Privacy policy · The Holistic Rheumatologist
Legal

Privacy policy.

Effective June 22, 2026·Last updated June 22, 2026

The short version. We collect your email when you ask us to (e.g., the free guide form), basic analytics about how you use the site, and standard cookies. We don't sell your data. We don't share it with advertisers. You can unsubscribe and request deletion any time.

Who we are.

This site, holisticautoimmune.com, is operated by Sarah Luebker, DO, doing business as The Holistic Rheumatologist. Contact: DoctorSarah@holisticautoimmune.com.

What we collect.

Information you give us directly

  • Email address, when you sign up for the free guide, the newsletter, or contact us by email.
  • Source tag, which page on the site you signed up from (e.g., "homepage," "nutrition"), so we can understand which content is helping people.
  • Any message you send us by email or through a contact form.

Information collected automatically

  • Analytics data: pages visited, time on site, referring source, browser type, device type, country/region. This is aggregated and doesn't identify you personally.
  • Cookies: small text files stored in your browser. See our cookie policy for the full list.
  • Log data: IP address, timestamp, browser version. Collected by our hosting provider (Squarespace) for security and performance.

What we do not collect

  • We do not collect health information about you.
  • We do not collect financial information (no products are sold directly on this site at this time).
  • We do not knowingly collect any information from children under 13. See "Children's privacy" below.

How we use it.

  • To send you the free guide and other newsletter content you opted in to receive.
  • To respond to questions you send us.
  • To understand which content is useful so we can improve the site.
  • To detect and prevent fraud, abuse, or technical problems.
  • To comply with legal obligations.

Who we share it with.

We use the following service providers to operate the site. They have access to limited data only to perform their function, and they are contractually obligated to protect it:

  • Squarespace — website hosting and analytics. Squarespace privacy policy
  • Formspree — handles the free guide email form. Formspree privacy policy
  • Google Fonts — serves the typefaces used on the site. Google privacy policy
  • Email service provider — to send newsletters and the free guide. (Currently Formspree; if we switch providers we will update this list.)

We do not sell your personal information. We do not share it with advertisers. We do not use it to build profiles for retargeting.

We may disclose information if required by law (subpoena, court order, regulatory request) or to protect the rights, property, or safety of Dr. Luebker, our users, or the public.

Your rights.

You have the right to:

  • Access what we have about you.
  • Correct inaccurate information.
  • Delete your information. We will delete everything we have unless retention is required by law.
  • Unsubscribe from any email at any time. Every newsletter includes an unsubscribe link.
  • Opt out of analytics cookies. See the cookie policy.
  • Object to specific uses of your data and request restriction of processing.
  • Lodge a complaint with a data protection authority if you're in a jurisdiction that has one (e.g., EU/UK).

To exercise any of these rights, email DoctorSarah@holisticautoimmune.com. We aim to respond within 30 days.

Specific rights by region.

California (CCPA / CPRA)

California residents have the rights listed above, plus the right to know the categories of personal information collected and the right to non-discrimination for exercising privacy rights. We do not sell or "share" personal information as those terms are defined under California law.

European Union and United Kingdom (GDPR / UK GDPR)

Our legal bases for processing your personal data are: (a) your consent (for the newsletter and free guide), (b) our legitimate interests (for analytics and site improvement), and (c) compliance with legal obligations. You have all the rights listed above. If you are in the EU or UK and have a complaint, you can also lodge it with your local data protection authority.

Data retention.

We retain your email address as long as you remain subscribed. After you unsubscribe, we retain it on a suppression list (to make sure you stay unsubscribed) but stop using it for any other purpose. If you request full deletion, we will delete the suppression record as well — though that means we cannot guarantee we won't accidentally re-add you if you sign up again.

Analytics data is aggregated and retained per our hosting provider's standard retention windows. Form submissions are retained for 12 months and then deleted unless they have led to ongoing correspondence.

Children's privacy.

This site is intended for adults aged 18 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at DoctorSarah@holisticautoimmune.com and we will delete it.

Security.

We use industry-standard security measures, including HTTPS encryption for all traffic, secure cloud hosting through Squarespace, and access controls for our email tools. No system is fully secure; we cannot guarantee absolute security but we take reasonable measures to protect what you share.

International transfers.

This site is operated from the United States. If you are accessing it from outside the US, information you provide may be transferred to, stored, and processed in the United States. By using the site, you consent to that transfer.

Changes to this policy.

We may update this privacy policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For material changes, we'll post a notice on the site or notify newsletter subscribers by email.

Questions about your privacy?

Email DoctorSarah@holisticautoimmune.com.

For our broader compliance posture, also see the terms of use, cookie policy, and medical disclaimer.