Updated Privacy Policy for The Aligned Dietitian
Effective: 2 June 2025 | Last updated: 2 June 2025
Who we are
The Aligned Dietitian (“we”, “our clinic”, “us”) is a Canada-based, 100 % virtual nutrition practice operated by Ruth Burrowes, RD. When we handle personal health information we are a health-information custodian under Alberta’s Health Information Act; for all other personal information we are an organization under PIPEDA.
Scope
This Policy explains our privacy practices when you:
- visit www.aligndietitian.com, our client portal, or any sub-domain;
- subscribe to our newsletter or download resources;
- book, pay for, or attend a telehealth session;
- comment on a blog post, enter a giveaway, or interact with embedded third-party content (e.g., Instagram, YouTube); or
- communicate with us by email, social media DM, phone, or video.
What we collect
| Category | Examples | Typical source |
|---|---|---|
| Contact | name, email, phone, mailing address | intake forms, newsletter sign-up |
| Health/PHI | medical history, food records, lab results, lifestyle details | secure intake & chart notes |
| Billing | invoices, payment tokens, insurance details | Stripe checkout, direct billing |
| Usage & device | IP, browser, pages visited, referring URL | cookies, Google Analytics, Meta Pixel |
| Comments & UGC | blog comments, survey responses | WordPress comments, Typeform |
We do not knowingly collect data from children under 13 and request that parents/guardians contact us if a child’s data was submitted in error.
4 Why & how we use your information
- Nutrition care (with consent and as necessary) – to assess, plan, deliver, and monitor dietetic services.
- Administration & billing – scheduling, reminders, payment processing, insurance claims.
- Analytics & site functionality – to understand traffic patterns, improve content, maintain security (cookies & pixels).
- Marketing (with consent) – newsletters, product launches, surveys, giveaways.
- Legal & regulatory – record-keeping, audit trails, mandatory reporting.
We rely on express or implied consent except where another lawful basis applies (e.g., legal obligation). Providing consent is always optional, but declining may limit the services we can offer. ICO
Cookies & similar technologies
Our site uses first- and third-party cookies for:
- Essential functions – remembering log-in status, cart contents.
- Analytics – Google Analytics 4 (IP anonymisation enabled).
- Social embeds – Instagram feeds, TikTok Videos, YouTube videos, Pinterest pins.
Opt-out: You can refuse non-essential cookies via our banner or your browser settings.
6 User-generated content (comments, forms & uploads)
When you leave a comment:
- we collect the data shown in the comment form plus your IP address and browser user-agent string to help detect spam (Akismet);
- an anonymised hash of your email may be sent to Gravatar to display your profile image;
- comments and associated metadata are stored indefinitely unless you ask us to delete them.
Please avoid posting personal health details in public comments; instead use our secure client portal.
Affiliate & sponsored content disclosure
Some articles include affiliate links or sponsored product mentions. If you click or purchase through those links we may earn a small commission at no extra cost to you. Content is researched and written independently, and sponsorship never influences our clinical recommendations.
Who we share information with
| Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud platforms (Practice Better, Google Workspace, Stripe, SendFox) | hosting, email, payments | encrypted in transit & at rest, business-associate terms |
| Analytics & ad partners (Google Analytics, Meta Pixel, Mediavine) | aggregated traffic stats, ad personalisation | IP anonymisation; opt-out tools |
| Referral providers (with client consent) | continuity of care | secure email/fax |
| Regulators / auditors | compliance | minimum necessary |
| Legal transfers | sale, merger, or re-organization | new entity bound by this Policy |
We never sell personal or health information for direct monetary consideration.
International data transfers
Vendors such as Google and Meta may process data on servers outside Canada. We rely on contractual clauses and encryption to ensure comparable protection.
Retention & destruction
| Record | Minimum retention | Secure disposal method |
|---|---|---|
| Client health record | 10 years after last visit / age 18 + 10 | cross-cut shred; crypto-erase |
| Financial & tax records | 6 years (CRA) | shred / secure delete |
| Email marketing logs | consent duration + 2 years | auto-purge |
| Analytics data | 14 months rolling | GA4 auto-delete |
We maintain a destruction log for audit purposes.
Your privacy rights
You may request to access, correct, delete, restrict, or transfer your personal information. You may also withdraw consent or object to certain processing at any time.
If you are dissatisfied, you may complain to the Office of the Information & Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.
Changes to this Polic
We will post any material changes here and update the “Last updated” date. Where required by law we will seek fresh consent.
Contact
Questions? ruth@aligndietitian.com |
We will respond within 30 days, subject to identity verification.