Privacy Policy

Last updated: April 10, 2026

This Privacy Policy describes how Chiro Shack LLC / Aperta Health (“we,” “us,” or “our”) collects, uses, and shares information about you when you use our website, patient portal, and services. Our HIPAA Notice of Privacy Practices governs the use of your protected health information (PHI) and is available at apertahealth.com/hipaa-notice.

1. Information We Collect

Information you provide directly:

  • Name, email address, phone number, and mailing address
  • Date of birth and gender
  • Emergency contact information
  • Appointment reason and health history (when provided)
  • Payment information (processed by Stripe — we do not store card numbers)
  • Account credentials (passwords are hashed and never stored in plain text)

Information collected automatically:

  • IP address and browser/device type (for security and fraud prevention)
  • Pages visited and actions taken on our site (via server logs)
  • Session cookies required for authentication

We do not use third-party tracking pixels, Google Analytics, or advertising cookies.

2. How We Use Your Information

  • Schedule and manage your chiropractic appointments
  • Send appointment confirmations, reminders, and billing communications
  • Process membership subscriptions and visit payments via Stripe
  • Maintain your patient record and clinical history
  • Respond to your questions and support requests
  • Detect and prevent fraud, unauthorized access, and abuse
  • Comply with legal and regulatory obligations, including HIPAA

We do not sell your personal information. We do not use your information for advertising or marketing to third parties.

3. SMS Communications

We use SMS (text messaging) to send appointment reminders, care follow-ups, and direct communications from your provider. Message frequency varies. Standard message and data rates may apply.

How we obtain consent: You provide your mobile phone number when booking an appointment at chiroshack.com or in person at one of our clinics. By providing your phone number, you consent to receive SMS messages from Chiro Shack related to your care and appointments.

Opt-out: You may opt out of SMS messages at any time by replying STOP to any message. You will receive a single confirmation message and no further SMS will be sent. To re-enable SMS, reply START.

Help: Reply HELP to any message for assistance, or contact us at (208) 690-2208.

We do not share your mobile number with third parties for their marketing purposes. SMS consent is not a condition of receiving care or purchasing services.

4. How We Share Your Information

We share your information only in the following limited circumstances:

  • Service Providers: We use Stripe for payment processing, Resend for transactional email, and Twilio for SMS appointment reminders. These providers access only the information necessary to perform their services and are bound by confidentiality obligations.
  • Legal Requirements: We may disclose information when required by law, subpoena, or court order, or to protect the safety of our patients and staff.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, patient information may be transferred as part of that transaction, subject to HIPAA requirements.

5. Data Retention

We retain patient records and appointment history as required by Idaho state law and HIPAA regulations (generally a minimum of 7 years for adult patients, longer for minors). Account credentials and session data are retained while your account is active. You may request deletion of your account and non-clinical data at any time (see Section 7).

6. Data Security

We take reasonable technical and organizational measures to protect your information, including:

  • HTTPS encryption for all data in transit
  • Bcrypt password hashing
  • Account lockout after repeated failed login attempts
  • Role-based access control limiting staff access to patient data
  • HIPAA-compliant audit logging of all access to patient records

No system is completely secure. If you believe your account has been compromised, please contact us immediately at (208) 690-2208.

7. Cookies

We use only strictly necessary session cookies for authentication and security purposes. We do not use advertising, tracking, or analytics cookies. You may disable cookies in your browser, but doing so will prevent you from logging in to your patient account.

8. Your Rights

You have the right to:

  • Access a copy of the personal information we hold about you
  • Correct inaccurate or incomplete information via your profile settings
  • Delete your account and associated non-clinical personal data (clinical records are retained as required by law)
  • Opt out of non-essential SMS and email communications in your account settings
  • Request a copy of your health information under HIPAA (see our HIPAA Notice)

To exercise these rights, log in to your account at apertahealth.com/account/profile or contact us at info@apertahealth.com.

9. Children's Privacy

Our services are not directed to children under 13. For patients under 18, a parent or legal guardian must provide consent and may manage the account. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new “Last updated” date. Continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

Chiro Shack LLC / Aperta Health

Idaho Falls and Middleton, Idaho

Phone: (208) 690-2208

Email: info@apertahealth.com

Terms of ServiceHIPAA Notice of Privacy Practices