TABLE OF CONTENTS

Introduction
Information We Collect
How We Use Your Information
Cookies and Tracking Technologies
How We Share Your Information
Data Retention
Data Security
International Data Transfers
Your Privacy Rights
Do Not Sell or Share My Personal Information
Children’s Privacy
Links to Third-Party Websites
Changes to This Privacy Policy
Contact Us

1. Introduction

Model Optimal Care, LLC (“we,” “our,” or “us”) operates the website modeloptimalcare.com (the “Site”). We provide technology consulting services, educational programs through the Model Optimal Care Academy, professional certification (the Certified Professional in Model Optimal Care, or CP-MOC credential), blog content, community discussion features, and related resources for healthcare benefits professionals.

This Privacy Policy explains what personal information we collect, how we use and share it, your rights and choices regarding that information, and how to contact us with questions or concerns. This policy applies to all areas of our Site, including the main website, Academy portal, consulting pages, blog, community pages, and all forms through which we collect data.

By accessing or using our Site, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with our practices, please do not use our Site or submit any personal information through it.

2. Information We Collect

We collect information in several ways depending on how you interact with our Site. The categories below describe what we collect, organized by source.

2.1 Information You Provide Directly

When you interact with our Site, you may voluntarily provide personal information, including through the following activities:

Account Registration: When you create an account for the Model Optimal Care Academy or community features, we collect your name, email address, username, and encrypted password.
Course Enrollment and CP-MOC Certification: When you enroll in courses or pursue the CP-MOC credential, we collect your name, email address, professional title, employer name, payment information, course progress data, quiz and exam scores, assignment submissions, certificate completion records, and continuing education credits.
Contact and Consultation Request Forms: When you submit a contact form or request a consulting engagement, we collect your name, email address, phone number (if provided), company name, job title, and the content of your message.
Blog Comments and Community Participation: When you comment on blog posts or participate in community discussions, we collect your name (or display name), email address, and the content of your posts or comments.
Newsletter Subscription: When you subscribe to our email newsletter, we collect your email address and, if provided, your name and professional role.
Purchases: When you purchase a course, certification exam, or other product, we collect your name, billing address, and payment card information. Payment card details are processed directly by our third-party payment processors (Stripe and PayPal) and are not stored on our servers.
Event Registration: When you register for webinars, workshops, or other events, we collect your name, email address, job title, and company name.

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information through cookies, log files, and similar technologies:

Device and Browser Information: Device type, operating system, browser type and version, screen resolution, and language preferences.
Usage Data: Pages visited, time spent on each page, links clicked, referring and exit pages, scroll depth, and navigation paths through our Site.
Network Information: IP address (automatically anonymized by Google Analytics 4 and never stored in full form), approximate geographic location derived from IP address, and internet service provider.
Cookie and Tracking Data: Unique identifiers assigned by cookies, session identifiers, and timestamps. See Section 4 (Cookies and Tracking Technologies) for full details.

2.3 Information from Third Parties

We may receive limited information from third-party platforms, including confirmation of successful payments from Stripe or PayPal and email engagement data (such as open rates and click activity) from Substack or Mailchimp.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To operate our Site, process your account registration, deliver courses through the Model Optimal Care Academy, administer the CP-MOC certification program, issue digital certificates, and track continuing education credits.
Consulting Services: To respond to consultation requests, schedule engagements, and deliver technology consulting services.
Payment Processing: To process transactions for course enrollments, certification exams, and other purchases through our third-party payment processors.
Communications: To send you transactional emails (order confirmations, account updates, course progress notifications), respond to your inquiries, and, where you have opted in, send marketing communications such as newsletters and product announcements.
Site Improvement: To analyze how visitors use our Site, identify technical issues, improve content and navigation, and develop new features and services.
Security and Fraud Prevention: To protect our Site, users, and business from unauthorized access, fraud, and other security threats.
Legal Compliance: To comply with applicable laws, regulations, and legal processes, including tax reporting obligations and responses to lawful government requests.
Community Management: To moderate blog comments and community discussions, enforce community guidelines, and maintain a professional environment.

3.1 Legal Bases for Processing (EEA, UK, and Swiss Visitors)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Consent (Article 6(1)(a)): For analytics cookies (Google Analytics 4), email marketing communications, and blog comment cookies. You may withdraw consent at any time.
Contract Performance (Article 6(1)(b)): For processing necessary to deliver services you have requested, including Academy course delivery, CP-MOC certification administration, payment processing, and responding to consulting inquiries.
Legal Obligation (Article 6(1)(c)): For processing required to comply with applicable laws, such as retaining transaction records for tax purposes.
Legitimate Interests (Article 6(1)(f)): For website security, fraud prevention, and internal analytics used to improve our services. We balance our interests against your rights and freedoms and do not rely on legitimate interests where your rights override our interests.

4. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to provide functionality, analyze usage, and support marketing activities. A cookie is a small text file stored on your device when you visit a website.

4.1 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the basic operation of our Site. They enable core functions such as user authentication, session management, and security. Because they are essential, they do not require consent. Essential cookies on our Site include:

WordPress authentication cookies (wordpress_[hash], wordpress_logged_in_[hash]) that maintain your login session.
WordPress settings cookies (wp-settings-{time}-[UID]) that store your dashboard preferences.
LearnDash lesson timer cookies (learndash_forced_lesson_time_cookie_key) that enforce minimum time requirements for course lessons.

Analytics Cookies

These cookies help us understand how visitors interact with our Site. We use Google Analytics 4 (GA4) deployed through Google Tag Manager. GA4 sets the following cookies:

_ga: Assigns a unique, randomly generated identifier to distinguish visitors. This cookie has a maximum duration of 2 years.
_ga_<container-id>: Maintains session state information. This cookie has a maximum duration of 2 years.

GA4 automatically anonymizes IP addresses. Full IP addresses are never logged or stored by Google Analytics. They are used momentarily to derive approximate geographic location and then discarded. Google Tag Manager itself does not collect personal data or set cookies. We have executed a Data Processing Agreement with Google. For more information, see Google’s Privacy Policy at policies.google.com/privacy.

For visitors in the EEA, UK, and Switzerland, analytics cookies are not activated until you provide explicit consent through our cookie consent banner. We use Google Consent Mode v2 to ensure analytics tracking respects your consent preferences.

Comment Cookies

If you leave a comment on our blog, WordPress may store your name, email address, and website URL in cookies (comment_author_[hash], comment_author_email_[hash], comment_author_url_[hash]) for your convenience. These cookies have a duration of approximately one year and are set only with your consent.

4.2 Email Tracking Technologies

Our email marketing platforms use tracking pixels and unique URLs to measure email engagement:

Substack: Embeds a small tracking pixel (a 1×1 pixel image) in emails to register when a message is opened. Subscriber-specific URLs track which links you click.
fluentCRM: Uses web beacons (similar to tracking pixels) to record email opens and tracks link clicks. Also records the IP address, timestamp, and browser type associated with each email interaction.

You can opt out of email tracking by disabling image loading in your email client or by unsubscribing from our mailing list using the link provided in every email.

4.3 Managing Your Cookie Preferences

When you first visit our Site, you will see a cookie consent banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time by clicking the “Cookie Settings” link in our website footer.

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may impair the functionality of our Site, including your ability to log in or access Academy courses.

5. How We Share Your Information

We do not sell your personal information. We share personal information only in the following circumstances and with the following categories of recipients:

5.1 Payment Processor

Stripe: We use Stripe to process payment transactions. Stripe operates as both a data processor (for payment processing on our behalf) and an independent data controller (for its own fraud prevention, service improvement, and analytics purposes). Stripe may collect personal data including transactional details, device information, IP addresses, and behavioral signals such as mouse movement patterns for bot detection. Stripe may collect data entered into payment forms even if a transaction is not completed. You can learn more about Stripe’s data practices at stripe.com/privacy.

5.2 Email Marketing Platforms

Platforms: We may use fluentCRM or Substack to deliver our newsletter. When you subscribe, your email address and any additional information you provide are shared with Substack for the purpose of email delivery and engagement tracking. See Substack’s Privacy Policy at substack.com/privacy. Any data collected vis fluentCRM stays protected on our Site.

5.3 Analytics Providers

We share anonymized usage data with Google through Google Analytics 4 and Google Tag Manager, as described in Section 4 above.

5.4 Learning Management System

Our Model Optimal Care Academy is powered by LearnDash, a WordPress-based learning management system. LearnDash stores course progress, quiz and exam scores, assignment data, certificate records, and lesson timer data within our WordPress database. LearnDash does not independently transfer your personal data to external servers. Your Academy account information (name, email, password) is managed by WordPress core and stays on our server.

5.5 Other Disclosures

We may also share personal information in the following limited circumstances:

Legal Requirements: When required by applicable law, regulation, legal process, or enforceable government request.
Protection of Rights: When necessary to protect the rights, property, or safety of Model Optimal Care, LLC, our users, or the public.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case we will notify affected users before personal information is transferred and becomes subject to a different privacy policy.
With Your Consent: When you have given us specific, informed consent to share your information for a stated purpose.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply:

Transaction and Payment Records: 7 years from the date of transaction, as required by IRS record-keeping obligations.
CP-MOC Certification Records: Retained for the duration needed to verify your credential status, including certificate issuance records, exam pass/fail status, and continuing education credits. These records are maintained as long as the CP-MOC program is active and for a reasonable period thereafter to support verification requests.
Academy Course Progress Data: Retained for the duration of your account plus 3 years. After this period, course progress data is anonymized or deleted.
Email Marketing Data: Retained until you withdraw consent by unsubscribing. Upon unsubscribe, your data is removed from active marketing lists promptly and fully deleted within 30 days.
Contact and Consultation Form Submissions: Retained for 2 years after the inquiry is resolved, then deleted.
Analytics and Cookie Data: Google Analytics data is retained for 14 months, consistent with our GA4 configuration. Cookie data expires per the durations stated in Section 4.
Blog Comments: Retained for the duration of the associated blog post’s publication. If a post is removed, associated comments are deleted.
Server Logs: Retained for up to 12 months for security monitoring and troubleshooting, then deleted.
Account Data: Retained for the duration of your account. If you request account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Encryption of data in transit using SSL/TLS protocols across all pages of our Site.
Encryption of sensitive data at rest within our hosting environment.
Role-based access controls limiting access to personal information to authorized personnel who require it for legitimate business purposes.
Regular security reviews and updates of our software, plugins, and hosting infrastructure.
PCI-DSS compliant payment processing through Stripe and PayPal. We do not store credit card numbers, CVVs, or full payment card data on our servers.
Secure password hashing for all user accounts.

No method of electronic transmission or storage is completely secure. While we take commercially reasonable steps to protect your personal information, we cannot guarantee absolute security. If you become aware of any unauthorized access to your account, please contact us immediately using the information in Section 14.

8. International Data Transfers

Model Optimal Care, LLC is based in the United States. If you access our Site from outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States, we rely on the following transfer mechanisms:

EU-U.S. Data Privacy Framework: Where applicable, we rely on the EU-U.S. Data Privacy Framework (and the UK and Swiss extensions) as the primary mechanism for lawful data transfers.
Standard Contractual Clauses: Where the Data Privacy Framework does not apply, or as an additional safeguard, we use Standard Contractual Clauses (SCCs) approved by the European Commission to govern the transfer of personal data to recipients outside the EEA.

Our third-party service providers (including Google, Stripe, PayPal, Substack, and Mailchimp) maintain their own data transfer mechanisms. We encourage you to review their respective privacy policies for details on how they handle international data transfers.

You may request a copy of the safeguards we have in place for international transfers by contacting us using the information in Section 14.

9. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information under applicable data protection laws. We are committed to honoring those rights regardless of where you reside.

9.1 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR:

Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful.
Right to Restriction of Processing (Article 18): You have the right to request that we restrict processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in automated decision-making of this nature.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

We will respond to your request within one month. This period may be extended by two additional months where necessary, considering the complexity and number of requests. We will inform you of any such extension within one month of receiving your request.

To exercise any of these rights, please contact us using the information in Section 14.

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we have shared your information.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as completing a transaction, detecting security incidents, or complying with legal obligations).
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information. See Section 10 for details.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary for providing the services you requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, provide a different quality of service, or suggest that you will receive any of these consequences for exercising your rights.

To submit a request, you may contact us by email at privacy@modeloptimalcare.com or by submitting a request through the “Privacy Request” form on our Site. We will verify your identity before processing your request and will respond within 45 days, with a possible extension of 45 additional days if reasonably necessary.

You may designate an authorized agent to make a request on your behalf. We may require written authorization from you and verification of your identity before processing an agent’s request.

9.3 Rights Under Other State Privacy Laws

Residents of states with comprehensive privacy laws, including but not limited to Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, and Rhode Island, may have similar rights to access, delete, correct, and opt out of certain processing activities. We honor these rights consistent with applicable state law.

If we deny your request, you have the right to appeal our decision. To submit an appeal, email us at privacy@modeloptimalcare.com with “Privacy Appeal” in the subject line. We will respond to your appeal within the timeframe required by your state’s law.

10. Do Not Sell or Share My Personal Information

Model Optimal Care, LLC does not sell your personal information as defined by the CCPA, CPRA, or any other applicable state privacy law. We do not exchange personal information for monetary consideration.

We do not share your personal information for cross-context behavioral advertising purposes. Our use of Google Analytics is limited to internal website performance analysis and is configured to anonymize IP addresses.

We honor opt-out preference signals, including the Global Privacy Control (GPC). When we detect a GPC signal from your browser, we treat it as a valid request to opt out of the sale and sharing of personal information and targeted advertising, as required by applicable law.

If our data practices change in the future, we will update this policy and provide you with notice and the ability to opt out before any such change takes effect.

11. Children’s Privacy

Our Site and services are designed for business professionals and are not directed to children under 13 years of age (or under 16 in jurisdictions where higher age thresholds apply). We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 13, please contact us immediately at help@modeloptimalcare.com.

We do not knowingly sell or share the personal information of consumers under 16 years of age, nor do we process such information for targeted advertising purposes.

12. Links to Third-Party Websites

Our Site may contain links to websites, services, and resources operated by third parties. These include, but are not limited to, links to Substack (for our newsletter), social media profiles, industry publications, and external resources referenced in blog posts or course materials.

This Privacy Policy applies only to modeloptimalcare.com. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit through links on our Site.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page with a revised “Last Updated” date.

For material changes that significantly affect how we collect, use, or share your personal information, we will provide additional notice through one or more of the following methods:

A prominent banner or notification on our Site for at least 30 days following the change.
An email notification to registered users and active subscribers.

We encourage you to review this Privacy Policy periodically. Your continued use of our Site after changes are posted constitutes your acknowledgment of the updated policy. We maintain an archive of prior versions and will make them available upon request.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Model Optimal Care, LLC

Attn: Privacy Inquiries

Email: help@modeloptimalcare.com

Website: https://modeloptimalcare.com/privacy-policy/

For GDPR-related inquiries from EEA, UK, or Swiss residents, please include “GDPR Request” in your subject line.

For CCPA/CPRA-related requests from California residents, please include “CCPA Request” in your subject line or use the Privacy Request form on our Site.

We aim to respond to all privacy-related inquiries within 30 days.