This privacy notice for Rehabbit ("we", "us" or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• - Visit our website at https://rehabbit.app or any website of ours that links to this privacy notice
• - Download and use the Rehabbit app
• - Engage with us in other related ways, including any sales, marketing, or events

Rehabbit is HIPAA compliant and adheres to the Privacy Rule, Security Rule, and Breach Notification Rule as set forth by the U.S. Department of Health and Human Services

Certain demographic, health and/or health-related information that Rehabbit collects about Users as part of providing the Services to our Healthcare Providers may be “protected health information” or “PHI” and governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”). Specifically, when (i) Rehabbit is providing administrative, operational, and other services to a Health Care Provider and this Healthcare Provider is a “Covered Entity” (as such term is defined in HIPAA); and (ii) in order to provide those services, Rehabbit receives identifiable information about a User on behalf of the Healthcare Provider, Rehabbit is acting as a “Business Associate” (as such term is defined in HIPAA) of the Health Care Provider, and this identifiable information is regulated as PHI.

HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Please read the Notice of Privacy Practices of your Health Provider to understand how your PHI can be used and disclosed. HIPAA does not apply to Personal Data (defined below) that is not PHI. Personal data that a User provides to Rehabbit when Zocdoc is not acting as a Business Associate is not PHI. To provide just a few examples, when you (i) create an account, (ii) search for Healthcare Providers or available appointments with Healthcare Providers, (iii) complete general medical history forms that are not required by or provided by a particular Healthcare Provider (“General Medical History Forms”), (iv) post reviews, or (v) provide device/IP Information or Web Analytics information by browsing our websites (see below).

Payment information
Rehabbit may collect a user's payment card, type, last four digits of card, billing contact and email.

User information
Rehabbit may collect a user's first name, last name, e-mail and timezone.

Medical information
Rehabbit may collect a user's exercises, exercise logs, exercise plans, plan progress over time, and health evaluations the user provides us.

Appointment information
Rehabbit may collect a user's scheduled appointments, including their date, time, provider information, and other user-provided intake forms.

Rehabbit collects data through the Rehabbit App directly from explicit user input, such as when the user creates an account or otherwise explicitly logs or provides health information.

Rehabbit shares user payment information with our payment processing partner (currently Stripe, Inc.), whom collects voluntarily provided card information.

Rehabbit shares user personal information and medical information with user's physical therapists when the user schedules an appointment with a physical therapist on the Rehabbit platform.