Privacy Policy

1. Introduction

Heal from Home ("we," "our," or "us") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth physical therapy services.

We comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, to the extent applicable to our cash-based practice.

2. Information We Collect

Personal Information:

• Full name and contact information (email address, phone number)
• Date of birth (when provided)
• Billing and payment information (processed securely via Stripe)

Health Information:

• Medical history and current conditions relevant to physical therapy
• Treatment notes, assessments, and progress documentation
• Information you provide during booking (condition description, goals)
• Session recordings (only with your explicit consent)

Technical Information:

• Browser type, device information, and IP address
• Pages visited and interaction data on our website
• Cookies and similar tracking technologies for website analytics

3. How We Use Your Information

• Providing and managing your physical therapy sessions
• Scheduling appointments and sending session reminders
• Processing payments securely through Stripe
• Communicating with you about your care and account
• Improving our services and website experience
• Complying with legal and regulatory obligations

4. Telehealth Session Privacy

Your telehealth sessions are conducted via Zoom, a HIPAA-capable video platform. During your sessions:

• Sessions are not recorded unless you provide explicit written consent
• We use encrypted, HIPAA-compliant video connections
• Session content is treated as protected health information
• We recommend you conduct sessions from a private location
• Only your therapist has access to your session and clinical notes

5. Payment Data Handling

We use Stripe as our payment processor. We do not store your credit card numbers, CVV, or full payment card details on our servers.

• Payment information is transmitted directly to Stripe via encrypted connection
• Stripe is PCI DSS Level 1 certified (the highest level of payment security)
• We only retain a record of the transaction amount, date, and confirmation

6. How We Protect Your Information

We implement appropriate technical and administrative safeguards:

• SSL/TLS encryption for all data transmitted to and from our website
• Encrypted database storage for personal and health information
• Access controls limiting who can view patient information
• Regular security reviews of our systems and practices
• Secure, HIPAA-capable platforms for video sessions (Zoom)

7. Information Sharing & Disclosure

We do not sell your personal or health information. We may share information only:

• With your consent — for referrals to other healthcare providers
• For payment processing — with Stripe to process transactions
• As required by law — in response to valid legal process or to protect safety
• Service providers — with vendors who assist our operations (e.g., email, hosting), bound by confidentiality obligations

8. Your Rights

You have the right to:

• Access — Request a copy of the personal and health information we hold about you
• Correction — Request corrections to inaccurate information
• Deletion — Request deletion of your information (subject to legal retention requirements)
• Restrict Processing — Request limitations on how we use your information
• Withdraw Consent — Withdraw previously given consent at any time

To exercise any of these rights, contact us at the email address below.

9. Data Retention

We retain your health records and treatment documentation in accordance with applicable state and federal requirements (typically 7 years from the last date of service). Payment records are retained as required for accounting and tax purposes. You may request deletion of non-clinical personal data at any time.

10. Cookies & Analytics

Our website uses minimal analytics cookies to understand how visitors use our site. These cookies do not track health information. You can disable cookies in your browser settings, though some website functionality may be affected.

11. Children's Privacy

Our services are intended for adults 18 years and older. We do not knowingly collect personal information from children under 18 without parental consent. If we learn we have inadvertently collected such information, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.