top of page

Privacy Policy - MyoMoves

1) Scope
This Policy explains how we collect, use, disclose, and protect personal data when you use myo-moves.com (the “Site”), our social pages, and our services delivered online (the “Services”).
SimplePractice client portal. If you schedule, complete forms, telehealth, or pay through our client portal (clientsecure.me), that portal is operated by SimplePractice and is subject to SimplePractice’s own privacy terms and HIPAA/BAA. We also process your data in our role as your provider. See “Vendors & Transfers.”

 
2) Data We Collect
  • Identifiers & contact info: name, email, phone, postal address, country/region.
  • Patient/therapy information submitted to us (e.g., intake info, photos/videos you upload at our request, progress logs) when shared on or routed into our clinical systems.
  • Appointment & billing metadata (dates, status, invoice summaries) processed primarily within SimplePractice and/or our payment processor(s).
  • Technical data: IP address, device/browser, pages viewed, referral URLs, approximate location, and cookies/SDK data.
  • Communications: emails, texts (where you opt in), messages.
  • ​Children’s data: we work with minors only with verified parental/guardian consent. Our Site is not directed to children under 13 for account creation or newsletters.

     
3) Purposes & Legal Bases (summary)
  • Provide and support Services/telehealth; create/manage your account/appointments; payments; customer support.
  • Communicate about sessions, reminders, and educational resources (you can opt out of marketing).
  • Security, fraud prevention, quality improvement, analytics, and compliance.
     
GDPR/UK GDPR: Where applicable, our legal bases are contract performance, legitimate interests, legal obligations, and consent (for certain marketing/cookie/CHD contexts).

 
4) Cookies, Analytics & Targeting
We use necessary cookies and may use analytics or advertising cookies/SDKs on the Site. Where required (e.g., EU/UK), we’ll obtain opt-in consent and honor withdrawals. Where required by law (e.g., Colorado, Connecticut), we honor Global Privacy Control (GPC)/universal opt-out signals for targeted ads/sales. Manage preferences via your browser and any cookie banner.

 
5) Sensitive & Health Information
If you share health-related information with us outside the portal (e.g., via Site forms or email), we move it into our clinical systems and restrict access. If Myo Moves is a HIPAA covered entity/business associate, HIPAA rules and our Notice of Privacy Practices apply; otherwise, we apply comparable safeguards and, where applicable, comply with state consumer health data laws (e.g., WA My Health My Data Act, NV SB370) for residents of those states.

 
6) Vendors, Hosting & International Transfers
  • Hosting/website builder: Showit (including static.showit.co file delivery).
  • Client portal/EHR/telehealth & payments: SimplePractice.
  • Email/SMS providers, analytics, and other processors as reasonably necessary.
  • We have contractual measures with vendors (e.g., HIPAA BAA where applicable; DPAs). If we transfer EU/UK personal data internationally, we use EU Standard Contractual Clauses and/or the UK IDTA/Addendum, and—if Article 27 applies—appoint an EU/UK representative.
     
7) Disclosures
We disclose personal data to: (i) our processors/vendors; (ii) your other providers, with your consent or as permitted by law; (iii) legal authorities to comply with law or protect rights/safety; (iv) business transferees in corporate transactions; and (v) with your direction/consent. We do not sell personal information as “sale” is defined by some privacy laws; if our practices change, we will update this Policy and provide required opt-outs.

 
8) Your Rights
Depending on your location, you may have rights to access, correct, delete, portability, and to opt-out of certain processing (e.g., targeted advertising, profiling, “sale”). Exercise these by emailing privacy@myo-moves.com (or via the client portal for clinical records). We will verify requests and respond within legal timeframes. Residents of CA, CO, CT, VA, UT, OR and other states have state-specific rights; EU/UK residents have GDPR/UK GDPR rights (including to lodge a complaint with a supervisory authority).

 
9) Children’s Privacy
We do not knowingly collect personal data directly from children under 13 via the Site. For therapy, a parent/guardian must provide consent and manage the account/portal. If you believe a child provided data to us without consent, contact us and we’ll delete it consistent with law.

 
10) Security & Retention
We apply administrative, technical, and physical safeguards, and we retain data only as necessary for Services, legal obligations, and dispute resolution. No internet transmission is 100% secure.

 
11) Breach Notification
We follow applicable breach laws. South Carolina residents will be notified of certain security breaches under S.C. Code § 39-1-90. If HIPAA applies, we follow HIPAA breach rules; otherwise, the FTC Health Breach Notification Rule may apply to health apps/sites.

 
12) Marketing, SMS & Newsletters
With your opt-in, we send marketing emails/SMS. You can unsubscribe at any time. For SMS, we comply with applicable marketing rules (e.g., TCPA/CASL where applicable).

 
13) Cookies/Tracking Choices
You can manage cookies via browser settings and any cookie banner. We respect GPC/universal opt-outs where legally required.

 
14) Third-Party Links & Affiliates
We may link to third-party resources (including tools). Their policies apply. If we use affiliate links (e.g., Amazon), we provide clear, conspicuous disclosures (e.g., “As an Amazon Associate, we earn from qualifying purchases”) and comply with FTC Endorsement Guides.

 
15) Changes
We’ll update this Policy from time to time. Material changes will be posted with a new “Last Updated” date.

 
bottom of page