Skip to main content

Cookie Policy
Cookie Policy:

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities…

Necessary Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

Privacy Policy

This Privacy Notice applies to Well Clinic San Francisco (usually referred to just as “us”, “our”, “we” or something similar) web site. By using our web site, you consent to the data practices in this notice.

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there. We may collect personal information such as your name, email address, home or work phone number or other information you provide us. We use this information to answer questions you may ask us, deliver services to you that you request, and send you updates and communicate with you when you ask us to. We may also collect information about your computer hardware and software, such as your IP address, browser type, comain names, access times and referring web site address. We use this information to operate our service, maintain our quality of service, and provide general statistics regarding use of our website. Of the data we collect through our website (which we will talk about in more detail below), we do not collect or process what are called “special categories” of data that may risk your rights and freedoms. For example, through our website, we do not collect any characteristics of protected classifications including age, race or ethnic origin, religion or philosophical beliefs, sexual orientation, political opinions, trade union memberships, biometric data used to identify an individual, data related to sexual orientation, sexual preferences, sex life, gender, or data related to gender identity or expression. You may provide us health-related information through our website in a form you can fill out, called “personal health information” (“PHI” for short), which is discussed in our HIPAA Policy, below.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of your data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.
Our privacy policy is structured as follows:

I. Information about us
II. The data we collect, how we use it, and the rights you have regarding our use of your data
III. Information about the data processing

I. Information about us and your data

The party responsible for this website for purposes of data protection is:
Well Clinic San Francisco
383 Rhode Island St. Suite 201
San Francisco, CA

II. The data we collect, how we use it, and the rights you have regarding our use of your data.

It should not surprise you we collect any information you enter on our site, send us through email, or that you give us in any other way. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect this information about you. When you visit a website, you disclose certain information, such as your Internet Protocol (IP) address and the time of your visit. This site, like many other sites, records this basic information about visits to our site through Google Analytics, but we reasonably anonymize IP addresses by blocking part of your IP address so that it cannot be reasonably connected to you or used to identify you. We will talk more about this later. We encourage you to review the privacy policies of the websites you visit, as we cannot control the information third parties gather about you, including the websites your visit before you visit our website or websites you may visit after you visit our website.

We collect two types of information about you. The first type of information we collect is information by which you may be personally identified and you voluntarily provide to us, such name and email address. If you have other requests of us, such as telling us how we can help when you fill in our website Contact Us form or reporting a problem with our website, you may choose to provide us information such as your name, postal address, email address, or any other identifier by which you may be contacted by us online or offline (“personally identifiable information”). We may keep a copy of your correspondence (including your email address) if you write us. This includes any social media posts you may make on our social media sites (such as Facebook or LinkedIn) so we can keep track of who submitted what and are able to contact you if we need to regarding your submission.

The second type of information we may collect is information that is about you individually but does not by itself identify you (“non-personal information”). This type of information is generally collected automatically as you navigate through a website, and could include such information as IP addresses, which URL you came from, browsing patterns and actions, location data, zip code, operating system of your computer, browser type and information collected through cookies, flash cookies, web beacons, logs and other tracking technologies that helps us continually improve our services to you, but when you use our website we reasonably anonymize and aggregate this information, so it cannot be used to reasonably identify you.

The information we collect is used for administering our business activities and fulfilling any other purpose for which you provide it and consent. If you are in the EU, UK or Switzerland, or any other country, this data is transferred out of the country you accessed our website with your consent. You have explicitly consented to us transferring your first and last name, email, and any other information you provide to us to California, United States, in order for us to perform services for you and your requests of us to do so as well as to our processors, sub processors and third-party vendors, who are also located in the United States or Canada. If you do not fill out contact forms or send us your information with your explicit consent, we do not collect your information. We may use your information: to carry out our obligations and enforce our rights for contracts entered into between you and us; to prevent fraud; to protect the rights and/or life of an individual; to protect our rights or prevent misuse of our website, property or services; to notify you about changes to our website, new services, or special offers; to recognize you when you return to our Site and remember your preferences; and, when you ask us to use your information for business activities administered by third parties, such as releasing your address information to the delivery service to deliver products/services that you ordered or provide order information to third parties that help us provide customer service.

With regard to the data processing to be described in more detail below, users and data subjects have several rights and obligations that you should be aware of. It is important that you keep your personally identifiable information up to date. We may give you notice of certain changes and updates by sending you a notice, including to the email address you provided us. It is therefore important you acknowledge and agree that it is your responsibility to maintain a valid e-mail address as a user, review this site, our Terms of Use, our cookie policy, this privacy policy, and our other policies periodically and to be aware of any changes, updates, modifications, additions or deletions. Your continued use of the site after such changes will constitute your acknowledgment of the modified privacy policy and agreement to abide and be bound by the modified privacy policy.

Your personal data is yours and you have rights over it, including but not limited to:
• the right to be informed about the collection and use of your personal data;
• the right of access to your personal data and any supplementary information;
• the right to have any errors in your personal data rectified;
• the right to have your personal data erased (“right to be forgotten”);
• the right to block or suppress the processing of your personal data;
• the right to move, copy or transfer your personal data from one IT environment to another;
• the right to withdraw your consent of our processing of your personal and data;
• the right to file a complaint with your local supervisory authority;
• the right to object to processing of your personal data in certain circumstances;
• the right to non-discrimination for the same prices and service as those who have and have not exercised their privacy rights (although, as mentioned above, exercising rights such as the right to be forgotten, may prevent you from using our services and certain aspects of our website); and,
• rights related to automated decision-making (i.e. where no humans are involved) and profiling (i.e. where certain personal data is processed to evaluate an individual).

However, after saying all of that, please know there are exceptions to these rights, many examples of which we have listed in this policy.

California residents have the right to request specific disclosures about our privacy practices, including telling you about the information we share with third parties for marketing purposes and the rights listed above (such as the right to non-discrimination). To make such a request, please contact us at the addresses below.

We do not process or respond to “Do Not Track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our site or who use our services.

III. Information about the data processing

You can request access to all your personally identifiable information and manage your data, including your withdrawal of consent, by sending an e-mail to us. We may not accommodate a request to change information if we believe the change would violate a law or cause the information to be incorrect. Please note that the personally identifiable information and non-personal information that we maintain will be deleted or anonymized after we determine there is no longer any reason to process your information or otherwise fulfill our contractual obligations to you, whichever is more appropriate. While we do not hold personal data any longer than we need to, the duration will depend on your relationship with us. Also, if you request us to delete your information, you should realize that that deleting personal information may affect our ability to deliver services or may result in deleting your account completely.

Depending on which of our services you use, more than one company may be the controller of your personal data in our processors and sub-processors, discussed below. We will not disclose any personally identifiable information to any third party without first receiving your permission, which includes our processors and sub-processors and third-party vendors, below. We do not sell, trade, or rent your personally identifiable information to others.

The importance of security of your personally identifiable information is also very important to us. We have implemented measures designed to secure your personally identifiable information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, we use security software to protect the confidentiality of your personally identifiable information. We use a Secure Socket Layer/Transport Layer Security technology when information is submitted to us on line. We do not store any of your personal data at our location, but instead use secure cloud storage. However, please know that when we access your personally identifiable information from our computers, it is protected in several ways with firewalls, data encryption, physical security for our buildings, files and information contained therein and other current industry standards. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information. Our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorized persons. Non-personal information that you provide or that we collect also resides on a secure server in our processor and sub processor and cloud infrastructure mentioned above and is only accessible via password. We also use old fashioned lock and key with locking office doors, locking desks, building security systems, and other physical security measures.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website or other service.

You can read more about the protections and treatment of your PHI below in the HIPAA data part of our privacy notices.

Children and our websites

This website does not provide services or sell products to children under the age of 18. If you are under the age of 18 years old, please do not enter any information into this site and do not use this site. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you are aware of any information we may have collected from a child under 18 years of age, please let us know so that we can delete that information.


a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address. This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function. When you close your browser, these session cookies are deleted.

b) Third-party cookies
If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website. Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies
You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). The Google Analytics service is used to analyze how our website is used. Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address before it is transmitted to us. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general. Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at: including options you can exercise to prevent such use of your data. In addition, Google offers an opt-out add-on at: in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.


Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA. By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above. In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use and the Terms and Conditions for Google Maps. Google also offers further information at and

Google Fonts

Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.
Google offers detailed information at: and in particular on options for preventing the use of data.

Facebook plug-in

Our website uses the plug-in of the Facebook social network. is a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is also operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook.” Further information about the possible plug-ins and their respective functions is available from Facebook at

If the plug-in is stored on one of the pages you visit on our website, your browser will download an icon for the plug-in from Facebook’s servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website will also be recorded. If you are logged in to Facebook while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by Facebook. The information collected may then be assigned to your personal account at Facebook. If, for example, you use the Facebook Like button, this information will be stored in your Facebook account and published on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your browser to prevent the Facebook plug-in from loading. Further information about the collection and use of data as well as your rights and protection options in Facebook’s privacy policy found at


By using our website and choosing to opt-in to our collection of your data, you consent to the collection and use of your personally identifiable information and non-personal information as described in this privacy policy and we assume we have your express permission and consent to use transfer your personally identifiable information and non-personal information as detailed herein.

Changes to our Privacy Notices

If our privacy policy or procedures change, we will immediately post those changes to our website. Any such changes will be effective immediately upon being posted, unless otherwise stated in the change. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy. The date the privacy policy was last revised is identified below. We may notify you of changes to this privacy policy, but you are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this privacy policy to check for any changes.
Privacy Policies and Data Collection from Third Party Websites.
Except as described in this privacy policy, this document only addresses the use and disclosure of information that we collect from you. Although we strongly urge third parties to comply with our standards of protecting your data, please consult each website’s privacy policy and terms of use regarding their policies and data collection, as we are not responsible for the practices or policies of third parties and cannot control their collection of information.

Effective Date

This update to our privacy policy is effective as of October 1, 2020.
If you have any questions about this privacy policy, the practices of this site, or your dealings with this site, please contact us by sending a letter to:

Greg Goodman
Well Clinic of San Francisco
100 Bush Street, Suite 508
San Francisco, CA 94110
[email protected]

Protecting your private information is of paramount importance to us

All Web site content and submission forms are hosted on a HIPAA compliant server to protect your personal information.
By using this site, you agree to this NOTICE of PRIVACY PRACTICES.


I am legally required to protect the privacy of your PHI, which includes information that can be used to identify you that I’ve created or received about your past, present, or future health or condition, the provision of health care to you, or the payment of this health care. I must provide you with this Notice about my privacy practices, and such Notice must explain how, when, and why I will “use” and “disclose” your PHI.

A “use” of PHI occurs when I share, examine, utilize, apply, or analyze such information within my practice; PHI is “disclosed” when it is released, transferred, has been given to, or is otherwise divulged to a third party outside of my practice. With some exceptions, I may not use or disclose any more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made. And, I am legally required to follow the privacy practices described in this Notice.

However, I reserve the right to change the terms of this Notice and my privacy policies at any time. Any changes will apply to PHI on file with me already. Before I make any important changes to my policies, I will promptly change this Notice and post a new copy of it in my office and on my website. You can also request a copy of this Notice from me, or you can view a copy of it in my office.


I will use and disclose your PHI for many different reasons. For some of these uses or disclosures, I will need your prior written authorization; for others, however, I do not. Listed below are the different categories of my uses and disclosures along with some examples of each category.

1. Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I can use and disclose your PHI without your consent for the following reasons:

1. For Treatment. I can use your PHI within my practice to provide you with mental health treatment, including discussing or sharing your PHI with my supervisor. I can disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health care providers who provide you with health care services or are involved in your care. For example, if a psychiatrist is treating you, I can disclose your PHI to your psychiatrist to coordinate your care.

2. To Obtain Payment for Treatment. I can use and disclose your PHI to bill and collect payment for the treatment and services provided by me to you. For example, I might send your PHI to your insurance company or health plan to get paid for the health care services that I have provided to you. I may also provide your PHI to my business associates, such as billing companies, claims processing companies, and others that process my health care claims.

3. For Health Care Operations. I can use and disclose your PHI to operate my practice. For example, I might use your PHI to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided such services to you. I may also provide your PHI to my accountant, attorney, consultants, or others to further my health care operations.

4. Patient Incapacitation or Emergency. I may also disclose your PHI to others with-out your consent if you are incapacitated or if an emergency exists. For example, your consent isn’t required if you need emergency treatment, as long as I try to get your consent after treatment is rendered, or if I try to get your consent but you are unable to communicate with me (for example, if you are unconscious or in severe pain) and I think that you would consent to such treatment if you were able to do so.

2. Certain Other Uses and Disclosures Also Do Not Require Your Consent or Authorization. I can use and disclose your PHI without your consent or authorization for the following reasons:

1. When federal, state, or local laws require disclosure. For example, I may have to make a disclosure to applicable governmental officials when a law requires me to report information to government agencies and law enforcement personnel about victims of abuse or neglect.

2. When judicial or administrative proceedings require disclosure. For example, if you are involved in a lawsuit or a claim for workers’ compensation benefits, I may have to use or disclose your PHI in response to a court or administrative order. I may also have to use or disclose your PHI in response to a subpoena.

3. When law enforcement requires disclosure. For example, I may have to use or disclose your PHI in response to a search warrant.

4. When public health activities require disclosure. For example, I may have to use or disclose your PHI to report to a government official an adverse reaction that you have to a medication.

5. When health oversight activities require disclosure. For example, I may have to provide information to assist the government in conducting an investigation or inspection of a health care provider or organization.

6. To avert a serious threat to health or safety. For example, I may have to use or disclose your PHI to avert a serious threat to the health or safety of others. However, any such disclosures will only be made to someone able to prevent the threatened harm from occurring.

7. For specialized government functions. If you are in the military, I may have to use or disclose your PHI for national security purposes, including protecting the President of the United States or conducting intelligence operations.

8. To remind you about appointments and to inform you of health-related benefits or services. For example, I may have to use or disclose your PHI to remind you about your appointments, or to give you information about treatment alternatives, other health care services, or other health care benefits that I offer that may be of interest to you.

3. Certain Uses and Disclosures Require You to Have the Opportunity to Object.

1. Disclosures to Family, Friends, or Others. I may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.

4. Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in sections III A, B, and C above, I will need your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke such authorization in writing to stop any future uses and disclosures (to the extent that I haven’t taken any action in reliance on such authorization) of your PHI by me.

You have the following rights with respect to your PHI:

1. The Right to Request Restrictions on My Uses and Disclosures. You have the right to request restrictions or limitations on my uses or disclosures of your PHI to carry out my treatment, payment, or health care operations. You also have the right to request that I restrict or limit disclosures of your PHI to family members or friends or others involved in your care or who are financially responsible for your care. Please submit such requests to me in writing. I will consider your requests, but I am not legally required to accept them. If I do accept your requests, I will put them in writing and I will abide by them, except in emergency situations. However, be advised, that you may not limit the uses and disclosures that I am legally required to make.

2. The Right to Choose How I Send PHI to You. You have the right to request that I send confidential information to you to at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, e-mail instead of regular mail). I must agree to your request so long as it is reasonable and you specify how or where you wish to be contacted, and, when appropriate, you provide me with information as to how payment for such alternate communications will be handled. I may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis.

3. The Right to Inspect and Copy of Your PHI. In most cases, you have the right to inspect and copy the PHI that I that I have on you, but you must make the request to inspect and copy such information in writing. If I don’t have your PHI but I know who does, I will tell you how to get it. I will respond to your request within 30 days of receiving your written request. In certain situations, I may deny your request. If I do, I will tell you, in writing, my reasons for the denial and explain your right to have my denial reviewed. If you request copies of your PHI, I will charge you not more than $.25 for each page. Instead of providing the PHI you requested, I may provide you with a summary or explanation of the PHI as long as you agree to that and to the cost in advance.

4. The Right to Receive a List of the Disclosures I Have Made. You have the right to receive a list of instances, i.e., an Accounting of Disclosures, in which I have disclosed your PHI. The list will not include disclosures made for my treatment, payment, or health care operations; disclosures made to you; disclosures you authorized; disclosures incident to a use or disclosure permitted or required by the federal privacy rule; disclosures made for national security or intelligence; disclosures made to correctional institutions or law enforcement personnel; or, disclosures made before April 14, 2003.I will respond to your request for an Accounting of Disclosures within 60 days of receiving such request. The list I will give you will include disclosures made in the last six years unless you request a shorter time. The list will include the date the disclosure was made, to whom the PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no charge, but if you make more than one request in the same year, I may charge you a reasonable, cost-based fee for each additional request.

5. The Right to Amend Your PHI. If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that I correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. I will respond within 60 days of receiving your request to correct or update your PHI. I may deny your request in writing if the PHI is (i) correct and complete, (ii) not created by me, (iii) not allowed to be disclosed, or (iv) not part of my records.My written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and my denial be attached to all future disclosures of your PHI. If I approve your request, I will make the change to your PHI, tell you that I have done it, and tell others that need to know about the change to your PHI.

6. The Right to Receive a Paper Copy of this Notice. You have the right to receive a paper copy of this notice even if you have agreed to receive it via e-mail.

f you think that I may have violated your privacy rights, or you disagree with a decision I made about access to your PHI, you may file a complaint with the person listed in Section Vl below. You also may send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Avenue S.W., Washington, D.C. 20201. I will take no retaliatory action against you if you file a complaint about my privacy practices.

If you have any questions about this notice or any complaints about my privacy practices, or would like to know how to file a complaint with the Secretary of the Department of Health and Human Services, please contact me at: (415) 857-2160.

This notice went into effect on August 19th, 2013.

New HIPAA (health insurance portability and accountability act) privacy standards were created to protect patients’ health information when it is disclosed but also to facilitate the flow of medical information between providers. With other medical providers and for safety or security reasons, there is less protection


Send us a text! We're here on weekdays from 9am - 9pm.