Privacy policy.

Effective Date: October 27, 2025

The Iris Center (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you interact with our website, forms, email communications, and donation or beneficiary systems.

By using our site or submitting information, you agree to the terms of this policy.

Scope of This Policy

This Privacy Policy applies only to information collected through our website and related online tools (such as forms, newsletters, and payment systems).

It does not apply to medical or patient information collected and stored through The Iris Center’s internal clinical systems, which are governed by federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA and Patient Information

As a healthcare provider, The Iris Center follows strict standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to protect the privacy and security of your Protected Health Information (PHI).

  • PHI refers to identifiable health information such as medical history, treatment details, insurance information, and other data shared as part of your care.

  • PHI is not collected through this website. It is stored and protected in secure, HIPAA-compliant systems used internally by The Iris Center’s care team.

  • Access to PHI is limited to authorized medical personnel and administrative staff who require it for care delivery, billing, or clinic operations.

  • These systems use encryption, authentication, and audit controls to prevent unauthorized access or disclosure.

If you are a patient, you will receive or may request a Notice of Privacy Practices that specifically describes how medical information is handled under HIPAA.

Information We Collect Through the Website

The information collected through this website is limited to non-medical data, such as:

  • Contact details: your name, email address, or phone number when you sign up for updates or submit a general inquiry form.

  • Demographic details: optional information (like ZIP code or birthdate) when you fill out interest or support forms.

  • Payment details: limited data processed securely through third-party payment platforms such as Stripe and Zeffy. The Iris Center does not store or access full payment card details.

  • Communication preferences: information collected when you opt in to receive newsletters through MailerLite.

  • Website analytics: anonymous, non-identifiable data collected by Google Analytics to help us understand and improve website performance.

We do not knowingly collect information from individuals under 18 without verified parental or guardian consent.

How We Use Non-Medical Information

We use non-medical information collected through this website to:

  • Respond to general inquiries or messages.

  • Manage Beneficiary commitments and donations.

  • Send updates about The Iris Center’s programs, services, and events.

  • Improve our website’s accessibility and functionality.

  • Maintain accurate records for nonprofit and financial reporting compliance.

We will never sell, rent, or share your personal data with advertisers or unrelated third parties.

How we protect your information

The Iris Center employs industry-standard administrative, technical, and physical safeguards to protect your data.

These include:

  • Encrypted website forms (HTTPS/SSL).

  • Limited access to personal data based on staff roles.

  • Secure servers and encrypted transmission of payment data.

  • HIPAA-compliant infrastructure for clinical operations.

If you make a payment or donation through a third-party service (like Stripe or Zeffy), those companies’ privacy and security policies also apply.

Third-party tools and services

We partner only with trusted providers who meet high standards of data protection and security. These include:

  • Stripe – for secure payment processing and beneficiary account management.

    Stripe Privacy Policy

  • Zeffy – for donation and event payment processing. Zeffy collects limited personal and payment information to issue receipts and process transactions securely.

    Zeffy Privacy Policy

  • MailerLite – for managing newsletters, updates, and email communications.

    MailerLite Privacy Policy

Each third-party service collects and processes data in accordance with its own privacy policy and applicable data protection laws.

Your choices and rights

You have the right to:

  • Access or request a copy of personal information we hold about you.

  • Request correction or deletion of your information.

  • Opt out of email communications at any time (via unsubscribe link).

  • Manage your Beneficiary payments or update billing details through your Stripe customer portal.

For patient-specific privacy requests related to medical records or HIPAA, please contact the clinic directly using the contact information below.

Data Retention

We retain information only as long as necessary to fulfill the purposes described here or as required by applicable law, including IRS and healthcare compliance obligations.

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, partnerships, or legal requirements. The “Effective Date” above will always indicate the most recent version.

Contact us

If you have any questions about this privacy policy or how we handle your data, we encourage you to reach out.

We are currently receiving mail at the following address:

The Iris Center
1001 A E. Harmony Rd. #402
Fort Collins, CO 80525

info@theiriscenter.org