PRIVACY POLICY
Community Point 5NP & Massage, LLC
Effective Date: May 11, 2026 | Last Updated: May 11, 2026
Massage Therapy · Wellness Services · Client Health Records
Community Point 5NP & Massage, LLC ("we," "us," "our," or the "Practice") is committed to protecting the privacy and confidentiality of our clients. This Privacy Policy explains how we collect, use, store, protect, share, and respect your personal and health information when you receive services from us, visit our website ([www.communitypoint5np.com]), schedule appointments, or communicate with our staff.
As a massage therapy and wellness practice, we handle sensitive personal health information. We take that responsibility seriously. This policy is designed to be transparent, easy to understand, and fully compliant with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR) for any EU/UK clients, and applicable healthcare and professional licensing standards.
By using our services, completing intake forms, booking appointments, or interacting with our website, you acknowledge that you have read and understood this Privacy Policy.
1. About Us
Business Name: Community Point 5NP & Massage, LLC
Address: 1287 CR 222, Florence, TX 76527
Phone: 1+254-290-4794
Email: [privacy@communitypoint5np.com]
Website: [www.communitypoint5np.com]
We are a licensed massage therapy and wellness practice. Our therapists are trained, credentialed professionals who are bound by professional codes of ethics that include strict confidentiality standards. We act as the data controller for all personal information collected through our services.
2. Information We Collect
We collect information that is necessary to provide safe, effective, and personalized massage therapy and wellness services. The types of information we collect depend on how you interact with us.
2.1 Client Intake and Health History Information
When you become a client, we collect health and personal information through our intake forms, health history questionnaires, and in-person consultations. This includes:
◆ Personal identifiers: full name, date of birth, home address, phone number, and email address.
◆ Emergency contact information: name, relationship, and phone number of a designated emergency contact.
◆ Health history and medical background: current and past medical conditions, surgeries, injuries, chronic conditions, medications, allergies, and any contraindications relevant to massage therapy.
◆ Treatment preferences and goals: areas of focus, pressure preferences, wellness goals, and any areas to avoid during treatment.
◆ Informed consent and release forms: signed acknowledgments that you have reviewed our policies and consent to treatment.
◆ Session notes: therapist notes documenting treatment provided, client feedback, responses to treatment, and any modifications made during each session. These are part of your professional health record.
◆ Referral information: the name of any healthcare provider (e.g., physician, chiropractor, physical therapist) who referred you to us, if applicable.
⚕️ Why we need health information
Health history information is essential for your safety. Certain medical conditions, medications, and physical states require us to modify, limit, or decline treatment. Accurate and complete health information allows your therapist to provide the safest and most effective care possible. This information is treated as confidential health data.
2.2 Scheduling and Appointment Information
◆ Appointment dates, times, duration, and service type.
◆ Booking history and cancellation records.
◆ Gift certificate or package redemption records.
◆ Scheduling preferences and notes.
This information is collected in person, by phone, by email, or through our online booking system.
2.3 Billing and Payment Information
◆ Payment method: cash, credit/debit card type, or insurance information.
◆ Transaction records: service fees paid, receipts, and invoice history.
◆ Insurance information (if applicable): insurer name, policy number, and authorization information where we bill directly to insurance.
We do not store full credit or debit card numbers. Card transactions are processed through a secure, PCI-DSS-compliant third-party payment processor. We retain only the last four digits of card numbers and transaction confirmation records.
2.4 Communication Information
◆ Emails and messages: content of emails, text messages, or online form submissions you send to us.
◆ Appointment reminders and confirmations: records of automated and manual communications sent to you.
◆ Feedback and reviews: responses to satisfaction surveys or testimonials you voluntarily provide.
2.5 Website and Online Booking Information
When you visit our website or use our online booking platform, we may automatically collect:
◆ IP address and general geographic location (city/state level).
◆ Browser type, operating system, and device type.
◆ Pages visited, links clicked, and time spent on pages.
◆ Referring website or search engine.
◆ Cookies and similar tracking technologies — see Section 7 for details.
📋 Information we do NOT collect
We do not collect Social Security numbers, government-issued ID numbers, biometric data, genetic data, or the contents of private communications unrelated to your care. We do not collect data from minors under 18 without explicit parental or guardian consent. We do not purchase or obtain personal information from data brokers.
3. How We Use Your Information
We use the information we collect only for the purposes described below. We do not use your personal or health information for any purpose unrelated to providing you with quality care and running our practice.
3.1 Scheduling and Appointment Management
◆ Booking, confirming, rescheduling, and cancelling appointments.
◆ Sending appointment reminders by phone, text message, or email (based on your communication preferences).
◆ Managing our therapist schedules and availability.
◆ Tracking attendance history and package or gift certificate usage.
3.2 Providing and Personalising Massage Therapy Services
◆ Reviewing your health history before each session to ensure treatment is appropriate and safe for you.
◆ Customizing the type, technique, pressure, and focus of each massage session to your specific needs, preferences, and health conditions.
◆ Documenting session notes to ensure continuity of care across multiple visits.
◆ Identifying contraindications that require modification or referral to another healthcare provider.
◆ Monitoring your progress toward wellness goals over time.
3.3 Billing and Payment
◆ Processing payment for services rendered.
◆ Issuing receipts, invoices, and statements.
◆ Submitting claims to insurance providers where applicable and authorized by you.
◆ Maintaining accurate financial records as required by law.
3.4 Client Communication
◆ Responding to your questions, requests, and feedback.
◆ Sending health tips, wellness newsletters, or promotional offers — only where you have opted in.
◆ Communicating practice updates, policy changes, or important notices.
◆ Following up after sessions when clinically appropriate.
3.5 Safety, Legal, and Operational Purposes
◆ Complying with applicable federal, state, and local laws and professional licensing requirements.
◆ Protecting the safety of clients, staff, and the public.
◆ Defending against legal claims or exercising our legal rights.
◆ Maintaining and improving our services through internal quality review.
◆ Training staff under strict confidentiality obligations.
4. How We Protect Your Information
We take the security of your personal and health information very seriously. We implement physical, administrative, and technical safeguards appropriate to the sensitivity of the information we hold.
4.1 Physical Safeguards
◆ Locked storage: all paper intake forms, health history records, session notes, and client files are stored in locked filing cabinets that are accessible only to authorized staff.
◆ Secure facility: our practice space is secured after business hours. Client records are never left in unsecured or publicly accessible areas.
◆ Visitor access: access to areas containing client files is restricted to credentialed staff and therapists only.
◆ Document disposal: paper records containing personal or health information are shredded using a cross-cut shredder before disposal — they are never placed in regular trash.
4.2 Administrative Safeguards
◆ Staff training: all staff and therapists receive training on client confidentiality, privacy obligations, and our internal data handling procedures before they access any client information.
◆ Minimum necessary standard: staff access only the information that is necessary to perform their specific role. Therapists access their own clients' records; administrative staff access scheduling and billing information.
◆ Confidentiality obligations: all employees, contractors, and student interns sign a confidentiality agreement before beginning work at our practice.
◆ Incident response: we maintain a written procedure for responding to data breaches or unauthorized disclosures, including notifying affected clients as required by applicable law.
4.3 Technical Safeguards (Electronic Records)
◆ Encrypted storage: electronic client records are stored using encrypted software with password protection and industry-standard encryption.
◆ Secure booking and scheduling platforms: our online booking system uses HTTPS encryption for all data transmitted between your browser and the booking platform.
◆ Payment security: online and in-person card payments are processed through a PCI-DSS-compliant payment processor. We do not store full card numbers on our systems.
◆ Access controls: electronic systems are protected by unique login credentials. Staff accounts are immediately deactivated upon departure from the practice.
◆ Software updates: we keep our practice management software, operating systems, and security tools up to date to protect against known vulnerabilities.
◆ Data backup: electronic records are backed up regularly using encrypted backup systems to prevent loss from hardware failure or other incidents.
🔒 No system is 100% secure
While we implement strong safeguards, no method of data storage or transmission is completely secure. In the unlikely event of a data breach that affects your personal information, we will notify you promptly in accordance with applicable law and take immediate steps to address the breach.
5. When We Share Your Information
We do not sell, rent, trade, or otherwise share your personal or health information for commercial purposes. We treat your health history and session records with the same confidentiality as any licensed healthcare professional. We share information only in the limited circumstances described below.
5.1 Continuity of Care — Other Healthcare Providers
With your express written consent, we may share relevant health history and treatment information with:
◆ Your physician, chiropractor, physical therapist, occupational therapist, or other licensed healthcare providers, where coordinated care would benefit your treatment.
◆ A healthcare provider who referred you to us, to update them on your treatment progress.
◆ A specialist or emergency provider in the event of a health event during or after your session.
We will never share your health information with another provider without your consent, except in a genuine medical emergency.
5.2 Service Providers Who Support Our Practice
We may share limited personal information (not health records) with trusted vendors who perform services on our behalf, including:
◆ Online booking platforms: to manage appointment scheduling. These platforms are contractually bound to protect your information and may not use it for any other purpose.
◆ Payment processors: to process payments securely. Payment processors receive only the minimum information required to complete a transaction.
◆ Email or text reminder services: to send appointment reminders and practice communications, using only your name and contact information.
◆ Accounting and bookkeeping services: who receive financial transaction records (not health information) and are bound by professional confidentiality obligations.
All third-party service providers are carefully vetted. They are contractually prohibited from using your information for any purpose other than the specific service they provide to us.
5.3 Legal and Regulatory Requirements
We may disclose your personal information without your consent only where required or permitted by law, including:
◆ Legal process: in response to a valid court order, subpoena, or other binding legal process.
◆ Mandatory reporting: where state law requires mandatory reporting, such as certain situations involving suspected abuse, neglect, or threats to the safety of a person.
◆ Law enforcement: where required by law enforcement with appropriate legal authority.
◆ Licensing and regulatory bodies: if required by our professional licensing board or a regulatory agency with oversight of our practice.
Where permitted by law, we will inform you before making such a disclosure. We disclose only the minimum information required to satisfy the legal obligation.
5.4 Business Transfers
In the unlikely event that our practice is sold, merged, or transferred to a new owner, client records may be transferred to the new owner as part of that transaction. You will be notified in advance of any such transfer and informed of your options, including the ability to request that your records be transferred to another provider or deleted.
5.5 What We Will Never Do
◆ Sell your personal or health information to any third party for marketing, data brokerage, or any commercial purpose.
◆ Share your health history or session records with family members, friends, or employers without your explicit written consent.
◆ Post information about your treatments or health on social media or public platforms — ever.
◆ Use your contact information to send marketing communications from third parties.
6. Your Rights as a Client
You have meaningful rights regarding your personal and health information. We are committed to honoring these rights promptly and respectfully.
6.1 Right to Access Your Records
You have the right to request a copy of the personal information and health records we hold about you. Upon your written request, we will provide you with:
◆ A copy of your intake forms and health history on file.
◆ Your session notes (to the extent permitted by law and professional guidelines).
◆ Your billing history, receipts, and payment records.
◆ A summary of how your information has been used or shared.
We will fulfill access requests within 30 days. A reasonable fee may apply for copying and preparing extensive records, in accordance with applicable law.
6.2 Right to Update or Correct Your Information
Your health and contact information changes over time, and keeping it accurate is important for your safety. You have the right to:
◆ Update your contact information (address, phone number, email) at any time by contacting our office.
◆ Correct inaccuracies in your health history or intake forms by completing an updated form at your next visit or by contacting us in writing.
◆ Request that we correct any factual inaccuracy in our records about you.
6.3 Right to Request Deletion of Your Information
You have the right to request that we delete your personal information. We will honor this request subject to the following:
◆ We will delete your personal contact information, appointment history, and any marketing preferences.
◆ We are required by professional licensing standards and applicable law to retain health records (intake forms, session notes, health history) for a minimum number of years after your last visit. We will inform you of the applicable retention period when you make a deletion request.
◆ Records that are required for ongoing legal obligations, tax compliance, or to respond to a pending legal claim cannot be deleted until those obligations are resolved.
After the required retention period has expired, we will securely destroy your records as described in Section 4.
6.4 Right to Opt Out of Communications
You have the right to opt out of any non-essential communications at any time:
◆ Marketing emails and newsletters: click the unsubscribe link in any email we send, or contact us directly.
◆ Promotional text messages: reply STOP to any text message we send, or contact us.
◆ Appointment reminders: you may choose your preferred reminder method (or none) at any time.
Opting out of marketing communications does not affect your ability to receive appointment confirmations and essential service communications.
6.5 Right to Withdraw Consent
Where your information is processed on the basis of your consent (e.g., sharing records with another provider), you may withdraw that consent at any time by notifying us in writing. Withdrawal of consent does not affect any processing already completed before withdrawal.
6.6 California Resident Rights (CCPA / CPRA)
🌟 California Consumer Privacy Act (CCPA) as amended by CPRA — California Residents
If you are a California resident, you have additional rights under the CCPA/CPRA: (1) Right to Know — the categories and specific pieces of personal information we have collected about you; (2) Right to Delete — request deletion of your personal information, subject to legal retention requirements; (3) Right to Correct — request correction of inaccurate personal information; (4) Right to Opt Out of Sale or Sharing — we do NOT sell or share your personal information for advertising or commercial purposes; (5) Right to Limit Use of Sensitive Personal Information — to limit our use of sensitive data (including health information) to providing the requested service; (6) Right to Non-Discrimination — we will never treat you differently for exercising your rights. To exercise these rights, contact us at [privacy@communitypoint5np.com]. We will respond within 45 days.
6.7 EU / UK Client Rights (GDPR)
🇪🇺 General Data Protection Regulation (GDPR) — EU, EEA & UK Clients
If you are located in the EU, EEA, or UK, you have rights under the GDPR including: Right of Access (Art. 15); Right to Rectification (Art. 16); Right to Erasure (Art. 17); Right to Restriction (Art. 18); Right to Data Portability (Art. 20); Right to Object (Art. 21). Our lawful basis for processing your health information is your explicit consent (Art. 9(2)(a)) and, where applicable, the provision of healthcare services. You may also lodge a complaint with your national data protection authority. Contact us at [privacy@communitypoint5np.com] to exercise any of these rights.
6.8 How to Exercise Your Rights
To exercise any of the rights described above, please contact us by:
Email: [privacy@communitypoint5np.com]
Phone: [Your Phone Number]
Mail: [Your Street Address, City, State, ZIP]
Please include your full name, the email address on file, and a description of your request. We will verify your identity before processing requests that involve accessing or modifying personal information. We will respond within the timeframes required by applicable law (generally within 30–45 days).
7. Website Cookies and Tracking
When you visit [www.communitypoint5np.com] or use our online booking system, we may use cookies and similar technologies to improve your browsing experience and understand how our website is used.
7.1 Types of Cookies We Use
◆ Strictly necessary cookies: required for the website and booking system to function (e.g., maintaining your session when booking an appointment). These cannot be disabled.
◆ Functional cookies: remember your preferences, such as your location or preferred language.
◆ Analytics cookies: help us understand how visitors use our website so we can improve it (e.g., Google Analytics). These use anonymised data and do not track individual clients across other websites.
We do not use marketing or advertising tracking cookies. We do not sell website visitor data to any third party.
7.2 Managing Cookies
◆ Most web browsers allow you to refuse or delete cookies through your browser settings.
◆ You may opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.
◆ Disabling strictly necessary cookies may prevent the online booking system from working correctly.
8. How Long We Keep Your Information
We retain your information only for as long as is necessary to provide you with services, comply with our legal and professional obligations, and protect our legitimate interests.
Type of Record
Retention Period
Intake forms and health history
Minimum 7 years from last visit, or as required by state licensing board rules for massage therapists
Session / treatment notes
Minimum 7 years from last visit (professional health record)
Minor clients' records
Until the client reaches age 18, plus 7 years
Appointment and scheduling history
5 years from last appointment
Billing and payment records
7 years (tax and accounting legal requirement)
Signed consent and release forms
Duration of the client relationship plus 7 years
Marketing consent records
Until opt-out, then suppression record retained 3 years
Website analytics data
26 months (anonymised aggregated data)
After the applicable retention period, paper records are shredded and electronic records are permanently deleted. We review our records annually to identify and securely dispose of information that is no longer required.
9. Clients Under 18 Years of Age
We provide massage therapy services to minors only with the express written consent of a parent or legal guardian. When treating a minor client:
◆ A parent or legal guardian must complete the intake form and health history questionnaire on the minor's behalf.
◆ A parent or legal guardian must provide signed informed consent for treatment before any session begins.
◆ A parent or legal guardian may be required to be present during the session, depending on the age of the minor and the nature of the treatment.
◆ All health records for minor clients are retained as described in Section 8.
We do not knowingly collect personal information from children under 13 through our website. If we learn that we have inadvertently collected such information, we will delete it promptly.
10. Third-Party Websites and Booking Platforms
Our website may contain links to third-party websites (such as our online booking platform, social media pages, or partner organizations). This Privacy Policy applies only to our practice and our owned platforms. Third-party websites have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices or content of any third-party website or service.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or our services. When we make material changes, we will:
◆ Post the updated policy on our website with the new effective date.
◆ Notify active clients by email or a notice at the front desk.
◆ For material changes that affect how we handle health information, we may request your acknowledgment of the updated policy at your next visit.
Your continued use of our services after the effective date of any update constitutes your acceptance of the revised Privacy Policy.
12. Contact Us — Questions and Privacy Requests
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your personal information, please contact us:
Community Point 5NP & Massage, LLC
Address: [Your Street Address, City, State, ZIP]
Phone: [Your Phone Number]
Email: [privacy@communitypoint5np.com]
Website: [www.communitypoint5np.com]
We are committed to resolving any privacy concerns promptly and respectfully. If you are not satisfied with our response, California residents may file a complaint with the California Privacy Protection Agency at cppa.ca.gov. EU/UK clients may contact their national data protection supervisory authority.
13. Client Acknowledgement
By receiving services from Community Point 5NP & Massage, LLC, completing our intake forms, or using our online booking system, you acknowledge that you have read, understood, and agree to this Privacy Policy.
For your records, a copy of this policy is available at our front desk and on our website at all times. You may request a printed or electronic copy at any time.
This Privacy Policy is effective as of May 11, 2026. It was prepared in compliance with the California Consumer Privacy Act (CCPA) as amended by the CPRA (Cal. Civ. Code §§ 1798.100–1798.199.100), the GDPR (Regulation (EU) 2016/679), and applicable massage therapy professional standards. This document is for informational purposes. Please consult a licensed attorney for legal advice specific to your practice.