Privacy Policy

Last Revised: 6 June 2024 

1. GENERAL. 

We know that your privacy is important to you, and we work hard to earn and keep your trust.  YourSteps Health (“Company,” “we,” “us,” and “our”), respects your privacy and is committed to protecting your privacy through our compliance with this Privacy Policy (the “Policy”). The words “you” and “your” refer to you as a user of the Platform (defined below), either as registered user or employee of a Company customer.  

This Policy describes: 

• The types of information we collect from you or that you may provide when you visit our website(s) available at: www.yourstepshealth.com as well as any websites and blogs directly owned by the Company where this Policy is linked (collectively, our “Website”); 

• The types of information we collect from you or that you may provide when you visit our mobile applications, including YourSteps™ and any other mobile applications directly owned by, or operated by or on behalf of, the Company and where this Policy is linked (the “Application(s)”) (collectively with the Applications and the Website, the “Platform”); and  

• Our practices for collecting, using, maintaining, protecting, and disclosing that information.  

This Policy applies to information we collect on the Platform or in emails and other electronic messages between you and the Platform, and information gathered when you interact with our advertising on third-party websites if such advertisements include links to this Policy.  

This Policy does not apply to information collected by us offline or through any other means, including on any other website operated by any third party, or information collected by any third party through any application or content (including advertising) that may link to or be accessible from the Platform (for further information, see below, “Third-party Websites”).  

Please read this Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, then please do not use the Platform.  By using the Platform, you agree to the terms of this Policy.  This Policy may change from time to time (see below, “Changes to this Policy”).  Your continued use of the Platform after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.  

1. THE SERVICES. 

The Platform allows individuals to connect with their provider (such as a physical therapist) to complete certain activities and exercises related to their rehabilitation. To that end, a registered user of the Platform could include: 

• parents and guardians of a minor, 

• an individual or minor completing the activities and exercises, 

• a rehabilitation therapist (i.e., physical therapist, occupational therapist, etc.), or  

• other providers, and administrators in charge of the physical therapists or other providers (i.e., hospital administrators).  

Minors under the age of 13 are not able to provide any Personal Information on to the Platform themselves and are not able to communicate with the physical therapist, other providers, or administrators. Only the parent or guardian can directly communicate with the physical therapist or other provider.  

1. END USER LICENSE AGREEMENT; OTHER AGREEMENTS. 

This Policy is incorporated by reference and should be read in conjunction with the Company’s End User License Agreement.  

Your use of the Platform and any information associated with the Platform may also be subject to the terms of separate written agreements (the “Customer Agreements”) between Company and its customers, including when you are an employee, contractor or agent of such customer, such as a physical therapist at a hospital (the “Employer”).  When applicable, this Policy may be superseded by specific terms in the Customer Agreements.  If you use or submit any materials on the Platform as an employee, contractor or agent of an Employer, you agree to be bound by any applicable Customer Agreements, as well as any posted Employer guidelines and policies related to the materials you wish to use or submit, as applicable.  When applicable, if you do not agree to the terms of the Customer Agreements, you will not be able to use the Platform. 

1. THE INFORMATION WE COLLECT. 

Personal Information. To ensure that we provide you with the best possible experience, we will store, use, and disclose personal information about you in accordance with this Policy.  Personal information is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, household or device (“Personal Information”). The Personal Information that we may receive and collect depends on what you do when you visit the Platform. 

Aggregated and De-Identified Data. We may also collect, use and disclose aggregated and de-identified data such as statistical or demographic data for any purpose. Aggregated and de-Identified data could be derived from your Personal Information but is not considered Personal Information under applicable law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated or de-identified data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Policy. 

Username and Password; Other Sources. We may ask you to create a username and password that should only be known to you. When you provide this information to us, you are no longer anonymous.  Additionally, we may receive information about you from other sources and add it to the information you have provided to us. 

Information of Other Individuals.  You may have the opportunity to provide information of other individuals. When providing such information, you are solely responsible for obtaining the necessary consents and authorizations from any individuals in accordance with applicable data protection laws and regulations, and the Company shall not be responsible or held liable for your failure to obtain the necessary consents. 

Credit Card Information. Please note that for any credit card information provided on the Platform, we utilize a trusted third-party PCI-DSS compliant payment processor to process all of your transactions and it collects and maintains the necessary Personal Information needed to necessitate such transactions. 

Free-Text Boxes. The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting the Company to request further information.  When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services.    

Recording Use of the Platform. We partner with trusted third-party vendors to analyze performance and traffic of the Platform.   This may include things like buttons you click, mouse movements and other behavior on the Platform, date and time of access, pages visited, web beacons, and cookie or pixel tag information. Please see our Automatic Information Collection section below to learn more about cookies, pixels tags, and analytic technologies.  

1. Information We May Collect on the Platform 

You may have the opportunity to provide Personal Information on the Platform, including but not limited to: 

Category 

Examples 

Collected 

Identifiers. 

A first and last name, postal address, email address, telephone number, unique personal identifier, online identifier, Internet Protocol address, account name. 

YES 

Protected classification characteristics. 

Age (40 years or older), race,  medical condition, physical or mental disability, sex (including gender, gender identity, gender expression). 

YES 

Commercial information. 

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. 

YES 

Sensitive Personal Information 

Precise geolocation, Social Security number, driver’s license, state identification card, passport number, account log-in, financial account, debit card, credit card number with security, or access code or password, racial or ethnic origin, religious/philosophical beliefs, or union membership, genetic data and processing of biometric information, health and sexual orientation. 

NO 

Biometric information. 

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or ​​​​​​exercise data. 

YES 

Internet or other similar network activity.  

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. 

YES 

Geolocation data. 

Physical location or movements. 

NO 

Sensory data. 

Audio, visual, or similar information, such as recording and sending a video to your physical therapist or other provider. 

YES 

Professional or employment-related information. 

Current or past job history or performance evaluations. 

NO 

Non-public education information. 

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. 

NO 

Inferences drawn from other Personal Information. 

Relating to your exercises for rehabilitation, a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

YES 

We may obtain the Personal Information listed above from the following categories of sources: 

• Directly from you. For example, when you:  

• register yourself with the Platform; 

• provide information relating to relevant rehabilitation activities; 

• as a parent or guardian or individual over 18, communicate with the applicable provider, such as a physical therapist; 

• subscribe to one of our e-newsletters; or 

• otherwise communicate with us, such as contacting us for more information.  

• Indirectly from you. For example, through information we collect from you in the course of providing our services to you. 

• Directly and indirectly from activity on the Platform. For example, from The Platform usage details that are collected automatically. For more information on automatic information collection, please review the “Automated Information Collection” section below.  

1. HIPAA; IMPORTANT INFORMATION RELATING TO HEALTH INFORMATION. 

You acknowledge that the Platform may involve the use of “Protected Health Information” (as defined in 45 C.F.R. § 160.103) that is subject to the federal privacy regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act, as amended from time to time (collectively, “HIPAA”). With respect to the Platform, any Personal Information that constitutes Protected Health Information shall be governed by the terms of any applicable business associate agreement (“Business Associate Agreement”) between the Company and the contracting company responsible for providing Protected Health Information on the Platform or to the Company. When applicable, this Policy may be superseded by specific terms in the Business Associate Agreement. If you are an employee, contractor, or agent of a Company customer, you agree to use any Protected Health Information in accordance with your organization’s HIPAA policies and procedures.  

1. AUTOMATED INFORMATION COLLECTION. 

Website. In addition to the information that you provide to us, we may also collect information about you during your visit to our Website.  We collect this information using automated tools that are detailed below.  These tools may collect information about your behavior and your computer system, such as your internet address (IP Address), the pages you have viewed, and the actions you have taken while using the Website.  Some of the tools we use to automatically collect information about you may include: 

1. Cookies.  A “cookie” is a small data file transmitted from a website to your device’s hard drive.  Cookies are usually defined in one of two ways, and we may use either (or both) of them:   

1. session cookies, which do not stay on your device after you close your browser, and  

1. persistent cookies, which remain on your device until you delete them or they expire.   

We may use the following categories of cookies on our Website.  

1. Strictly Necessary Cookies.  These cookies are essential in order to enable you to move around the Website and use its features. Without these cookies, services you have requested cannot be provided. 

1. Performance Cookies.  These cookies collect anonymous information on how you use our Website to help us understand how you arrive at our Website, browse or use our Website and highlight areas where we can improve, such as navigation. The data stored by these cookies never shows personal details from which your individual identity can be established. 

1. Functionality Cookies.  These cookies remember choices you make such as the country from which you visit our Website, your preferred language, and your search parameters. This information can then be used to provide you with an experience more appropriate to your selections and to make your visits to our Website more tailored to your preferences. The information in these cookies may be anonymized.  These cookies cannot track your browsing activity on other websites. 

1. Targeting Cookies or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign.  The cookies are usually placed by third-party advertising networks.  These cookies remember the websites you visit and that information is shared with other parties, such as advertisers.  

Of course, if you do not wish to have cookies on your devices, you may turn them off at any time by modifying your internet browser’s settings.  However, by disabling cookies on your device, you may be prohibited from full use of the Website’s features or lose access to some functionality. 

1. Google Analytics.  The Website sends aggregated non-Personal Information to Google Analytics for the purpose of providing us with the ability to conduct technical and statistical analysis on the Website’s performance.  For more information on how Google Analytics supports the Website and uses information sent from the Website, please review Google’s privacy policy available at https://policies.google.com/technologies/partner-sites. 

1. Web Beacons.  A Web Beacon is an electronic image.  Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior.  If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails.  We may also use them to track if you click on the links and at what time and date you do so.  Some of the third-party marketers we engage with may use Web Beacons to track your interaction with online advertising banners on our Website.  This information is only collected in aggregate form and will not be linked to your Personal Information.  Please note that any image file on a webpage can act as a Web Beacon. 

1. Embedded Web Links.  Links provided in our emails and, in some cases, on third-party websites may include tracking technology embedded in the link.  The tracking is accomplished through a redirection system.  The redirection system allows us to understand how the link is being used by email recipients.  Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you.  This data is used to improve our service to you and to help us understand the performance of our marketing campaigns. 

1. Third-party Websites and Services.  We work with a number of service providers of marketing communications technology.  These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide.  The information collected can be gathered on our Website and also on the websites where our marketing communications are appearing.  For example, we may collect data where our banner advertisements are displayed on third-party websites. 

Application. In addition to the information that you provide to us, we may also collect information about you during your visit to our Application.  We collect this information using automated technology.  This technology may collect information about your behavior and your device, such as your internet address (IP Address), the pages you have viewed, the actions you have taken while using the Application, saved preferences, and log-in Session ID.  This information is not personally identifiable or capable of being used to identify you in the scope of this Policy. You can manage how your mobile device and mobile browser share location information with us, as well as how your mobile browser handles cookies and related technologies, by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.  

1. HOW WE USE YOUR INFORMATION. 

The information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to:  

• security, credit or fraud prevention purposes; 

• providing you with effective customer service; 

• providing you with a personalized experience when you use the Platform; 

• developing new products and services; 

• contacting you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us); 

• contacting you with information and notices related to your use of the Platform; 

• inviting you to participate in surveys and providing feedback to us (in accordance with any privacy preferences you have expressed to us); 

• better understanding your needs and interests; 

• improving the content, functionality and usability of the Platform; 

• improving our products and services; 

• improving our marketing and promotional efforts; and 

• any other purpose identified at the point of data collection, in an applicable privacy notice, in a click-through agreement or in any other agreement between you and us. 

Duration. The length of time Company intends to retain Personal Information, including sensitive personal information, if any, is for as long as reasonably necessary to carry out Company’s intended business purpose for such information.   

1. HOW WE DISCLOSE YOUR INFORMATION. 

We do not sell or lease your Personal Information to any third party.  We may disclose your Personal Information to a third party for a business purpose, including the following categories of third parties:  

• Our Affiliates. We may disclose the Personal Information collected through the Platform with our affiliates, subsidiaries, or other related entities in order to provide our products, services, and effective customer support. 

• Employer. If you are an employee, contractor or agent of a Company customer, such as a physical therapist at a hospital, we may disclose your Personal Information with your applicable Employer, such as, but not limited to, when managing all active accounts under your Employer’s subscription with us. The Company is not responsible or liable for any uses of your information or your content by any applicable Employer.  

• Physical Therapist/Other Provider. As you conduct activities and exercises on the Platform (such as exercises for rehabilitation), we may disclose some of your information to your physical therapist or other provider. The Company is not responsible or liable for any uses of your information or your content by your applicable physical therapist or other provider.  

• Third-party Service Providers. We disclose Personal Information collected through the Platform with third-party Service Providers who act for or on behalf of the Company. These third parties may need information about you to perform their functions. “Service Providers” may include suppliers, dealers, distributors, companies and consultants that provide website hosting, software development, payment processing, website and data analytics, order fulfillment, information technology and related infrastructure support, customer service, email delivery, and auditing. 

• In Aggregate or De-Identified Form. We may aggregate or otherwise anonymize the data we collect for purposes of analytics, research, marketing and other business interests of the Company.  Such use shall not include Personal Information or information that can identify you as an individual or reasonably be used to identify you. 

Except as described in this Policy, we will not disclose your information with third parties without your notice and consent, unless it is under one of the following circumstances:   

• Legal Reasons. 

• We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, subpoena, or court order; 

• To respond to duly authorized information requests from law enforcement or other governmental authorities; 

• To enforce our agreements or policies; 

• To investigate and prevent security threats, fraud, or other malicious activity; or 

• To respond to an emergency that we believe in good faith requires us to disclose such information to assist in preventing the death or serious bodily injury of any person or Company employee. 

• Sale of Business or Merger. There are circumstances where the Company may decide to buy, sell, or reorganize its business.  Under these circumstances, it may be necessary to disclose or receive Personal Information with prospective or actual purchasers, acquisition targets, partners or affiliates. In such circumstances, the Company will ensure your information is used in accordance with this Policy. 

1. YOUR CHOICES AND SELECTING YOUR PRIVACY PREFERENCES. 

We want to provide you with relevant information that you have requested. When possible, we will always provide options as to what information we collect and how you can manage any preferences that pertains to such information.  

If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed.  Transactional or service-oriented messages, such as delivery confirmation messages, are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing. 

From time to time, we may send you email newsletters and marketing emails.  You may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email.  Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided. Even if you opt-out of receiving marketing material, we may still need to contact you with important information about your account or responding to your requests or questions.  

1. TEXT MESSAGING.  

You may have the opportunity to receive SMS or "text" messages, pre-recorded voice messages or auto-dialed phone calls from the Company, its affiliates and related entities as well as third parties.  Such messaging may be used to authenticate your identity or mobile device, as well as provide you informational updates about services or products you may have requested.  In providing your mobile device number or cell phone number to the Company, you knowingly consent to such communications from the Company or for the Company to use your cell phone number or mobile device number.  In providing your number, you represent that you have the authority to agree to receive text messages at the telephone number that you provide to the Company, or from which you sent the text message request to us.  You further acknowledge that: (a) no purchase is required to opt into this service; (b) you may opt out at any time by following the instructions provided in our communications to you; and (c) your receipt of text messages may result in separate charges from your mobile provider.  

Any such communications you receive from us will be administered in accordance with your preferences and this Policy.   

1. ACCURACY AND ACCESS TO YOUR PERSONAL INFORMATION. 

We strive to maintain and process your information accurately.  We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements.  We employ technologies designed to help us maintain information accuracy on input and processing.  

Where we can provide you access to your Personal Information in our possession, we will always ask you for a username and password to help protect your privacy and security.  We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.   

To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance. 

1. INFORMATION OF MINORS. 

While children under the age of thirteen (13) may access and use the Platform, they cannot input or provide any Personal Information. Only individuals over the age of thirteen (13) are able to create an account on the Platform and provide Personal Information. The Company will receive the contact information of a parent or guardian of a minor from a Company customer, such as a physical therapist or other provider. From there, the parent or guardian will create their own account and then create an account for the minor. The minor, under their own account that was created by their parent or guardian, cannot provide Personal Information themselves or directly communicate with a physical therapist or other provider.   

Therefore, we do not knowingly collect information from individuals under the age of thirteen (13) without parental or guardian consent. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet.  If we are aware of any Personal Information that we have collected from minors under the age of thirteen (13) without proper consent from their parent or guardian, we will take steps to securely remove it from our systems.  

1. FEEDBACK.  

We welcome inquiries or feedback on the services or products you might use or like to use. Any inquiries, feedback, suggestions, or ideas you provide to us (collectively, “Feedback”) will be treated as non-proprietary and non-confidential. Your Feedback on or through this Website may be available to others who visit this Website. In addition, we may use your Feedback in advertising campaigns and other promotions. We may or may not use your name in connection with such use, and we may or may not seek your consent before using the Feedback for such purposes. Therefore, you should have no expectation of privacy with respect to your Feedback on or through this Website. You should not submit any content you do not wish to make available to the general public, and you must take special care to make sure your Feedback comply with our End User License Agreement or other applicable agreements. All terms and conditions of our End User License Agreement apply to Feedback on or through this Website. In particular, your Feedback must not violate the privacy or other rights of others. You may not use false identifying information or contact information, impersonate any person or entity, or otherwise mislead us as to the origin of any Feedback. 

1. THIRD-PARTY WEBSITES. 

This Policy does not apply to websites or other domains that are maintained or operated by third parties or our affiliates.  The Platform may link to third-party websites and services. For example, if you click on an advertisement on the Platform, you may be taken to another website that we do not control. These links are not endorsements of these websites, and this Policy does not extend to them.  Because this Policy is not enforced on these third-party websites, we encourage you to read any posted privacy policy of the third-party website before using the service or website and providing any information.   

1. YOUR RIGHTS UNDER STATE LAW. 

California. 

• Shine the Light law.  Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.  

• Do Not Track Signals.  Other than as disclosed in this Policy, the Platform does not operate any differently when it receives Do Not Track signals from your internet web browser. 

• WE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION. If we ever decide to “sell” or “share” Personal Information, as those terms are defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, we will update you via this Policy and include a link entitled “Do Not Sell or Share My Personal Information,” to provide you with an opportunity to opt out of the selling or sharing of your Personal Information.  

Your Consumer Rights.  

Some state laws in the United States provide consumers with additional rights with respect to their Personal Information (also known as “personal data”), as those terms are defined under those applicable state laws. Such state laws may include, but are not limited to, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.  Any Personal Information we collect is collected for the commercial purpose of effectively providing our services to you, as well as enabling you to learn more about, and benefit from, our services. If you are a consumer in a state that provides consumer rights, please be advised that Company is not a “business” or “controller” as those terms are defined under applicable state laws and therefore does not afford consumers these rights with respect to their Personal Information.  Regardless, all Personal Information will be processed in accordance with this Policy. 

1. LOCATION OF THE PLATFORM AND SERVICES. 

We do not warrant or represent that this Policy or the Platform’s use of your Personal Information complies with the laws of every jurisdiction.  Furthermore, to provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours.  Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.   

1. SAFEGUARDING THE INFORMATION WE COLLECT. 

We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure.  However, we can never promise 100% security.  You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password.  If you believe your credentials have been compromised, please change your password. Please also notify us immediately of any actual or suspected unauthorized use of the Platform or your information.  

1. CHANGES TO THIS POLICY. 

This Policy describes our current policies and practices with regard to the information we collect through the Platform. We are continually improving and adding to the features and functionality of the Platform along with the products and services we offer through the Platform. If we make any changes to this Policy, a revised Policy will be posted on this webpage and the date of the change will be reported in the “Last Revised” block above. You can get to this page from any of our webpages by clicking on the “Privacy Policy” link (usually at the bottom of the screen). 

1. HOW TO CONTACT US. 

We value your opinions and welcome your feedback.  To contact us about this Policy or your Personal Information, please contact us by email at admin@yourstepshealth.com.