Privacy Policy

SITE PRIVACY POLICY / NOTICE OF COLLECTION
THE SITE WILL BE COLLECTING AND TRANSMITTING PERSONAL, MEDICAL AND HEALTH-RELATED INFORMATION ABOUT YOU. BY VISITING OR USING THE SITE, YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS SITE PRIVACY POLICY. IF YOU DO NOT AGREE, THEN PLEASE DO NOT ACCESS OR USE THIS SITE.
www.everflexhealth.com and www.everflexplus.com (the “Site”) and any associated wildcard subdomain sites and services (collectively, the “Site”) is an online platform operated and maintained by Movement for Life, Inc., a California corporation, which does business as Everflex Health (referred to herein as “Everflex”, “us”, “our” or “we”).
Everflex is committed to respecting the privacy rights of its customers, visitors, and other users of the Site. We created this Site Privacy Policy (this “Policy”) to give you information about our collection, use, and disclosure of information about you, as well as your rights regarding that information. This Policy is only applicable to the Site and any offline location where we make this Policy available to you, and not to any other websites that you may be able to access from the Site, each of which may have data collection and use practices and policies that differ materially from this Policy.
If you are a patient of Movement for Life, Inc., or any of its subsidiaries (“M4L”), all of your protected health information that is maintained by M4L, including information you provide on the Site, is also subject to the HIPAA Notices of Privacy Practices and Privacy Policy and Health Information Privacy Notice issued by M4L. These policies may contain additional provisions relating to the use and disclosure of your information that go beyond the terms of this Privacy Statement. You can find these policies on the M4L website. If you or your organization has an individual agreement with us, that agreement may have privacy terms that also apply to the personal information you provide to us under that agreement. Please review the terms in that agreement as they may be different or more restrictive than the terms in this Privacy Policy.
For purposes of this Policy, the following definitions shall apply:
- “Account” refers to an account created on the Site. Different accounts are available for Groups, Authorized Users, and Patients.
- “Alternate Services Agreement” refers to a separate agreement entered into between Everflex and a Group governing the Services and permissible access by Authorized Users and Patients.
- “Authorized User” refers to an individual natural person, whether an employee, business partner, contractor, healthcare provider, or agent of a Group who is registered or permitted by Group to use the Everflex Services subject to these Terms and up to any maximum number of users or uses that may be specified in the Alternate Services Agreement at the time of purchase.
- “Group” or “Groups” refers to the individual(s), entity(ies), or health clinic(s) that purchase Services from Everflex for use by their Authorized Users or Patients.
- “Everflex Services” or the “Services” shall refer to the services available for purchase on the Site or from Everflex, which shall include, but is not limited to, Authorized User and Patient access to the portal for exercise tracking, virtual physical therapy education, and Everflex’s proprietary algorithm focused on the musculoskeletal system. Everflex does not practice medicine, physical therapy, or any other licensed profession through the Site.
- “Patient” or “Patients” refers to the patients, patrons, or clientele of a Group who may be invited by a Group or an Authorized User to view, visit, post, comment, or participate in activities on the Site.
- “Site Visitor” or “Site Visitors” shall refer to any visitor of the Site, including Authorized Users, Patients, and the general public.
1. What Information is Collected. The following information may be collected during your use of this site:

a. Information Provided by You: We collect any information you enter on our site, or that you give us in any other way. You can choose not to provide certain information, but you may not be able to take advantage of our services and features. This information may include:

i. Registration information for your Account, including, but not limited to, your name, age, gender, username, password, e-mail address, phone number, and date of birth.

ii. Personal health information (PHI) that you provide to the Site through the registration questionnaire, which may include, personal medical or health information, health status, and medical or health history. To the extent that we are functioning as a business associate to another covered entity, the use and disclosure of your PHI will also be governed in accordance with applicable laws regulating the use and disclosure of protected health information and any applicable Business Associate Agreement.

iii. Payment and billing information that you provide to us (e.g., credit card information) and demographic data (e.g., zip code).

iv. If you communicate with us by e-mail, or post messages to any internal chat or posting system, or otherwise complete online forms, or surveys, any information provided in those communications will be collected from you.

b. Information Provided by Groups and Authorized Users: If you are an Authorized User, we may collect information provided by your affiliated Group. If you are a Patient, we may collect information provided by your affiliated Group or Authorized User. This may include, but is not limited to, name, age, employment/patient status, username or identifier, medical history, and other information necessary to set up your Account and tailor the physical therapy education to you.

c. Automatic Information: When you visit the Site, our servers automatically recognize (1) visitors' domain names; (2) IP addresses (the number assigned to computers on the Internet); (3) device information; and (4) location data. This "traffic data" may be used for improving the services we offer, as explained in more detail below.

d. Tracking Technologies: Cookies are pieces of information that are transferred to your computer from a web server. Most browsers are set up to accept cookies, but you can change your settings to have your browser notify you when you receive a new cookie or to refuse to accept cookies. Cookies are only used on this site to save your login and language preferences so you do not have to re-enter them each time you visit the site or navigate from page to page. We do not collect any other cookies on our Site. However, if you choose to disable this function, your experience on the Site may be diminished and some features may not work as they were intended.

2. How and When the Information is Used and Disclosed. The information we collect may be used and disclosed for the following purposes:

a. To administer our business activities, which may require disclosure to our subsidiaries and affiliates, Groups or Authorized Users, or contractors, vendors, and service providers that we use to support our business and the Site. These support partners have all agreed to uphold the same standards of security and confidentiality that we provide to you under this Policy, and they have agreed to only use your information to carry out their specific business obligations to us, or for which we have been retained.

b. To operate our site, perform services, and improve the functionality of the Site. This includes, but is not limited to, the use of personal information to: (i) verify your identity; (ii) provide you with information through the proprietary algorithm questionnaire, and to provide education through the Site; (iii) to notify you about changes to our website, new services, or special offers; and (iv) to follow up with you or solicit feedback on your use of the Site; (v) to send reminders for appointments with us or the authorized Group that enrolled you on the Site; and (vi) to improve the quality of services provided through the Site. As part of these services, we may contact you by email or text message using the contact information that you or your health care provider have given to us. At any time, and even if you have expressly given us permission to send email or text messages to you, you may communicate your desire not to receive additional text messages by following the stop or opt-out instructions in the text message, by adjusting your preferences in the Site, or by contacting us at support@everflexhealth.com.

c. To create De-Identified Information, such as aggregate information and statistics about the site. “De-Identified Information” is information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual. We may use De-Identified Information without restriction.

d. For an authorized Group, in accordance with any Alternate Services Agreement, if applicable, and for any other purpose for which you provide us with information or give us authorization.

e. We may also disclose personal information that you provide via the Site in the event of a merger, acquisition, or any form of sale of some or all of our assets, in which case personal information we collect via the Site will be among the assets transferred to the buyer, subject to the limitations and terms of this Policy.

f. We use traffic data to analyze our Site traffic, but we do not examine this information for individually identifying information. In addition, we may use IP addresses to help diagnose problems with our server, to administer the Site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate basis.

g. We may use cookies and other tracking technologies to enable certain kinds of functionality that help you navigate and use the site. Cookies are only used on this site to save your login and language preferences so you do not have to re-enter them each time you visit the site or navigate from page to page. We do not collect any other cookies on our Site.

h. Further, we may disclose your personal information to third parties to: (i) comply with any court order or other legal obligation; (ii) enforce or apply our terms of use and other agreements; and (iii) protect the rights, property, or safety of our business, our clients, customers, employees, or others.

3. Security. The Site has security measures in place to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration.

a. We do not make any personal information available to third parties that is not consistent with this Policy. Your access to some services and content is password protected. We advise that you do not disclose your password to anyone. In addition, we recommend you sign out of password-protected services at the end of your session. You must promptly notify us if your credit card, username, or password is lost, stolen, or used without permission. In such an event, we will remove that credit card number, username, or password from your Account and update our records accordingly.

b. We use security software to protect the confidentiality of your personal information. In addition, our business practices are reviewed periodically for compliance with policies and procedures governing the security and confidentiality of our information. Our business practices limit employee access to confidential information, and limit the use and disclosure of such information to authorized persons.

4. FOR RESIDENTS OF CALIFORNIA. The California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) provides additional rights to residents of California regarding our information collection and use practices. The CCPA and CPRA do NOT apply to information governed by the California Medical Information Act or protected health information governed by the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act (this information is collectively referred to as “Protected Health Information” or “PHI” for purposes of this Site privacy policy). This Section 4 only addresses non-PHI personal information. Any PHI obtained by us will continue to be governed by the rules and regulations required by state and federal healthcare law.

a. Categories of Personal Information Collected. We identify below the categories of non-PHI personal information that we may have collected about our Site Visitors in the last 12 months, using the categories provided in the CCPA.

i. Identifiers: We may collect registration information for your Account, including, but not limited to, your name, age, gender, username, password, e-mail address, phone number, and date of birth.

ii. Customer Records Information: In addition to the identifiers described above, we may also collect your address and payment and billing information that you provide to us (e.g., credit card information).

iii. Characteristics of protected classifications under California or federal law: To provide customized recommendations on the Site, we may collect your gender identity and age as provided by you. If your account is created by your health care provider, this information may be provided by the health care provider or their practice group.

iv. Commercial Information: In order to provide customized recommendations on the Site, we may collect information regarding your interactions with our products or services or the products or services of another health care practice group.

v. Internet or Other Electronic Network Activity Information: When you visit the Site, our servers automatically recognize (1) visitors' domain names; (2) IP addresses (the number assigned to computers on the Internet); (3) device information; and (4) location data. This "traffic data" may be used for improving the services we offer, as explained in more detail below. The Site also uses cookies to save your login and language preferences so you do not have to re-enter them each time you visit the site or navigate from page to page.

vi. Geolocation Data: We may collect your geolocation data to allow you to locate a nearby local clinic or other service on the map tool within the Site. This information is not stored and is only used temporarily by the mapping tool on the Site.

vii. The Site does not currently collect any of the following categories of information as defined in CCPA and CPRA: Biometric Data; Audio, Visual, Electronic, Thermal, Olfactory, or Similar Information; Professional or Employment-related Information; Educational Information; Inferences

For more detail on the information we collect, including the sources we receive information from, please refer to Section 1 above. We collect and use these categories of personal information for the business purposes described in Section 2.
b. No Sale of Personal Information. The Company does not sell personal information as defined under the CCPA.

c. Rights of California Residents.

i. Right to Know. You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

      1. The categories of personal information we have collected about you;
      2. The categories of sources from which the personal information was collected;
      3. The categories of personal information about you we disclosed for a business purpose or sold;
      4. The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
      5. The business or commercial purpose for collecting or selling the personal information; and
      6. The specific pieces of personal information we have collected about you.

To exercise the Right to Know, please submit a request through our Online Form or call our toll-free number at [866.387.7778], or email: support@everflexhealth.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know.

ii. Right to Delete. You have the right to request that we delete certain personal information (other than PHI) we have collected from you in the last 12 months. To exercise the Right to Delete, please submit a request, please call our toll-free number at [866.387.7778], or email: support@everflexhealth.com. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to delete. If we deny your request, we will explain the reason why in our response.
iii. Right to Opt-Out. You have the right to tell us not to sell your information at any time. At this time, we do not sell your personal information.
iv. Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising any of your rights.
v. Right to Correct. If you believe that any information that we have about you is inaccurate, you have the right to request that we correct the inaccurate information.
vi. Right to Limit Use. You can direct that we only use your sensitive personal information (for example, your financial account information) for limited purposes, such as providing you with the services you requested.
vii. Authorized Agent. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
viii. California’s Shine the Light law. Under California Civil Code Section 1798.83 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, you can contact us as described in his policy.
ix. “Do Not Track” Disclosure as Required by California Online Privacy Protection Act (CalOPPA): We do not track our patients over time and across third party websites to provide advertising, and therefore we do not respond to Do Not Track (DNT) signals from your web browser.
5. Notice Concerning Children. The Site is not directed to children under 13 years old. Children under 13 years old are prohibited from creating an account on their own. An account may only be created for them by the Authorized User of a Group, who must obtain verifiable parental consent before collecting personal information and creating an account for that child. Children under the age of consent (as defined by the law of state where accessed) but who are 13 years old or older, and who are not emancipated must have parental or guardian affirmative consent to use this Site. We understand and are committed to respecting the sensitive nature of children’s privacy online. If we learn or have reason to suspect that a Site Visitor is under age 13 and has not obtained verifiable parental consent to use the Site, we will promptly restrict access to that Site Visitor and delete any personal information about that Site Visitor, unless such deletion is otherwise prohibited by state or federal law.
At any time, a parent or guardian can refuse to permit us to collect further person information from their child and can request that we delete the personal information that we have collected in connection with those children from our records. Parents can request access to, change, or delete their child’s personal information by contacting [866.387.7778]. To protect children’s security and privacy, we will take reasonable steps to help verify a parent or guardian’s identity before granting access to any personal information.
In a limited number of circumstances and only to the extent permitted by the Children’s Online Privacy and Protection Act (COPPA), we may share or disclose personal information collected from children: (i) to share information with our service providers if necessary for them to perform certain internal operations for us, as defined by COPPA; (ii) if permitted or required by law, for example, in response to a court order or a subpoena; (iii) in response to the lawful request of a law enforcement or public agency, including schools or children services; (iv) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (v) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (vi) enable us to take precautions against liability.
6. Consent. By using our website, you consent to the collection and use of your personal information as described in this Site Privacy Policy. By using this site you also represent that you have the legal capacity and authority to provide this consent for yourself and/or the minor for whom you are consenting under applicable federal and state laws, including laws relating to the age of majority and/or parental guardian consent
7. Changes to Privacy Policy. We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site. It is your responsibility to review this Policy from time to time to ensure that you continue to agree with all of its terms.
8. “Do Not Track” Requests. At this time, we do not respond to “Do Not Track” signals.
9. Third Party Websites. The Site may contain links to other websites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.
10. Effective Date. This Site Privacy Policy is effective as of March 14, 2024.