(707) 761-1528 Book Now
Legal

Privacy Policy

Last updated: April 1, 2026 | Effective Date: April 1, 2026

1. Introduction

Recovery Plus ("we," "us," or "our") operates the website myrecoveryplus.com and provides cryotherapy, red light therapy, compression therapy, and related wellness services at our location inside Ace gym, 1276 Callen Street, Vacaville, CA 95688. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our booking system, or receive our services.

By using our website or services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not access the website or use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide, including:

  • Account & Booking Information: Full name, email address, phone number, date of birth (optional), and mailing address when you create an account or book an appointment.
  • Payment Information: Credit/debit card details processed through Stripe or Square. We do not store full card numbers on our servers. We store only payment gateway customer IDs and transaction references for recurring billing and refund processing.
  • Health & Intake Information: Medical history, current medications, known allergies, pregnancy status, cardiovascular conditions, Raynaud’s disease status, and other health disclosures collected via our intake form to ensure safe treatment.
  • Emergency Contact: Name and phone number of an emergency contact.
  • Communications: Messages you send us via email, contact forms, or SMS, and your communication preference (email or SMS).
  • Marketing Preference: Whether you opt in to receive promotional communications.
  • Reviews & Feedback: Star ratings, review text, and your name when you submit a review of our services.
  • Event Requests: Contact name, email, phone, venue address, event details, attendee count, and budget when you request a group event or freeze party.
  • Gift Card Purchases: Purchaser name and email, recipient name, email, and phone number when purchasing a gift card.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • Device Information: IP address, browser type and version, operating system, and device identifiers.
  • Usage Data: Pages visited, time spent on pages, referring URL, click patterns, and booking flow interactions.
  • IP Address: Recorded when you submit a review, purchase a gift card, or click a referral/affiliate link. Used for fraud prevention and affiliate commission tracking.
  • User Agent: Your browser identification string, recorded when clicking referral links for attribution purposes.
  • Booking Progress: If you begin but do not complete a booking, your selected service, date, time, and form data may be saved in your browser’s local storage so you can resume later (see Section 7).

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment confirmation, transaction status, subscription renewal status, and fraud detection signals.
  • Square: Payment confirmation and transaction status (if used as payment method).
  • Geocoding Services: When calculating travel distances for service delivery, we may send addresses to Google Maps Directions API or OpenRouteService to obtain travel time estimates. These services receive the address or coordinates but not your name or other personal details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To schedule appointments, process payments, perform health screenings, manage check-ins, and provide cryotherapy and related treatments safely.
  • Communications: To send booking confirmations, appointment reminders, cancellation notices, follow-up messages, review requests, and subscription renewal notifications via your preferred channel (email or SMS).
  • Account Management: To manage your account, track session history, package balances, subscription status, store credit balance, gift card balances, and referral activity.
  • Recurring Billing: To process automatic subscription renewals, retry failed payments (up to 3 attempts), and manage trial periods.
  • Safety & Compliance: To evaluate health contraindications before treatment, maintain treatment records, and comply with applicable health and safety regulations.
  • Fraud Prevention: To detect and prevent fraudulent transactions, review spam, and referral abuse using IP address and transaction pattern analysis.
  • Improvement: To analyze internal booking analytics (revenue, utilization, booking funnel), improve our website and booking experience, and develop new services. All analytics are processed internally — we do not use third-party analytics services such as Google Analytics.
  • Marketing: To send promotional offers, new service announcements, and loyalty program updates to clients who have opted in. You may opt out at any time (see Section 6).
  • Referral Program: To track affiliate and referral activity, attribute bookings to referral sources, and calculate referral commissions.
  • Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Payment Processing: Stripe and/or Square receive payment details necessary to process your transactions. Their respective privacy policies govern their use of that data.
  • Geocoding Services: Google Maps Directions API or OpenRouteService may receive address or coordinate data for travel time calculations. No personal identifiers are sent.
  • Email/SMS Delivery: If we use a third-party email service (such as SendGrid) or SMS provider, your email address or phone number is transmitted to deliver notifications. These providers are contractually prohibited from using your data for their own purposes.
  • Service Providers: We may share information with vendors who assist with website hosting and technical maintenance — only to the extent necessary to perform their services for us.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website.

We do not share your health or intake information with any third party except as required by law or with your explicit written consent.

5. Data Retention

We retain your data according to the following schedule:

  • Account Data: Retained for as long as your account is active, plus 7 years after your last booking for clients with no recent activity.
  • Health & Intake Records: Retained for 7 years from the date of your last treatment, in accordance with California medical record retention guidelines.
  • Booking Records (Personal Information): Personally identifiable information on cancelled or no-show bookings is automatically anonymized after 2 years. Booking dates, amounts, and status are retained for financial compliance.
  • Financial & Payment Records: Transaction records retained for 7 years for tax, accounting, and regulatory compliance. These records are never automatically deleted.
  • Gift Card Records: Transaction history retained for 7 years. Gift cards themselves do not expire per California law.
  • Referral/Affiliate Data: Click tracking data (IP, user agent, landing page) retained for the duration of the affiliate relationship.
  • Reviews: Published reviews are retained indefinitely unless you request removal. Draft reviews stored in cookies expire after 30 days.
  • Internal Analytics: Aggregated, non-personal analytics data retained indefinitely. Analytics cache refreshed hourly.

Our automated data retention system runs monthly to anonymize and purge data according to these schedules. You may request earlier deletion of your data subject to our legal retention obligations (see Section 6).

6. Your Privacy Rights

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose about you.
  • Delete your personal information, subject to legal exceptions (financial records may be anonymized rather than deleted).
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. Note: We do not sell your personal information.
  • Non-discrimination for exercising your privacy rights.

6.2 Data Export

You may request a copy of all personal data we hold about you. We support the WordPress personal data export tool, which provides your account information, booking history, and associated records in a machine-readable format. To request an export, contact us at Brian.recoveryplus@outlook.com.

6.3 Data Deletion

You may request deletion of your personal data. Upon a verified request:

  • Your client record will be deleted.
  • Booking records will be anonymized (personal details removed; financial data retained for compliance).
  • Payment records will have client identifiers removed but transaction amounts and dates retained for 7 years.
  • Reviews you authored will be anonymized or removed.

To exercise any privacy right, contact us at Brian.recoveryplus@outlook.com or call (707) 761-1528. We will respond within 45 days.

6.4 Marketing Opt-Out

You may opt out of marketing communications by:

  • Clicking the "Unsubscribe" link in any promotional email.
  • Updating your communication preferences in your My Account dashboard.
  • Contacting us directly.

Opting out of marketing does not affect transactional messages (booking confirmations, reminders, cancellations, payment receipts, subscription renewal notices).

7. Cookies & Tracking Technologies

We use the following cookies and client-side storage:

7.1 Cookies

  • Referral Cookie (crb_ref): Set when you visit our site via a referral link (e.g., ?ref=CODE). Stores the referral code for 30 days to attribute your booking to the referring party. Secure flag enabled; accessible to JavaScript for booking form integration.
  • Review Draft Cookie (crb_review_draft_token): Stores your in-progress review for 30 days so you can return and complete it. HttpOnly flag enabled (not accessible to JavaScript).
  • WordPress Session Cookies: Required for login authentication and website functionality.

7.2 Browser Local Storage

  • Cart Recovery: If you begin a booking but do not complete it, your selected service, date/time, and form data are saved in your browser’s local storage. This allows you to resume your booking on your next visit. This data remains until you complete or clear the booking, or manually clear your browser storage. No server-side tracking of abandoned bookings occurs.
  • User Preferences: Selected options and form state may be temporarily stored in session storage for the duration of your browser session.

7.3 What We Do Not Use

We do not use advertising cookies, retargeting pixels, Google Analytics, Facebook Pixel, or any third-party behavioral tracking on our website. All usage analytics are processed internally on our servers.

You can manage cookies through your browser settings. Disabling cookies may prevent the referral attribution and review draft features from functioning.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • SSL/TLS encryption for all data transmitted between your browser and our servers.
  • Payment processing handled entirely by Stripe and Square (PCI DSS Level 1 certified). We never store full credit card numbers, CVVs, or magnetic stripe data.
  • Payment gateway customer IDs stored securely and used only for processing authorized transactions and refunds.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Automated data retention enforcement removing or anonymizing data per our retention schedule.
  • Regular security reviews of our website and booking systems.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Children’s Privacy

Our services are not intended for individuals under 18 years of age. Minors (ages 14–17) may receive treatment only with a parent or legal guardian present who has signed the intake and consent forms. We do not knowingly collect information from children under 14. If we become aware that a child under 14 has provided us with personal information, we will delete it promptly.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., Stripe or Square payment portals, social media profiles). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email to registered users. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise your privacy rights, or want to request a data export or deletion, contact us:

Recovery Plus
1276 Callen Street, Vacaville, CA 95688
(inside Ace gym)
Phone: (707) 761-1528
Email: Brian.recoveryplus@outlook.com

Call Book Now