Privacy Policy

Expy Health Privacy Policy

 

At Expy Health, we believe strongly in transparency, data safety & security, and your partnership to ensure we are stewards of your data. We appreciate that you trust us with information that is important to you, and we want you to know how this information is used by us in service to you. Below, we describe the privacy practices for our applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe. Specifically, we’ll cover:

  • Information We Collect
  • How We Use Information
  • How Information Is Shared
  • Your Rights To Access and Control Your Personal Data
  • Data Retention
  • Analytics and Advertising Services Provided by Others
  • Our Policies for Children
  • Information Security
  • Our International Operations and Data Transfers
  • Changes to This Policy
  • Who We Are and How To Contact Us

Information We Collect

When you use our Services, we collect the following types of information:

Information You Provide to us

Account Information

Some information is required to create an account on our Services, such as your name, email address, password, date of birth, gender, height, weight, surgery date, type of surgery, medical conditions, and in some cases your mobile telephone number. This is the only information you have to provide to create an account with us. If you contact Expy Health through our support system, for instance by sending us an email at [email protected], we also collect your name and email address.

Additional Information

To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. This may include responses to health surveys that ask questions related to your health. This may also include information collected through interactive exercises you choose to complete such as a range-of-motion measurement or a walking test. You may also choose to contact our sales team and provide personal information such as your name, email address, phone number, not for the purpose of creating an account with Expy Health, we use this information to contact you and tell you about our services.

Information from Third Party Services

If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Apple HealthKit on your iOS device or GoogleFit on your Android device, we may receive fitness information like your exercise and activity data. You can stop sharing the information from the other service with us by removing our access to that other service. You may also choose to connect your account on our Services to your account on another service that has an external device. For example, if you connect your FitBit activity tracker, we may receive additional exercise and activity data. You can also stop sharing the information from the external device with us at any time.

Information we collect automatically on our Sites

Our Sites use cookies and other technologies to function effectively. These technologies record information about your use of our Sites, including: Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting; Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.

Information We Receive from Your Use of Our Services

Device Information

Your device, such as your smartphone or wearable, collects data to estimate a variety of metrics like the number of steps you take, your distance traveled, and range of motion. The data collected varies depending on which device you use. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers.

Location Information

The Services include features that use precise location data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can always remove our access using your mobile device settings. We may also derive your approximate location from your IP address.

Usage Information

When you access or use our Services, we receive certain usage data. This includes information about your interaction with the Services, for example, when you view content, create or log into your account, or pair an external device to your account. We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.

Health and Other Special Categories of Personal Data

To the extent that information we collect is health data or another special category of personal data subject to the European Union’s General Data Protection Regulation (“GDPR”), we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account to grant us access to your exercise or activity data from another service. You can use your smartphone account settings to withdraw your consent at any time. To delete your account and all related data, you can send a request to [email protected]

Health Data From Third Parties as a Data Processor

To provide Services, we may receive your health data from a partner or customer to match that information with data that you shared with us as a user of one of our Services. As a processor of this information, it is used in accordance with the use cases in this policy outlined in How We Use The Information. Additionally, this information follows the same information security guidelines in this privacy policy.

How We Use The Information

We use the information we collect for the following purposes.

Provide and Maintain the Services

Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your personal Profile which tracks your progress, activity, physical health measurements, other trends, and to give you customer support. In addition, the information is used to provide you with meaningful feedback about your status and progress through one of the Expy Health programs you are currently using or have used in the past.

Improve, Personalize, and Develop New Services

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services. We also use your information to make inferences and show you more relevant content. For example, information like your height, weight, gender, and age allows us to improve the accuracy of your daily assigned activities.

Communicate With You

We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences or via the “Unsubscribe” link in an email.

Promote Safety and Security

We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. We use cookies and similar technologies for the purposes described above. For personal data subject to the GDPR, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time by sending a request to [email protected]; when the processing is necessary to perform a contract with you, like the Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.

How Information is Shared

We do not share your personal information except in the limited circumstances described below.

When You Agree or Direct Us to Share

You may direct us to disclose your information to others, such as with your doctor’s office or a member of your family. You may also authorize us to share your information with others, for example, with a third-party application when you give it access to your account, or with your employer when you choose to participate in an employee program. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.

For External Processing

We transfer information to our corporate partners, service providers, and others who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.

For Legal Reasons or to Prevent Harm

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person. Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person. We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about health behavior, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our services. If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.

Your Rights to Access and Control Your Personal Data

We give you account settings and tools to access and control your personal data, as described below, regardless of where you live. If you live in the European Economic Area, United Kingdom, and Switzerland (the “Designated Countries”), you have a number of legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below. Accessing and Exporting Data. By logging into your account, you can access much of your personal information, including your Profile with your activity statistics. By sending a request to [email protected], you can receive a link to download information in a commonly used file format. Editing and Deleting Data. If you find errors in your data, this can be corrected either through the account settings in the Application or by sending a request to [email protected] If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information Is Shared section. Objecting to Data Use. We give you account settings and tools to control our data use. If you live in a Designated Country, in certain circumstances, you can object to our processing of your information based on our legitimate interests, including as described in the How We Use Information section. You have a general right to object to the use of your information for direct marketing purposes. Please contact us at [email protected] to control our marketing communications to you about Expy Health products and services. Restricting or Limiting Data Use. If you reside in a Designated Country, you can seek to restrict our processing of your data in certain circumstances. Please submit a request to [email protected]. Please note that you can always ask to delete your account at any time. If you need further assistance regarding your rights, please contact our Data Protection Officer at [email protected], and we will consider your request in accordance with applicable laws. If you reside in a Designated Country, you also have a right to lodge a complaint with your local data protection authority or with the Irish Data Protection Commissioner, our lead supervisory authority, whose contact information is available here.

Data Retention

We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep other information, like your activity or health data, until you request to delete the data or your account because we use this data to provide you with personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.

Analytics and Advertising Services Provided by Others

We work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving ads on our behalf across the internet, and measuring the performance of those ads. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications.

Our Policies for Children

We appreciate the importance of taking additional measures to protect children’s privacy. Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at [email protected].

Information Security

We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support. To protect sensitive information such as your fitness or health data, we follow guidelines for securing protected health information as outlined in the HIPAA/HITECH security rules.

Our International Operations and Data Transfers

We operate internationally and transfer information to the United States and other countries for the purposes described in this policy. We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent, the EU-US and Swiss-US Privacy Shield, and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clauses by contacting us. Expy Health complies with the Privacy Shield principles regarding the collection, use, sharing, and retention of personal information as described in our Privacy Shield certifications. Learn more about Privacy Shield here. Expy Health, Inc. is subject to the oversight of the US Federal Trade Commission and remains responsible for personal information that we transfer to others who process it on our behalf as described in the How Information Is Shared section. If you have a complaint about our Privacy Shield compliance, please contact us. You can also refer a complaint to our chosen independent dispute resolution body JAMS, and in certain circumstances, invoke the Privacy Shield arbitration process. Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a Expy Health account and click “I agree” to data transfers, irrespective of which country you live in. For a list of the locations where we have offices, please see our company information here. If you later wish to withdraw your consent, you can delete your Expy Health account as described in the Your Rights To Access and Control Your Personal Data section.

Changes to This Policy

We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.

Who We Are and How to Contact Us

If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at [email protected]

Expy Health as a data controller and a data processor

EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers or partners. In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data. If you reside elsewhere, then Expy Health, Inc., a US company, is the data controller that provides you with the Services. You may contact us at: Expy Health, Inc. Attn: Legal Department (Privacy Policy) 3415 S Sepulveda Blvd 10th Floor, Los Angeles, CA 90034 U.S.A.

Get better, faster, with
Expy Health

Welcome to Expy Health! We're here to help you manage your joint pain through personalized physical therapy. To match you with the best physical therapist for your needs, please take a moment to complete the questions below.

Your therapy preferences:

Self-pay / Commercial insurance rules

In California, Direct Access rules allow patients to be seen for physical therapy for up to 12 visits with no prescription. After 12 visits or 45 days (whichever is first), the Expy team will work with your doctor to obtain a prescription if more visits or time is needed.

Medicare rules

Medicare requires a signed plan of care for physical therapy. Your therapist will create a plan of care during your first visit, and the team will work with your doctor to get it approved. You will need a new plan of care established every 90 days or 10 visits whichever is sooner.

Expy Man Icon (teal) 128px

Please select your user type below

Expy Man Icon (teal)

Receive a Demo

Complete the form below and we will reach out to schedule a demo

Expy Man Icon (peach) 90px

Download Expy Surgery

Expy Man Icon (teal) 128px

Download ExpyPT

Expy-Man-Icon-teal.png

Select a provider type below

Expy-Man-Icon-teal.png

Select a payer type below

Select a payer type below

Select a provider type below

Expy Man Icon (teal)

Suggest a feature

Thank you for contributing to make Expy Health better