Effective Date: [12/22/2025]
1. Introduction
The Acu PT Co., LLC ("we," "us," "our," or "Company") respects your privacy and is committed to protecting it through compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit our website and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect on this website, in email and other electronic messages between you and this website, and through third-party platforms integrated with this website, including OptiMantra (electronic medical records and scheduling), YourStepsHealth (home exercise programming), and Consolto (secure video conferencing and messaging).
2. Compliance with Children's Online Privacy Protection Act (COPPA)
Our website is intended for use by parents, legal guardians, and adults seeking services. We do not knowingly collect personal information from children under age 13 through our website's public-facing marketing materials or contact forms without verifiable parental consent.
In the context of clinical treatment, we collect health information about minor patients only with explicit parental or legal guardian authorization as part of the formal intake and consent process governed by HIPAA and state law. If you believe we have collected information from a child under 13 outside of a proper clinical relationship, contact us immediately at [Insert Business Email Address].
3. Categories of Information We Collect
We collect several types of information from and about users of our website:
Personal Identifiers: Name, postal address, email address, telephone number, and date of birth (for clinical patients).
Protected Health Information (PHI): For clinical patients only, we collect health information related to your child's physical condition, developmental history, prior treatments, current symptoms, and treatment goals. This information is collected through HIPAA-compliant intake forms within OptiMantra and is subject to heightened protection under federal and state law.
Payment Information: Insurance details (member ID, group number, subscriber information) and payment card information processed through secure, PCI-compliant payment processors integrated with OptiMantra.
Technical and Usage Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and information about your visit including the full Uniform Resource Locators (URLs), clickstream to and from our website, pages you viewed, page response times, download errors, length of visits, and page interaction information.
Coaching and Wellness Records: For clients enrolled in Integrative Health Coaching or HeartMath services, we maintain records of session notes, goal-setting documents, and progress tracking. These records are maintained separately from clinical medical records and are not subject to HIPAA but are kept confidential under our professional standards and contractual commitments.
4. How We Collect Information
We collect information directly from you when you provide it to us via website forms, phone calls, email correspondence, patient intake documents, or during service delivery (in-person or via telehealth). We collect information automatically as you navigate through the site using cookies, server logs, and similar technologies. We may receive information about you from third parties such as referring physicians, schools (with proper authorization), or insurance companies in connection with benefits verification.
5. Cookies and Tracking Technologies
We use cookies (small files placed on your device) and similar tracking technologies to collect information about your browsing activities. You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of this website may become inaccessible or not function properly.
6. How We Use Your Information
We use information collected about you or that you provide to us to present our website and its contents to you, provide you with information or services you request from us, fulfill our obligations and enforce our rights arising from contracts between you and us (including billing and insurance claims submission), notify you about changes to our website or services we offer or provide, provide clinical treatment (physical therapy and acupuncture-related services where applicable), provide wellness and coaching services (HeartMath and Integrative Health Coaching), send appointment reminders and treatment follow-up communications, process payments and insurance claims, comply with legal and regulatory obligations, and improve our website and service offerings through analysis of usage patterns.
7. Disclosure of Your Information
We do not sell, rent, or trade your personal information. We may disclose personal information that we collect or you provide as described in this privacy policy in the following circumstances:
To Service Providers and Business Associates: We share information with third-party vendors who perform services on our behalf under written agreements that require them to keep your information confidential and secure:
Grigora: Website hosting, maintenance, and analytics
OptiMantra: Electronic medical records (EMR), practice management, scheduling, and secure messaging (HIPAA Business Associate Agreement in place)
YourStepsHealth: Delivery and tracking of home exercise programs (HIPAA Business Associate Agreement in place)
Consolto: HIPAA-compliant video conferencing and secure messaging platform
Payment processors: Secure processing of credit card and insurance payments (PCI-DSS compliant)
For Treatment, Payment, and Healthcare Operations (TPO): As permitted under HIPAA, we may disclose PHI without your authorization to other healthcare providers involved in your child's care (pediatricians, specialists, therapists), insurance companies for claims processing and benefits verification, and quality assurance and compliance vendors who help us maintain our clinical standards.
With Your Consent: We may share information with schools, therapy centers, or other third parties when you provide explicit written authorization (typically via a signed Release of Information form).
As Required by Law: We may disclose information to comply with any court order, law, or legal process including to respond to any government or regulatory request, enforce or apply our Terms and Conditions and other agreements, protect the rights, property, or safety of our company, our patients, clients, or others (this includes exchanging information with other companies and organizations for fraud protection), or report suspected child abuse or neglect as required under Pennsylvania's Child Protective Services Law (23 Pa.C.S. § 6301 et seq.) or New Jersey's mandatory reporting laws (N.J.S.A. 9:6-8.10).
8. Data Security Measures
We have implemented administrative, technical, and physical safeguards designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Clinical PHI is stored in OptiMantra, a HIPAA-compliant EMR system that employs encryption at rest and in transit (TLS 1.2 or higher), role-based access controls, audit logging of all record access, automatic session timeouts, and regular security updates and vulnerability assessments.
Our website uses SSL/TLS encryption for all data transmission. Access to client and patient information is restricted to authorized personnel only, on a need-to-know basis. We conduct regular staff training on privacy and security practices. We maintain a written Incident Response Plan for potential data breaches.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website or patient portal, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.
9. Data Retention
We retain clinical medical records in accordance with Pennsylvania and New Jersey record retention requirements (minimum of seven years from the date of last treatment, or until the patient reaches age 25, whichever is longer). Coaching and wellness records are retained for a minimum of three years from the date of last service. Financial and billing records are retained for seven years in accordance with IRS requirements. Website analytics and technical data are retained for a maximum of 24 months.
10. Your Privacy Rights
Depending on your relationship with us and applicable law, you may have the following rights:
HIPAA Rights (Clinical Patients): Right to access and obtain a copy of your medical records, right to request amendment of your medical records, right to request restrictions on certain uses and disclosures of PHI, right to receive confidential communications by alternative means or at alternative locations, right to an accounting of disclosures of PHI, and right to receive a paper copy of this Privacy Policy.
General Privacy Rights: You may opt out of receiving marketing communications by following the unsubscribe instructions in any marketing email or contacting us directly. You may request that we delete personal information we have collected from you, subject to certain exceptions (we may need to retain information to comply with legal obligations or complete transactions you requested).
To exercise any of these rights, contact our Privacy Officer at hello@theacupt.co. We will respond to your request within 30 days.
11. Third-Party Websites
This website may contain links to third-party websites (educational resources, professional organizations, referring providers). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to read the privacy policies of any third-party site you visit.
12. Changes to Our Privacy Policy
We reserve the right to update or change our Privacy Policy at any time. We will post any changes on this page and update the "Effective Date" at the top of this policy. If we make material changes to how we treat PHI, we will notify you by email (if you have provided an email address) and/or through a notice on the website home page. Your continued use of our website or services after we post changes constitutes your acceptance of those changes.
13. Contact Information
To ask questions or comment about this privacy policy and our privacy practices, or to exercise your privacy rights, contact us at:
The Acu PT Co., LLC
Attn: Privacy Officer (Jhoanna Rae L. Marquez, PT, DAc, INHC)
c/o Northwest Registered Agent, LLC (Nat Smith)
502 W 7th St., Ste 100
Erie, PA 16502-1333
Email: hello@theacupt.co
Phone: (484)591-9491
14. Regulatory Complaints
If you believe your privacy rights have been violated, you may file a complaint with us using the contact information above, or with the U.S. Department of Health and Human Services Office for Civil Rights:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints
We will not retaliate against you in any way for filing a complaint.
