Privacy Policy

1. INTRODUCTION

Welcome to Spine 33 Rehab PLLC ("Spine 33 Rehab," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at spine33rehab.com (the "Website") and interact with our services.

Please read this Privacy Policy carefully. If you disagree with its terms, please discontinue use of our Website immediately.

This Privacy Policy applies to information collected through our Website only. It does not apply to information collected through our clinical telehealth platform, SimplePractice, which is governed separately by our HIPAA Notice of Privacy Practices. If you are a patient of Spine 33 Rehab, your protected health information is handled in accordance with our HIPAA Notice of Privacy Practices, which is available at spine33rehab.com/hipaa-notice.

2. INFORMATION WE COLLECT

We collect information in the following ways.

A. Information You Provide Directly

We collect personal information that you voluntarily provide to us when you interact with our Website, including when you complete our contact form, submit your email address to receive a free resource or lead magnet, book a free discovery call or evaluation through our SimplePractice client portal, or communicate with us via email at info@spine33rehab.com.

The personal information we collect may include your full name, email address, phone number, and any additional information you choose to include in a contact form message or email communication.

We do not collect protected health information through our Website. All clinical information, health history, and patient records are collected and stored exclusively through our HIPAA-compliant practice management platform, SimplePractice.

B. Information Collected Automatically

When you visit our Website, certain information is collected automatically by our website hosting platform, Squarespace, and by any analytics tools we use. This information includes your IP address and approximate geographic location derived from your IP address, browser type and version, device type and operating system, pages visited on our Website and time spent on each page, referring URL indicating how you arrived at our Website, date and time of your visit, and clickthrough behavior indicating which links and buttons you interacted with.

This information is collected through cookies, web beacons, and similar tracking technologies. Please see Section 7 of this Privacy Policy and our Cookie Policy at spine33rehab.com/cookie-policy for more information about how we use these technologies.

C. Derivative Data

We collect derivative data automatically as described above including device data, log and usage data, and general location data derived from IP addresses. We do not collect precise GPS location data and we do not request access to your device's location services.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes.

To deliver and facilitate delivery of our telehealth physical therapy services to you. To respond to your inquiries, contact form submissions, and requests for information. To send you the free resource, guide, or lead magnet you requested when submitting your email address. To send you educational newsletters, marketing communications, and promotional content about our services if you have opted in to receive them. To evaluate and improve our Website, services, marketing efforts, and user experience. To identify usage trends and analyze how visitors interact with our Website. To fulfill and manage service orders and appointment bookings. To post anonymized patient testimonials on our Website with prior written consent. To protect the security and integrity of our Website and services. To request feedback about your experience with Spine 33 Rehab. To send administrative information including appointment confirmations, intake form requests, policy updates, and billing communications. To comply with our legal obligations as a licensed healthcare provider under Tennessee law and applicable federal regulations. To provide licensed telehealth physical therapy services to patients, communicate regarding care, treatment plans, home exercise programs, and health outcomes, and to facilitate all clinical interactions through our HIPAA-compliant telehealth and practice management platform. Patient health information collected through our clinical platform is governed separately by our HIPAA Notice of Privacy Practices.

4. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We do not sell your personal information to any third party. We do not share your personal information with advertisers or data brokers. We may disclose your information to the following third party service providers who assist us in operating our Website and delivering our services.

SimplePractice — Our HIPAA-compliant practice management and telehealth platform. SimplePractice receives patient contact information and appointment data when you book services through our client portal. All patient health information shared with SimplePractice is protected under a signed Business Associate Agreement and is governed by our HIPAA Notice of Privacy Practices. SimplePractice's privacy policy is available at simplepractice.com.

Stripe — Our payment processing provider. Stripe processes payment card information when you purchase services through our SimplePractice client portal. Stripe maintains PCI DSS compliance for all payment transactions. Stripe's privacy policy is available at stripe.com.

Kit (formerly ConvertKit) — Our email marketing platform. Kit receives your email address and name when you opt in to receive our newsletter or free resources through our Website. Kit is used only for non-clinical marketing and educational communications. Kit's privacy policy is available at kit.com.

Google Workspace — Our business email and document management platform. Google processes business communication data through our professional email account. A Business Associate Agreement is in place with Google covering our Workspace account. Google's privacy policy is available at google.com/privacy.

Squarespace — Our website hosting platform. Squarespace processes all visitor data that flows through our Website including analytics and session data. Squarespace's privacy policy is available at squarespace.com.

Termly — Our privacy compliance platform. Termly processes visitor cookie consent data through the cookie consent banner on our Website. Termly's privacy policy is available at termly.io.

Mercury — Our business banking platform. Mercury processes financial transaction data related to business operations. Mercury's privacy policy is available at mercury.com.

We require all third party service providers to maintain appropriate data protection standards and to use your personal information only for the specific purposes for which we have engaged them. We have data processing agreements in place with our third party service providers either through signed Business Associate Agreements or through platform Terms of Service that incorporate data processing terms.

We may also disclose your information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Spine 33 Rehab PLLC, our patients, or others.

5. DATA RETENTION

We retain your personal information for the following periods.

Patient health records and clinical documentation are retained for a minimum of 10 years from the date of last service in accordance with Tennessee state law and applicable federal regulations governing physical therapy records.

Financial and billing records are retained for a minimum of 7 years in accordance with IRS guidelines governing business financial record retention.

Website analytics data is retained for 26 months in accordance with standard analytics data retention practices.

Email marketing subscriber data is retained until you unsubscribe from our mailing list or request deletion of your data. Upon unsubscribe or deletion request your data is removed from our active mailing lists within 30 days.

Contact form submissions and general inquiries that do not result in a patient relationship are retained for 2 years and then permanently deleted.

Cookie and derivative data is retained for 12 months.

6. YOUR PRIVACY RIGHTS

Depending on your location you may have certain rights regarding your personal information. These rights may include the right to access the personal information we hold about you, the right to request correction of inaccurate personal information, the right to request deletion of your personal information subject to our legal retention obligations as a healthcare provider, the right to opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by emailing info@spine33rehab.com, and the right to lodge a complaint with a relevant data protection authority.

To exercise any of these rights please contact us at info@spine33rehab.com. We will respond to all legitimate requests within 30 days. Please note that certain rights may be limited by our legal obligations as a licensed healthcare provider to retain patient records for the minimum periods required by Tennessee law and applicable federal regulations.

If you are a patient of Spine 33 Rehab and wish to exercise your rights regarding your protected health information, please refer to our HIPAA Notice of Privacy Practices at spine33rehab.com/hipaa-notice for information about your rights as a patient.

7. COOKIES AND TRACKING TECHNOLOGIES

Our Website uses cookies and web beacons to enhance your browsing experience, analyze Website traffic, and understand how visitors interact with our content. Cookies are small text files placed on your device when you visit our Website. Web beacons are small transparent image files used to track your interaction with our Website and email communications.

We use the following types of cookies on our Website.

Strictly necessary cookies that are required for the Website to function properly and cannot be disabled. Analytics cookies that collect information about how visitors use our Website including pages visited and time spent on each page. Functionality cookies that remember your preferences and settings to improve your experience. Marketing cookies that track your interaction with our content to help us deliver relevant communications.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Website. For detailed information about the cookies we use and your choices regarding cookies please see our Cookie Policy at spine33rehab.com/cookie-policy.

8. SECURITY OF YOUR INFORMATION

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include HIPAA-compliant platforms for all clinical data, encrypted transmission of data through SSL technology, Business Associate Agreements with all vendors handling protected health information, and access controls limiting access to personal information to authorized personnel only.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information we cannot guarantee its absolute security. If you believe your information has been compromised please contact us immediately at info@spine33rehab.com.

9. THIRD PARTY WEBSITES

Our Website may contain links to third party websites including our SimplePractice client portal, social media platforms, and other resources. This Privacy Policy applies only to our Website at spine33rehab.com. We are not responsible for the privacy practices of third party websites and we encourage you to review the privacy policies of any third party website you visit.

10. CHILDREN'S PRIVACY

Our Website and services are intended for adults 18 years of age and older. We do not knowingly collect personal information from individuals under the age of 18. If you are under 18 please do not submit any personal information through our Website. If we become aware that we have collected personal information from a minor without appropriate parental consent we will take steps to delete that information promptly. If you believe we may have inadvertently collected information from a minor please contact us at info@spine33rehab.com.

11. MARKETING COMMUNICATIONS

If you have opted in to receive marketing communications from Spine 33 Rehab you may receive educational newsletters, service announcements, promotional offers, and other content related to spine health and our telehealth physical therapy services. You may opt out of marketing communications at any time by clicking the unsubscribe link at the bottom of any marketing email we send you or by emailing info@spine33rehab.com with the subject line Unsubscribe. We will process your opt-out request within 10 business days. Please note that even if you opt out of marketing communications you may still receive administrative communications related to your appointments, billing, and clinical care if you are a patient of Spine 33 Rehab.

12. HIPAA AND PROTECTED HEALTH INFORMATION

Spine 33 Rehab PLLC is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The privacy and security of your protected health information is governed by our HIPAA Notice of Privacy Practices, which is separate from this Privacy Policy. Our HIPAA Notice of Privacy Practices describes how we may use and disclose your protected health information, your rights as a patient regarding your health information, and how you may exercise those rights. Our HIPAA Notice of Privacy Practices is available at spine33rehab.com/hipaa-notice and will be provided to you electronically at or before your first appointment with Spine 33 Rehab.

This Privacy Policy governs general information collected through our Website only and does not supersede or replace our HIPAA Notice of Privacy Practices with respect to protected health information.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time. When we make changes we will update the Last Updated date at the top of this document and post the revised policy on our Website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Website following the posting of any changes constitutes your acceptance of those changes.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices please contact us at the following.

Spine 33 Rehab PLLC

Email: info@spine33rehab.com

Website: spine33rehab.com

Phone: (901) 609-4923

Tennessee PT License: 16706

If you believe your privacy rights have been violated you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy/hipaa/complaints or with the Tennessee Department of Health.

15. GOVERNING LAW

This Privacy Policy is governed by the laws of the State of Tennessee without regard to its conflict of law provisions. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in the State of Tennessee.