Privacy Policy

Last updated: November 4, 2025

Cooke Consulting, LLC and Kevin Cooke, MD (“Company,” “we,” “us,” or “our”) respect your privacy and are committed to protecting personal information. This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect information we obtain from and about individuals who:

  • visit or use our websites, including KevinCookeMD.com and any related microsites, portals, or pages (the “Site”);

  • subscribe to newsletters or membership content;

  • engage our consulting or concierge services;

  • participate in telemedicine/telehealth encounters through our authorized platforms; and

  • otherwise interact with us online or offline (collectively, the “Services”).

This Policy applies to information collected through the Services. Use of the Site is also subject to our Terms of Use.If you do not agree with this Policy, please do not use the Services.

1) Important Information & Scope

  • We may update this Policy periodically. When we do, we’ll revise the “Last updated” date above. Your continued use of the Services after changes means you accept the updated Policy.

  • Please keep your contact details current so we can maintain accurate records.

  • HIPAA/NPP: When we create or receive Protected Health Information (PHI) in the course of providing clinical care (including telemedicine), those activities are governed by our HIPAA Notice of Privacy Practices (NPP), not this Policy. This Policy covers non-PHI website/marketing interactions. If there is a conflict between this Policy and the NPP regarding PHI, the NPP controls.

2) No Medical Advice; No Automatic Doctor-Patient Relationship

Using the Site, receiving newsletters, or following our social channels does not establish a doctor-patient relationship. Content is educational and general in nature. Always consult your own clinician for medical advice.

3) Information We Collect

A) Personal Information You Provide

Personal information” means data that identifies or is reasonably linkable to an individual. We may collect:

  • Contact data: name, email, phone, mailing/billing address.

  • Account data: usernames, passwords, profile details, preferences.

  • Transactional data: purchased services, dates, amounts, refund/cancellation data.

  • Payment data: card/financial details processed via PCI-compliant processors (we do not store full card numbers).

  • Membership/portal data: content accessed, subscription tier, renewal status.

  • Marketing data: newsletter opt-ins, communication preferences, campaign engagement.

  • Communications: emails, support messages, intake forms, survey responses.

B) Automatically Collected Data

We and our partners use cookies, pixels, SDKs, and similar technologies to collect:

  • Device & usage data: IP address, device identifiers, browser type, operating system, pages viewed, time on site, links clicked, referring/exit pages, approximate location (via IP), and session diagnostics.

  • Analytics: We may use tools like Google Analytics to measure and improve performance.

You can learn more about cookies at allaboutcookies.org. You may manage cookies via your browser settings; disabling some cookies may limit site functionality.

C) Social Media & Other Sources

If you engage with us on social platforms, we may receive your handle, profile information, posts, messages, and engagement data consistent with your platform settings. We may also receive leads or updated contact information from service providers, partners, or publicly available sources.

4) How We Use Personal Information

We (and service providers acting on our behalf) use information to:

  • Provide Services: operate the Site, deliver membership content, schedule visits, and provide telemedicine/consulting.

  • Communicate: respond to inquiries, send administrative notices, and deliver newsletters you request.

  • Process transactions: billing, payments, receipts, fraud prevention.

  • Personalize & improve: analyze usage, debug issues, enhance user experience, and develop new features.

  • Marketing (law-permitting): send updates, promotions, and event information; manage preferences and measure performance.

  • Security & compliance: detect/prevent fraud and abuse; enforce our Terms; comply with law and respond to lawful requests.

  • Business operations: audits, reporting, and potential corporate transactions (e.g., merger, asset sale).

We may aggregate or de-identify data for analytics or research; such data is not considered personal information.

5) Marketing Preferences

Where permitted, we may send you marketing communications. You can unsubscribe via the link in any marketing email or by contacting us (see “Contact Us”). Even if you opt out of marketing, we may still send transactional or service messages (e.g., receipts, appointment reminders, policy updates).

6) When We Disclose Information

We may disclose information to:

  • Service providers (IT hosting, EHR/telemedicine platforms, email/SMS delivery, analytics, payment processors, customer support) under contracts restricting further use.

  • Marketing & analytics vendors (newsletter platforms, ad networks, audience tools) to help us reach users and measure results.

  • Professional advisors (lawyers, accountants, auditors).

  • Authorities (if required by law, subpoena, court order, or to protect rights, safety, or security).

  • Transacting parties in a corporate transaction (merger, asset sale) subject to confidentiality.

  • Others with your direction or where disclosed at collection.

We do not disclose PHI for marketing without appropriate authorization as required by HIPAA.

7) Cookies, Analytics, and Ads

  • We use first- and third-party cookies/pixels to keep you logged in, remember preferences, measure traffic, and deliver/measure ads.

  • You may control browser cookies and mobile ad IDs in your device settings.

  • Google provides an Analytics Opt-Out Add-On. Other vendors may offer their own opt-outs. Some opt-outs are browser- or device-specific.

8) Your Choices

  • Email marketing: unsubscribe via the link in any marketing email.

  • Cookies: control through browser/device settings; some features may not work if disabled.

  • Analytics/ads: use vendor opt-outs and industry tools where available.

  • Declining to provide data: certain features may be unavailable if you choose not to provide requested information.

Do Not Track: our Site does not respond to browser “DNT” signals. California residents—see “Global Privacy Control” below.

9) U.S. State Privacy Notices

A) California (CCPA/CPRA) — Your Rights

If you are a California resident, you may have the right to:

  • Know/Access: request details about the categories and specific pieces of personal information we collected, the sources, purposes, and categories of third parties to whom data was disclosed.

  • Delete: request deletion of personal information (subject to legal exceptions).

  • Correct: request correction of inaccurate personal information.

  • Opt-out of “sharing” for cross-context behavioral advertising and of the sale of personal information (we do not sell personal information for money).

  • Limit use of sensitive personal information (we do not use “sensitive” personal info to infer characteristics).

How to submit requests: Email privacy@KevinCookeMD.com with subject “CCPA Request” and include your name, email, mailing address, phone, and the nature of your request. We will verify your identity and respond as required by law. You may designate an authorized agent to act on your behalf.

Opt-Out of Sharing / Targeted Ads:

Use our “Do Not Sell or Share My Personal Information” link (place this link in your footer) or email privacy@KevinCookeMD.com with subject “Do Not Sell/Share.”

Global Privacy Control (GPC): Where technically feasible and configured, we honor GPC signals as an opt-out of “sharing” under California law.

We will not discriminate against you for exercising CCPA/CPRA rights.

B) Virginia (VCDPA) and Similar State Laws

Residents of Virginia (and, where applicable, Colorado, Connecticut, Utah, etc.) may have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising. Submit requests to privacy@KevinCookeMD.com with subject “State Privacy Request.” If we deny a request, you may appeal by emailing privacy@KevinCookeMD.com with subject “Appeal,” and we will respond within required timelines.

C) Nevada

We do not “sell” covered information as defined by Nevada law. Nevada residents may submit sale-opt-out inquiries to privacy@KevinCookeMD.com.

10) GDPR/UK/Swiss Notices (EEA, UK, Switzerland)

Where the GDPR/UK GDPR/Swiss FADP apply:

  • Controller: Cooke Consulting, LLC / Kevin Cooke, MD.

  • Purposes & Legal Bases: We process personal data for contract performance, legitimate interests (e.g., site operation, security, analytics, marketing to existing users), consent (where required), legal obligations, and vital interests in rare cases.

  • Transfers: If we transfer personal data to countries without an adequacy decision (e.g., U.S.), we implement appropriate safeguards (e.g., Standard Contractual Clauses) and supplementary measures, as needed.

  • Your Rights: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (where processing is based on consent). To exercise rights, email privacy@KevinCookeMD.com. You may lodge a complaint with your local supervisory authority.

11) Telemedicine, PHI & HIPAA

When you engage in a telemedicine encounter or receive clinical services, we may collect PHI such as medical history, exam notes, images, and treatment data. Those activities are governed by HIPAA and our Notice of Privacy Practices (NPP). We use HIPAA-compliant systems and Business Associate Agreements, as applicable. Do nottransmit emergency or highly sensitive clinical information through general website forms or email.

12) Children’s Privacy

The Services are not directed to children under 16. We do not knowingly collect personal information from children under 16 without appropriate consent. If you believe a child has provided personal information to us, contact privacy@KevinCookeMD.com and we will take appropriate action.

13) Security

We employ reasonable administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is 100% secure. You use the Services at your own risk and remain responsible for keeping passwords and devices secure.

14) Data Retention

We retain personal information for as long as necessary to: (a) fulfill the purposes outlined in this Policy; (b) comply with legal, tax, and regulatory requirements; (c) resolve disputes; and (d) enforce agreements. Retention periods vary by data category and context.

15) Third-Party Links & Services

The Site may link to or integrate with third-party sites, apps, labs, pharmacies, supplement providers, or platforms. We are not responsible for their privacy practices or content. Review their policies before transacting.

16) International Users

We operate in the United States. If you access the Services from outside the U.S., you understand your data may be processed in the U.S. (and elsewhere) where laws may differ from those in your country.

17) How to Exercise Your Rights

To exercise privacy rights or raise questions:

  • Email: kevin@KevinCookeMD.com (general privacy)

  • CCPA/State requests: privacy@KevinCookeMD.com (subject: “CCPA Request” or “State Privacy Request”)

  • Appeals (where applicable): privacy@KevinCookeMD.com (subject: “Appeal”)

We will verify your identity as required by law and respond within applicable timelines. We may deny requests subject to legal exceptions and will explain our reasoning.

18) Contact Us

Cooke Consulting, LLC / Kevin Cooke, MD

Attn: Privacy/Legal

1040 Sadler Oaks Dr

Winter Garden, FL 34787

Email: kevin@KevinCookeMD.com (privacy) | kevin@KevinCookeMD.com (legal)

19) State-Specific Opt-Out Links (Add to Footer)

  • Do Not Sell or Share My Personal Information (link to your opt-out page or form)

  • Cookie Preferences (link to your cookie banner/preferences center)