK visitors have the right to request access, correction, deletion, restriction, objection, portability, and withdrawal of consent. Complaints may be filed with an EU/UK supervisory authority.

E. Cookies for EU/UK
Non-essential cookies are not activated without explicit consent and may be withdrawn anytime.

F. Automated Decision-Making
We do not use automated decision-making or profiling.

G. Retention
Data is retained only as long as necessary for Website-related functions or as required by law.

Website Hosting Location
Website hosting and data processing occur in the United States.

Data Retention
Non-PHI is retained only as long as necessary. PHI follows HIPAA and Arkansas retention requirements.

Accessibility
For accessibility questions or to report barriers, contact us at info@pinnaclewc.com
or review our Website Accessibility Statement.

Material Changes to This Policy
We may update this Policy. Material changes may be announced on the Website. The current Policy will always display an updated effective date.

Contact Information
Pinnacle Wound Care
1225 Breckenridge Drive, Suite 110
Little Rock, AR 72205
Phone: 501-359-6655
Email: info@pinnaclewc.com