1. Who we are
This Privacy Policy applies to websites, podcasts, applications, and related services operated under the CFP Weight Loss brand, including but not limited to:
- podcast.cfpweightloss.com — CFP Weight Loss Podcast
- coaching.cfpweightloss.com — 30-Week Metabolic Reset coaching
- Related CFP Weight Loss content properties (for example blog, ask, and administrative tools) when they link to this policy
References to “CFP Weight Loss,” “we,” “us,” or “our” mean the coaching and media practice associated with Russell Clark, FNP-C, APRN and Anne-Marie Clark, NASM CNC, and their authorized team members and service providers acting on our behalf.
2. Scope of this policy
This policy describes how we handle personal information when you:
- Visit our websites or listen to our podcast
- Submit forms, applications, or contact requests
- Apply for or participate in coaching programs
- Receive emails, SMS (if opted in), or other communications from us
- Purchase books or products via third-party storefronts we link to (e.g., Amazon)
This policy does not govern third-party websites we link to (including Amazon, social networks, or other independent sites). Their privacy practices are controlled by their own policies.
Important: Our websites and podcast provide educational content and coaching information. They are not a substitute for personalized medical advice, diagnosis, or treatment from a qualified clinician for your specific situation.
3. Information we collect
3.1 Information you provide
Depending on how you interact with us, you may provide:
- Identity & contact data — name, email address, phone number, mailing address if needed
- Coaching application data — goals, health history you choose to share, readiness, program interest, lifestyle context, and related questionnaire responses
- Communication content — messages, emails, support requests, strategy-call notes, and feedback
- Account or admin credentials — if you are granted access to internal tools (e.g., staff Super Admin access via magic link)
- Marketing preferences — opt-in/opt-out choices for email or SMS where applicable
3.2 Information collected automatically
- Technical data — IP address, browser type, device type, operating system, referring URLs, pages viewed, timestamps
- Podcast/server logs — access logs for websites, RSS feed requests, and static asset delivery needed for hosting, security, and reliability
- Cookies / local storage — as described in the Cookies section
3.3 Information from third parties
We may receive limited information from:
- Payment or commerce partners if you buy related products elsewhere (we typically do not receive full payment card data when you buy on Amazon)
- Email and messaging providers (delivery status, bounces, unsubscribes)
- Analytics or infrastructure providers that help us operate our sites securely
4. How we use information
We use personal information to:
- Operate, maintain, and improve our websites, podcast, and related tools
- Respond to inquiries and schedule strategy conversations
- Evaluate coaching applications and communicate about program fit and enrollment
- Deliver coaching services and related accountability communications when you enroll
- Send service-related notices (e.g., confirmations, important program updates)
- Send educational or promotional messages only where permitted and consistent with your choices
- Protect security, prevent fraud/abuse, and troubleshoot technical issues
- Comply with legal obligations and enforce our terms
- Produce internal operations metrics (for example, whether systems are healthy) without selling personal data
We do not sell your personal information. We do not rent email lists.
5. Health information & HIPAA
Depending on the specific service and legal relationship, certain information you share may be considered protected health information (PHI) under the U.S. Health Insurance Portability and Accountability Act (HIPAA) and related rules when handled by a covered entity or business associate. In other contexts (for example, general website marketing inquiries or educational podcast interactions), information may not be PHI under HIPAA even if it is health-related.
Where HIPAA applies to a clinical relationship or covered services, we (or the licensed provider responsible for care) maintain appropriate administrative, technical, and physical safeguards, and use and disclose PHI only as permitted by law, for treatment, payment, and health-care operations, or with your authorization when required.
For coaching and website interactions that are not HIPAA-covered medical services:
- We still limit access to personal and health-related details to people who need them to serve you
- We use reputable vendors under contracts or terms that restrict misuse
- We ask you not to send highly sensitive medical records by unsecured email unless necessary and you understand the risks
Optional medical support pathways (for example, medication or lab-related care when clinically appropriate) are provided only by licensed clinicians after proper consultation and qualification. Those clinical relationships may be governed by separate notices of privacy practices from the treating provider.
If you believe you need a formal HIPAA Notice of Privacy Practices for a specific clinical relationship, contact us and we will direct you to the appropriate notice for that provider relationship.
6. How we share information
We may share personal information with:
- Service providers / processors who help us host websites, send email, store files, process forms, generate audio, or operate our tools — only as needed to perform services for us
- Coaching team members (for example, Russell and Anne-Marie and authorized support staff) for program delivery
- Licensed clinical partners when you pursue optional medical pathways and such sharing is necessary and appropriate
- Professional advisors (legal, accounting) under confidentiality obligations when needed
- Authorities when required by law, court order, or to protect rights, safety, and security
- Business transfers — if we reorganize or transfer assets, information may transfer as part of that transaction subject to this policy or successor notice
We do not share personal information with third parties for their independent marketing without your direction or a lawful basis.
7. Third-party services
We use carefully selected technology partners. Their processing is governed by their own privacy policies and our agreements with them. Examples include:
- Hosting & CDN — website and asset hosting (including Microsoft IIS on our servers and/or Cloudflare infrastructure such as R2 object storage for podcast media and assets)
- Cloudflare R2 — storage and delivery of podcast audio files and related media
- ElevenLabs — text-to-speech / voice technology used in podcast production workflows
- Neon (PostgreSQL) — managed database services for operational data (e.g., automation and admin systems)
- Google — email delivery/authentication (e.g., Gmail/Google Workspace OAuth for transactional or notification email) and possibly fonts or other Google-hosted resources
- Buffer or similar social scheduling tools when used for content distribution (typically content, not your private coaching data)
- Amazon — book purchases occur on Amazon’s platform under Amazon’s privacy policy
- Analytics / communications tools — as configured from time to time to measure site performance or deliver messages
- Payment or CRM platforms — if used for applications, scheduling, or billing (only as needed for those workflows)
We encourage you to review the privacy documentation of these providers. We select vendors with industry-standard security practices and limit the data we send them to what is reasonably necessary.
8. Cookies & tracking
We and our providers may use:
- Essential cookies / local storage — session management, security, load balancing, remembering basic preferences
- Functional cookies — improving site experience
- Analytics technologies — understanding aggregate traffic and content performance (where enabled)
You can control cookies through your browser settings. Blocking some cookies may affect site functionality (for example, staying signed in to an admin area).
We do not use our podcast RSS feed itself as a cross-site advertising tracker. Podcast apps that subscribe to our feed may collect their own listening analytics under their policies.
9. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, which may include access controls, encrypted transport (HTTPS/TLS) where supported, least-privilege practices for staff tools, and monitoring of systems we operate.
No method of transmission or storage is 100% secure. If we learn of a breach that requires notification under applicable law, we will provide notice as required.
10. Data retention
We retain personal information only as long as reasonably necessary for the purposes described in this policy, including to provide services, maintain business and tax records, resolve disputes, and meet legal obligations. Retention periods vary by data type (for example, coaching records may be kept longer than routine web server logs).
When information is no longer needed, we take reasonable steps to delete, de-identify, or securely archive it according to our practices and legal requirements.
11. Your rights & choices
Subject to applicable law, you may have the right to:
- Access personal information we hold about you
- Correct inaccurate or incomplete information
- Delete certain information (with legal or operational exceptions)
- Opt out of marketing emails (unsubscribe link or contact us)
- Opt out of SMS where used (follow message instructions, e.g., STOP)
- Withdraw consent where processing is based on consent
- Object to or restrict certain processing, where applicable
To exercise these rights, contact rustyace@cfpweightloss.com or call 615-489-4816. We may need to verify your identity before fulfilling a request. Some requests may be limited by law (for example, we may retain records required for legal compliance or legitimate business needs).
If you are a California resident (or resident of another state with comprehensive privacy laws), you may have additional rights regarding sale/share of data, sensitive information, and non-discrimination for exercising rights. We do not sell personal information as “sell” is commonly defined under those laws. Contact us for state-specific requests.
12. Children’s privacy
Our websites, podcast, and coaching services are intended for adults. We do not knowingly collect personal information from children under 13 (or under 16 where that is the relevant age under local law). If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.
13. International visitors
We primarily operate in the United States. If you access our services from outside the U.S., your information may be processed in the United States and other countries where our providers operate. Those countries may have different data-protection laws than your home jurisdiction. By using our services, you understand this transfer may occur. Where required, we use appropriate safeguards with vendors.
14. Changes to this policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we do, we will revise the Last updated date at the top of this page. Material changes may be highlighted on our websites or communicated by email when appropriate. Continued use of our services after an update constitutes acceptance of the revised policy to the extent permitted by law.
15. Contact us
For privacy questions, requests to access/correct/delete information, or concerns about this policy, contact:
CFP Weight Loss
Russell Clark, FNP-C, APRN · Anne-Marie Clark, NASM CNC
Email: rustyace@cfpweightloss.com
Phone: 615-489-4816
This Privacy Policy is provided for transparency and general compliance orientation. It is not legal advice. Laws vary by jurisdiction and change over time. For clinical relationships that are HIPAA-covered, a separate Notice of Privacy Practices from the treating provider may also apply. If you need counsel on your specific situation, consult a qualified attorney or compliance professional.