Skip to content Skip to footer
Menu Close
Close
Facebook

Privacy Policy

Privacy Policy for Iconweightloss.com

Effective Date: April 24, 2026 Last Updated: April 24, 2026

Icon Weight Loss (“Icon Weight Loss,” “we,” “us,” or “our”) operates the website located at Iconweightloss.com (the “Site”) and provides medical weight loss services, consultations, and related programs. We are committed to protecting the privacy and security of our patients, website visitors, and program participants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site, enroll in our programs, or otherwise interact with us.

Please read this Privacy Policy carefully. If you do not agree with the terms of this policy, please do not access the Site or use our services.

1. Scope and Legal Framework

This Privacy Policy is designed to comply with applicable privacy and data protection laws, including:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy, Security, and Breach Notification Rules
  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
  • The European Union General Data Protection Regulation (GDPR) and the UK GDPR
  • The Florida Information Protection Act (FIPA)
  • Other applicable U.S. state and federal privacy laws

Please note: Information that qualifies as Protected Health Information (PHI) under HIPAA is governed by our separate Notice of Privacy Practices, which takes precedence over this Privacy Policy with respect to PHI. This Privacy Policy primarily governs information collected through our Site and non-clinical interactions.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

  • Identification and Contact Information: Full name, date of birth, mailing address, email address, telephone number
  • Account and Enrollment Information: Username, password, program preferences, and enrollment form responses
  • Health and Medical Information: Height, weight, BMI, medical history, current medications, allergies, health conditions, treatment goals, and other information you provide in connection with our weight loss services (this information is treated as PHI under HIPAA)
  • Payment Information: Credit or debit card number, billing address, and payment authorization details (processed through Authorize.net — see Section 4)
  • Insurance Information: Where applicable, insurance carrier, policy number, and group information
  • Communications: Information you provide when you contact us, submit inquiries, or correspond with our staff
  • Photographs and Biometric Data: Progress photos or body measurements you voluntarily submit

2.2 Information Collected Automatically

When you visit our Site, we and our third-party service providers automatically collect certain information, including:

  • Device and Technical Information: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Usage Information: Pages visited, links clicked, time spent on pages, referring URLs, search terms
  • Location Information: Approximate geographic location derived from IP address
  • Cookies and Similar Technologies: See Section 6 for details

2.3 Information from Third Parties

We may receive information from:

  • Healthcare providers, laboratories, and pharmacies involved in your care (with appropriate authorization)
  • Practice Better, our practice management platform (see Section 4)
  • Referral sources, with your consent
  • Social media platforms, if you interact with us through those channels

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Treatment and Care: Providing weight loss consultations, treatment plans, follow-up care, and coordinating with other healthcare providers
  • Payment: Processing payments, submitting insurance claims, and billing for services
  • Healthcare Operations: Quality improvement, staff training, compliance activities, and business management
  • Service Delivery: Creating and managing your account, scheduling appointments, and communicating about your care
  • Communications: Responding to inquiries, sending appointment reminders, treatment updates, and, with your consent, marketing communications
  • Website Functionality: Operating, maintaining, and improving the Site
  • Analytics: Understanding how visitors use our Site to improve user experience (see Section 6)
  • Legal and Safety: Complying with legal obligations, protecting our rights, and preventing fraud or abuse

Legal Bases for Processing (GDPR)

For individuals in the European Economic Area, United Kingdom, or Switzerland, we process personal data under the following legal bases:

  • Consent — for marketing communications and non-essential cookies
  • Contract performance — to provide services you have requested
  • Legal obligation — to comply with healthcare and tax laws
  • Legitimate interests — for Site improvement, security, and fraud prevention
  • Vital interests — in medical emergencies
  • Explicit consent — for processing of special category data (health information)

4. Third-Party Service Providers and Disclosures

We share information with the following categories of third parties, each bound by appropriate contractual protections including HIPAA Business Associate Agreements (BAAs) where applicable:

4.1 Named Service Providers

  • Practice Better — our HIPAA-compliant practice management and electronic health record platform. Practice Better stores patient records, appointment information, intake forms, and communications. A Business Associate Agreement is in place. Practice Better’s privacy practices are available at practicebetter.io/privacy.
  • Authorize.net (a Visa solution) — our payment card processor. When you make a payment, your card information is transmitted directly to Authorize.net via encrypted connection; we do not store full credit card numbers on our servers. Authorize.net’s privacy practices are available at authorize.net/about-us/privacy.
  • Google Analytics — we use Google Analytics to understand how visitors use our Site. Google Analytics collects information such as IP address (anonymized where available), browser type, pages visited, and time spent on the Site. Google Analytics does not receive any PHI. You can opt out using the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.
  • Meta Pixel (Facebook Pixel) — we use the Meta Pixel on non-patient-portal pages of our Site to measure advertising effectiveness and build audiences for marketing. The Meta Pixel is not deployed on pages containing health information, patient portals, appointment booking, or enrollment forms. Information shared with Meta may include IP address, browser information, and page URL. You can manage your Meta ad preferences at facebook.com/settings/?tab=ads.

4.2 Other Categories of Recipients

  • Healthcare providers involved in your treatment (with authorization)
  • Laboratories and pharmacies processing orders related to your care
  • Insurance companies for coverage verification and claims
  • Professional advisors such as attorneys, accountants, and auditors
  • Government authorities when required by law, subpoena, or court order
  • Successors in interest in the event of a merger, acquisition, or sale of assets

4.3 No Sale of Personal Information

We do not sell your personal information for monetary consideration. Certain uses of advertising and analytics technologies (such as the Meta Pixel) may qualify as a “sale” or “sharing” under the CCPA/CPRA. You have the right to opt out — see Section 8.

We do not use, disclose, or sell any Protected Health Information for marketing purposes without your prior written authorization, as required by HIPAA.

5. Data Security

We implement administrative, physical, and technical safeguards designed to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest where appropriate
  • Access controls limiting information to authorized personnel with a legitimate need
  • Regular security assessments and employee training
  • Secure, HIPAA-compliant hosting for PHI
  • Multi-factor authentication for administrative access
  • Incident response procedures

Despite these measures, no system is 100% secure. If we become aware of a breach affecting your information, we will notify you and applicable regulators as required by law, including HIPAA’s Breach Notification Rule.

6. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies, categorized as follows:

  • Strictly Necessary Cookies — required for Site functionality, security, and accessibility. These cannot be disabled.
  • Analytics Cookies — used by Google Analytics to measure Site usage.
  • Advertising Cookies — used by the Meta Pixel and similar technologies for marketing.
  • Functional Cookies — remember your preferences.

Cookie Consent: Upon your first visit, we present a cookie banner that allows you to accept, reject, or customize non-essential cookies. You can change your preferences at any time via the “Cookie Preferences” link in our Site footer.

Do Not Track: Our Site does not currently respond to “Do Not Track” browser signals but does honor Global Privacy Control (GPC) signals where required by law.

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Medical records — retained in accordance with Florida Statutes § 456.057 (minimum five years after the last patient encounter for adults; longer for minors) and applicable federal requirements
  • Billing and tax records — retained for at least seven years
  • Website analytics data — retained for up to 26 months
  • Marketing contact information — retained until you unsubscribe, plus a reasonable suppression period

After retention periods expire, we securely delete or de-identify your information.

8. Your Privacy Rights

8.1 HIPAA Rights

With respect to your Protected Health Information, you have the right to:

  • Access and obtain copies of your medical records
  • Request amendments to your records
  • Receive an accounting of disclosures
  • Request restrictions on certain uses and disclosures
  • Request confidential communications
  • File a complaint with us or the U.S. Department of Health and Human Services Office for Civil Rights

See our Notice of Privacy Practices for complete details.

8.2 California Rights (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect, use, disclose, and “sell” or “share”
  • Delete personal information we have collected (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising your rights

To opt out of “sale/sharing,” use the “Do Not Sell or Share My Personal Information” link in our Site footer or enable Global Privacy Control in your browser.

Medical information governed by HIPAA and the California Confidentiality of Medical Information Act (CMIA) is generally exempt from CCPA.

8.3 GDPR/UK GDPR Rights

If you are located in the EEA, United Kingdom, or Switzerland, you have the right to:

  • Access your personal data
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

8.4 Exercising Your Rights

To exercise any of these rights, contact us using the information in Section 12. We will verify your identity before processing requests and respond within the timeframes required by applicable law (generally 30–45 days). You may designate an authorized agent to make requests on your behalf.

9. International Data Transfers

Icon Weight Loss is based in the United States. If you access our Site from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses and UK International Data Transfer Addendum for transfers of personal data from the EEA and UK.

10. Children’s Privacy

Our Site and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Patients under 18 require parental or legal guardian consent to receive services. If you believe we have collected information from a child without proper consent, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting a notice on the Site and updating the “Last Updated” date above. Your continued use of the Site after changes take effect constitutes acceptance of the revised policy.

12. Contact Information

For questions, requests, or complaints regarding this Privacy Policy or our privacy practices:

Icon Weight Loss 1721 NW 123rd Ave, Pembroke Pines, FL 33026 Phone: (954) 837-8811 Email: Info@iconweightloss.com HIPAA Privacy Officer: Info@iconweightloss.com Website: https://iconweightloss.com

EU/UK Representative (if applicable): [To be designated if EU/UK operations warrant]

To file a HIPAA complaint with the federal government: U.S. Department of Health and Human Services Office for Civil Rights 200 Independence Avenue, S.W., Washington, D.C. 20201 1-877-696-6775 | hhs.gov/ocr