CancerDrs

Privacy Policy

Effective Date: April 20, 2026

1. Introduction

This Privacy Policy describes how MiniGig LLC ("we", "us", or "our"), the operator of CancerDrs (the "Site") at https://cancerdrs.com, collects, uses, shares, safeguards, and retains information in connection with your access to and use of the Site and the services made available through it (collectively, the "Services"). This Policy also describes the choices available to you regarding our use of your personal information and the rights you may have under applicable law.

This Policy applies to personal information collected through the Site, through our on-site forms (the care-match quiz and contact form), through email channels we publish for specific purposes (listing inquiries, corrections, press / legal contact, and survivor-story submissions), through our newsletter, and through other communications you initiate with us. Your use of the Services is also subject to our Terms of Service and Medical Disclaimer. By using the Services, you acknowledge this Privacy Policy.

2. We Are Not a HIPAA Covered Entity

MiniGig LLC is not a healthcare provider, health plan, or healthcare clearinghouse, and is not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Information you voluntarily submit to us through a form or email — including any diagnosis, stage, treatment history, or other health-related detail you choose to share — is not protected health information ("PHI") within the meaning of HIPAA and is not governed by HIPAA's privacy and security rules. We treat such information with care as described in this Policy, but you should only share the minimum information necessary to receive the help you are seeking. Do not submit clinical records, imaging, genetic results, or other sensitive documents through our forms.

3. Information We Collect

3.1 Information you provide to us

  • Contact information: name, email address, and (optionally) phone number, ZIP/postal code, and state.
  • Self-reported health information: cancer type, stage, goals (e.g., "find a trial," "get a second opinion"), and any free-text notes you choose to include. You decide what, if anything, to share.
  • Correspondence: the contents of email and contact-form submissions — including listing inquiries, correction requests, press / legal contacts, survivor-story submissions, and any other messages you initiate with us — and any attachments you send us.
  • Newsletter preferences: email address and opt-in status for our newsletter; list-segmentation fields (such as self-reported interest).
  • Listing requests: professional details (practice name, NPI, website, specialty, city/state) when a provider or their representative inquires about a listing or sponsorship.

3.2 Information collected automatically

  • Device and connection data: IP address, approximate geolocation derived from IP (country, region, city), user-agent string, operating system, browser type and version, device type, screen dimensions, language preference, and referring URL.
  • Usage data: pages viewed, time spent, links clicked, search queries within the Site, scroll depth, and similar interaction data.
  • Log data: request timestamps, response codes, and security telemetry produced by our hosting provider (Cloudflare) in the ordinary course of operating the Site.
  • Analytics events: pageviews and defined events (such as quiz-step completion and quiz submission) collected through Google Analytics 4.

3.3 Information from other sources

  • Public federal data sets: we compile and display directory-style data from ClinicalTrials.gov, the NPI Registry, CMS Hospital Compare, the National Cancer Institute, SEER, the FDA, and the CMS Open Payments database (the federal Sunshine Act disclosure system). This data is about licensed U.S. healthcare providers, institutions, manufacturers, and clinical trials; it is not collected from Site users, and it is not about you as a visitor to the Site. Federal-agency disclosures are public records; republishing them with citation is the core of what the Site does.
  • Search engines and referrers: when you arrive at the Site from a search engine or another website, that source may share limited information (the referring URL and, in some cases, the query) with us.

3.4 Categories of sensitive information

Information you voluntarily submit about your cancer diagnosis, stage, or treatment may constitute "sensitive personal information" under certain state privacy laws (including the California Privacy Rights Act) and "special categories of personal data" under the European Union General Data Protection Regulation ("GDPR"). We process such information only to respond to your request, to match you to relevant information or services, and for the purposes described in Section 4, and we do not use or disclose sensitive information for any purpose other than those permitted by law.

4. How We Use Information

We use the information described above for the following purposes:

  • Providing the Services. To respond to your inquiries, match you to potentially relevant clinical trials, oncologists, cancer centers, or resources, and deliver the content and functionality you request.
  • Transactional and administrative communications. To send you confirmations, follow-ups, updates on your inquiry, receipts, security notices, and changes to our legal documents.
  • Newsletter. If you opt in, to send you periodic educational emails. Each newsletter contains an unsubscribe link.
  • Service improvement and analytics. To understand how visitors use the Site, measure the effectiveness of our content, diagnose issues, and improve the Services.
  • Security, fraud, and abuse prevention. To detect, investigate, and prevent security incidents, abuse, spam, fraud, and violations of our Terms of Service.
  • Legal and compliance. To comply with applicable laws, regulations, subpoenas, court orders, and other legal process; to enforce our agreements; and to establish, exercise, or defend legal claims.
  • Business operations. For accounting, record-keeping, corporate transactions (including due diligence and asset transfers), and other ordinary operations of MiniGig LLC.

We do not use your personal information to make decisions that produce legal or similarly significant effects on you without human involvement, and we do not use your personal information to train third-party artificial-intelligence or machine-learning models. Portions of our content are drafted with the assistance of AI tools and reviewed against primary sources; personal information you submit is not included in those drafting or training processes.

5. Legal Bases for Processing (EEA/UK/Swiss Users)

If the GDPR or UK GDPR applies to you, we rely on the following legal bases:

  • Consent — for newsletter subscriptions, optional analytics cookies, and processing of special-category (health-related) information. You may withdraw consent at any time.
  • Performance of a request or contract — to respond to your inquiry and deliver the Services you requested.
  • Legitimate interests — to operate, secure, and improve the Services, to prevent fraud and abuse, and to pursue the ordinary business operations of MiniGig LLC, where those interests are not overridden by your rights and freedoms.
  • Legal obligation — to comply with applicable laws, court orders, tax and accounting requirements, and other legal processes.

6. How We Share Information

We do not sell your personal information, and we do not share your personal information with law firms, advertisers, advertising networks, or data brokers for cross-context behavioral advertising. We share information only in the following limited circumstances:

  • Service providers (processors). We share information with vendors that process data on our behalf and are contractually bound to use it only to perform services for us. Our current service providers include:
    • Cloudflare, Inc. — hosting, content delivery, edge security, DDoS protection, and form-handler runtime (Cloudflare Pages and Workers);
    • Google LLC (Google Analytics 4) — web analytics;
    • Mailgun Technologies, Inc. — transactional email delivery (form confirmations, notifications);
    • Sendy (self-hosted on our infrastructure, sending via Amazon SES) — newsletter list management and delivery.
  • Provider contact (with your consent). If you specifically request to be contacted by a listed provider, institution, or sponsor, we will share the information necessary to facilitate that contact with that party. We do not share your information with providers, institutions, or sponsors except as you direct.
  • Legal process and safety. We may disclose information when we in good faith believe disclosure is necessary to comply with a subpoena, court order, or other legal process; to enforce our Terms of Service; to protect the rights, property, or safety of MiniGig LLC, our users, or the public; or to investigate fraud, abuse, or security incidents.
  • Business transfers. In connection with a merger, acquisition, reorganization, financing, insolvency, or sale of all or a portion of our assets, we may transfer information to the successor or acquiring entity, subject to appropriate confidentiality protections.
  • Aggregated or de-identified information. We may share aggregated or de-identified information that cannot reasonably be used to identify you for any business purpose, including research, benchmarking, and public reporting.
  • With your explicit consent. For any purpose we disclose to you at the time we collect the information.

7. Cookies and Similar Technologies

The Site uses cookies and similar technologies, which we group as follows:

  • Strictly necessary. Required for core Site functions (routing, security, fraud prevention, form submission). These cannot be disabled through our Site.
  • Analytics. Set by Google Analytics 4 to measure usage patterns and improve the Services. You can opt out by installing Google's Opt-out Browser Add-on or by disabling cookies in your browser.
  • Functionality. Remember your preferences (such as whether you have dismissed a notice).

We do not use advertising cookies or third-party tracking pixels for cross-context behavioral advertising. Your browser typically allows you to block or delete cookies; doing so may impair some Site features. Some browsers transmit a "Do Not Track" or "Global Privacy Control" signal. Where required by applicable law, we treat a Global Privacy Control signal as a valid opt-out of sale or sharing of personal information.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specifically:

  • Care-match and contact-form submissions: up to 36 months after your most recent interaction with us, after which we de-identify or delete the record.
  • Newsletter list: until you unsubscribe, plus a limited record of the unsubscribe event to honor your preference.
  • Listing-inquiry correspondence: for the duration of the prospective or active commercial relationship, plus up to 7 years for accounting, tax, and anti-kickback-compliance records.
  • Log and analytics data: generally retained for 14 months (Google Analytics 4 default) and in Cloudflare logs for the provider's standard retention window.
  • Legal, compliance, and dispute records: for the period required by applicable law or the applicable statute of limitations.

Aggregated or de-identified information that cannot reasonably be associated with you may be retained indefinitely.

9. Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. These safeguards include transport encryption (HTTPS/TLS) for data in transit, access controls, least-privilege administration, third-party infrastructure operated by Cloudflare, and logging. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee the absolute security of information you transmit to us. You are responsible for maintaining the security of any account credentials, devices, or email accounts you use to interact with the Services.

10. Your Choices

  • Unsubscribe. You may unsubscribe from our newsletter at any time using the link in any email. Transactional and compliance messages (such as confirmation of an inquiry) are not subject to opt-out.
  • Access, correction, or deletion. You may request access to, correction of, or deletion of your personal information by emailing [email protected].
  • Cookies. You can manage cookies through your browser settings.
  • Opt out of analytics. Install Google's Opt-out Browser Add-on or disable cookies.

11. Your U.S. State Privacy Rights

Depending on your state of residence (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Jersey, and other states that adopt comprehensive consumer-privacy laws), you may have the following rights:

  • Right to know / access. Confirm whether we process your personal information and obtain a copy.
  • Right to correct. Correct inaccurate personal information.
  • Right to delete. Request deletion of your personal information, subject to exceptions permitted by law.
  • Right to portability. Receive personal information in a portable, machine-readable format.
  • Right to opt out of "sale" or "sharing." We do not sell or share your personal information for cross-context behavioral advertising; nonetheless, you may submit a request to confirm.
  • Right to limit use of sensitive personal information. You may request that we limit our use and disclosure of sensitive personal information to purposes permitted by law.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
  • Right to appeal. If we deny your request, you may appeal by replying to our response or emailing [email protected] with "Privacy Appeal" in the subject line.

To exercise these rights, email [email protected]. We will respond within the time required by applicable law (typically 45 days, extendable as permitted). To protect your information, we may need to verify your identity by asking you to confirm information we already have. An authorized agent may submit a request on your behalf with proof of authorization.

California "Shine the Light"

California Civil Code § 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.

Categories of personal information collected (CCPA/CPRA)

In the preceding twelve (12) months, we have collected the following categories of personal information:

  • Identifiers (name, email, phone, IP address).
  • Customer records (content of correspondence).
  • Internet or other electronic network activity (browsing history on the Site, interaction data).
  • Geolocation (approximate, derived from IP; self-reported state/ZIP where you provide it).
  • Sensitive personal information (self-reported health details, where you choose to share them).
  • Inferences drawn from the above to match you to relevant content or resources.

We collect these categories from the sources, and use them for the business purposes, described in Sections 3 and 4. We disclose these categories to the categories of recipients described in Section 6. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

12. Your Rights under the GDPR and UK GDPR

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to: access your personal data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent where processing is based on consent; and lodge a complaint with your local supervisory authority. To exercise these rights, email [email protected]. We do not have a designated EU or UK representative, and our Services are operated from the United States. If you access the Services from outside the United States, you consent to the transfer of your information to, and processing in, the United States, where data-protection laws may differ from those in your jurisdiction. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms where required.

13. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at [email protected], and we will take steps to delete the information.

14. Email and SMS Communications

Marketing emails include a one-click unsubscribe link and comply with the CAN-SPAM Act. Our physical mailing address is included in the footer of every marketing email as required. We do not currently send marketing SMS messages; if we begin to do so, we will obtain your prior express written consent in accordance with the Telephone Consumer Protection Act (TCPA) and allow you to opt out by replying "STOP".

15. Third-Party Websites and Services

The Services contain links to third-party websites, services, and resources (including primary-source references to federal data sets, provider websites, and affiliate services). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information.

16. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the "Effective Date" above and, where appropriate, notify you by posting a notice on the Site or by email. Your continued use of the Services after the Effective Date of any modification constitutes your acknowledgement of the modified Policy.

17. Contact Us

If you have questions about this Policy or wish to exercise any privacy right, contact us at [email protected] (or our general inbox at [email protected]) or by mail to MiniGig LLC, 2129 FM 2920 SUITE 190-249, Spring, Texas 77388, USA.