Legal

Privacy Policy

How Foundations Direct Care collects, uses, and protects information on this website. Written in plain English — not lawyer-speak.

Effective: April 24, 2026 · Last updated: April 24, 2026

Two systems, two privacy regimes. This website (mockup.renovo.care, and later foundationsdirectcare.com) is our marketing and member portal. Your medical records — clinical notes, labs, messages with Dr. McLaurin, prescriptions — live in a separate HIPAA-covered system called Elation, which has its own Notice of Privacy Practices we hand you at your first visit. Nothing on this website is part of your medical record.

What this policy covers

This policy applies to the public Foundations Direct Care website and the member-only portal at /members/. It covers information collected when you visit our pages, fill out a contact form, subscribe to our newsletter, or sign in to the member portal.

Information we collect

When you visit any page

Standard web-server log data: IP address, browser type, pages viewed, timestamp. Retained for 90 days for security and performance analysis.
Cookies used only for essential site functions (sign-in session, preferences). We do not use third-party advertising cookies. We do not sell or share visit data with marketers.

When you contact us or enroll

The name, email, phone number, and message you provide in a form.
Used only to respond to your inquiry. Not added to a marketing list without your opt-in.

When you sign in as a member

If you sign in with Microsoft, we receive your name and email from Microsoft Entra ID. Microsoft's own privacy practices apply to your account with them.
If you sign in with Google, we receive your name and email from Google. Google's privacy practices apply to your account with them.
We do not receive, store, or have access to your password for either service. Password management stays entirely with Microsoft or Google.
The member portal stores a record of your sign-in (date, browser) for up to 90 days.

How we use the information

To operate the site and keep it secure.
To respond to inquiries, enroll new members, and provide member-only content.
To send administrative emails (invitation to member portal, program updates you've opted into).
To improve pages based on aggregate usage — what articles members read most, where visitors drop off.

We do not use your information for targeted advertising. We do not sell your information to third parties. We do not share your information with insurance companies, pharmaceutical companies, or data brokers.

Third-party services we rely on

The website runs on a small set of infrastructure and content services. Each has its own privacy policy governing the data that flows through them:

Microsoft Azure Static Web Apps — hosting. Microsoft Privacy Statement
Microsoft Entra ID — Microsoft sign-in for the member portal. Microsoft Privacy Statement
Google OAuth — Google sign-in for the member portal. Google Privacy Policy
Google Fonts — the fonts rendered on these pages. Google Privacy Policy
U.S. National Library of Medicine (MedlinePlus) — the Knowledge Base pulls patient education content live from NLM. NLM Privacy Policy

Cookies and tracking

We use cookies strictly for site operation (sign-in sessions, language preferences). We do not use Google Analytics, Facebook Pixel, or other third-party tracking pixels on this site. A small amount of telemetry is collected by our hosting platform (page-load time, HTTP errors) to keep the site running.

Your choices and rights

Opt out of emails: every non-essential email we send has an unsubscribe link. Essential emails (invitations, account-security notices) can't be unsubscribed without closing your member account.
Request your data: email us below and we'll send you every piece of data this website holds about you within 30 days.
Ask us to delete your data: email us below. We'll remove your member-portal account and all site-level records within 30 days. Your clinical records in Elation are handled separately under HIPAA — we'll point you to the right process.
California, Virginia, Colorado, Connecticut, Utah residents: you have specific rights under your state's privacy law (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA). Email us to exercise any of them; we respond within the statutory window.

Children's privacy

This website is not directed at children under 13, and we do not knowingly collect information from children under 13 through the site. If a parent is enrolling a child as a Foundations member, the parent completes the forms.

Security

Site traffic is encrypted in transit with TLS. The member portal uses Microsoft and Google as identity providers so password management stays with them. We do not store passwords. Logs that could contain identifiers are retained for 90 days and then purged.

Changes to this policy

If this policy changes materially, we'll update the "Last updated" date at the top and — if you have a member-portal account — we'll email you. Continued use of the site after the effective date of a change indicates acceptance.

Contact us

Privacy questions, data requests, or complaints:

Email: privacy@renovo.care
Mail: Foundations Direct Care, Oklahoma City, OK (street address on the Contact section)

For medical-record or HIPAA-specific concerns about your clinical chart, contact the Foundations front desk directly — that's a separate process governed by our Notice of Privacy Practices.