Privacy Policy

This Privacy Policy describes the health information privacy practices of Phyxd, Inc., d/b/a Phy (referred to as “Phy,” “we,” “our,” or “us,” herein). Phy is not a licensed health care provider or a health plan. Rather, Phy offers the Phy Solution to individual users, coaches, trainers or health care providers, (each a “User”), in some cases as a business associate, under the applicable provisions of relevant laws.

This Privacy Policy does not apply to the collection and use of information pertaining to job applicants, employees, owners, directors, officers, or contractors.

This Policy describes the information that we gather from Users of the Phy Solution, how we use and disclose such information, and the steps we take to protect such information. By using the Phy Solution, you consent to the privacy practices described in this Policy.

This Policy is incorporated into and is subject to the Phy Terms of Use. Capitalized terms used but not defined in this Policy have the meaning given to them in the Phy Terms of Use.

The information we collect through the Phy Solution:

• User-provided Information. When you use the Phy Solution, the Phy Solution collects information about you by means of a body scan which would be “personally identifiable” information, “protected health information,” or “personal information” defined as information that specifically identifies an individual. Phy may also collect other forms of personal information including name, email address, mailing address, mobile phone number, and credit card or other billing information. Personal information also includes other information, such as date of birth, geographic area, or preferences, when any such information is linked to information that identifies a specific individual. You may also provide us medical data such as the identity and contact information of your health care provider(s) and part of your medical history and other information that you choose to share with us.
• “Cookies” Information. When you visit the Phy Solution, we may send one or more cookies (a small text file containing a string of alphanumeric characters) or similar code to your Devices. Some of this code may remain on your Devices and may be used by your browser or Devices on subsequent visits to the Phy Solution. This allows us to “remember” what you have done on the Phy Solution before and personalize the Phy Solution for you. Please look through your browser’s or device’s technical support resources to learn the correct way to remove or disable this code. Please note that disabling this code may prevent you from accessing some of the functionality and offerings available via the Phy Solution.
• “Automatically Collected” Information. When you use the Phy Solution, we may automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This “automatically collected” information may include your IP address or other device address or ID, web browser and/or device type, and the dates and times that you visit, access, or use the Phy Solution. We also may use these technologies to collect information regarding your interaction with coaches or providers. This information is gathered from all users.

How we use the information Phy collects. We use information we collect in providing the Phy Solution and operating our business, including the following:

• we use the information that we collect on the Phy Solution to offer the Phy Solution scan and analytics, and to operate, maintain, enhance and provide all features of the Phy Solution, to provide Phy Solutions and information that you request, to respond to comments and questions, and otherwise to provide support to Users.
• we use the information that we collect on the Phy Solution to understand and analyze the usage trends and preferences of our Users, to improve the Phy Solution, and to develop new products, services, features, and functionalities.
• we may use your email address or other information we collect on the Phy Solution (i) to contact you for administrative purposes such as customer outreach for the Phy Solution, to send reminders, to address intellectual property infringement, right of privacy violations or defamation issues related to User content posted on the Phy Solution or (ii) to send communications, including updates on promotions and events, relating to products and Phy Solutions offered by us and by third parties we work with. Generally, you have the ability to opt-out of receiving any promotional communications by contacting us at privacy@phy.health.
• we may use “cookies” information and “automatically collected” information we collect on the Phy Solution to: (i) personalize our Phy Solutions, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Phy Solution; (ii) monitor and analyze the effectiveness of Phy Solution; (iii) monitor aggregate site usage metrics; and (iv) track your scans, entries, submissions, and status in activities on the Phy Solution.

Phy shall make every reasonable effort to comply with the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009, and the regulations promulgated thereto. Phy complies with these federal laws, applicable state laws, including but not limited to the California Privacy Rights and Enforcement Act of 2020 (the “CPRA”) and the California Consumer Privacy Act of 2018 (the “CCPA”) as well as the European Union General Data Protection Regulation (“GDPR”) regarding the privacy and security of protected health information. Under the GDPR you have the right to be forgotten and may request deletion of your data from Phy computer systems at any time, by sending an email to privacy@phy.health. Any questions or concerns regarding the privacy or security of protected health information on the Phy Solution, or in the Content or Links, shall be reported to the Phy Privacy Officer immediately at privacy@phy.health.

How we use your Protected Health Information. Phy is dedicated to maintaining the privacy and integrity of your protected health information (“PHI”). Under a federal law called the Health Insurance Portability and Accountability Act (HIPAA), PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present or future physician or mental health or condition, (b) the provision of health care to you, or (c) your past, present or future payment for the provision of health care. In providing the Phy Solution, we will receive and create records containing your PHI to assist in providing you a better Phy Solution, conduct our management and administrative activities, and otherwise as stated in this Privacy Policy. You may also choose to grant access to your account to your health care provider or communicate directly with your health care provider.

We may also use your de-identified PHI to run (or authorize third parties to run) statistical or other research on individual or aggregate health or medical trends. Such research would only use your PHI in an anonymous manner that cannot be tied directly back to you. We offer the Phy Solution consistent with applicable federal and state laws governing health information privacy and security.

This Privacy Policy describes how we protect your privacy as a User of the Phy Solution, not as a patient receiving care from your health care provider using the Phy Solution. You understand that all information shared with your health care provider is subject to your health care provider’s professional and legal duties of confidentiality and responsibility which we do not control. If you are receiving care through the Phy Solution from a health care provider, you have other rights with respect to the access, use and disclosure of PHI. For a more complete description of a patient’s rights under HIPAA, please refer to your health care provider’s Notice of Privacy Practices, which provides important information to you about how your PHI may be used and disclosed.

When we disclose information. Except as described in this Policy, we will not disclose your information that we collect on the Phy Solution to third parties without your consent. we may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

• we may make certain automatically-collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, Phy Solutions, and/or functionality available through the Phy Solution.
• we may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
• we also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Phy Solution and any facilities or equipment used to make the Phy Solution available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
• Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Phy Solution. If you wish to update, correct, or delete your account information or any other personal information we hold about you, or request that we delete any information about you that we have obtained, you may contact us at privacy@phy.health may request deletion of your data from Phy computer systems at any time, by sending an email to privacy@phy.health. We will delete specific, identifiable data provided by you from our systems. Note that it is possible that aspects of your data may have become incorporated into Phy algorithms in such a way that it is unreasonable for us to remove them.

Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at privacy@phy.health or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Phy Solution.

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Phy Solution.

The Phy Solution is not directed to children under the age of 18, and we do not knowingly collect personal information from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, and not an emancipated minor, then please do not use or access the Phy Solution at any time or in any manner, except with the consent of your parent or guardian. If we learn that personally identifiable information has been collected on the Phy Solution from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an account on the Phy Solution, then you may alert us at privacy@phy.health and request that we delete that child’s personally identifiable information from our systems.

Consistent with Applicable Law and guidance issued pursuant to such Applicable Law, we use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of your personally identifiable information. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Phy Solution, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. You are responsible for the security of the devices and internet service provider through which you use the Phy Solution.

If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. we may post a notice through the Phy Solution if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at privacy@phy.health.

Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. we are not responsible for circumvention of any privacy settings or security measures on the Phy Solution. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Phy Solution is removed, caching and archiving Phy Solutions may have saved that information, and other users or third parties may have copied or stored the information available on the Phy Solution. we cannot and do not guarantee that information you post on or transmit to the Phy Solution will not be viewed by unauthorized persons.

The Phy Solution is hosted in the United States and is intended for visitors located within the United States. If you choose to use the Phy Solution from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Phy Solution. By providing any information, including personal information, on or to the Phy Solution, you consent to such transfer, storage, and processing.

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Phy Solution, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Phy Solution for the first time after such material changes are made. Your continued use of the Phy Solution after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at privacy@phy.health.

You may also file written complaints with the Office of Civil Rights of the U.S. Department of Health and Human Services, at the following address:

Office for Civil Rights:
https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html

Or

Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201

 
Or, email to OCRComplaint@hhs.gov

Phy.Health’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.