Privacy Policy

Last Updated: February 16, 2026

At Empower Physical Therapy & Athletic Training, PLLC ("Empower PT & AT," "we," "us," or "our"), we are committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you engage with our services, website, and communications.

1. INFORMATION WE COLLECT

We collect and maintain the following types of information:

Contact Information

  • Name, email address, phone number, and residential address for in-home service delivery and appointment coordination

  • Email addresses may be used for manual appointment communications and service-related correspondence

Health & Wellness Data

  • Medical history, injury details, and treatment goals

  • Clinical documentation, session notes, and progress records

  • Billing and insurance information including superbills with diagnosis codes (ICD-10), procedural codes (CPT), dates of service, and charges

  • This information is collected to provide personalized, evidence-based care and facilitate insurance reimbursement

Payment & Billing Information

  • Transaction records and payment history

  • Invoices and receipts for services rendered

  • Payment processing is handled through third-party providers (Venmo, Zelle, Square) who maintain their own security standards

Communication Preferences

  • SMS and email consent status

  • Appointment viewing and reminder preferences

2. HOW WE USE YOUR INFORMATION

We use your information exclusively for the following purposes:

  • Service Delivery: To schedule, coordinate, and provide in-home Physical Therapy and Strength Training services

  • Appointment Management: To send appointment reminders, confirmations, and secure read-only links to view your upcoming appointments

  • Billing & Payments: To process payments, generate invoices, send payment receipts, and email medical invoices/superbills for insurance reimbursement

  • Healthcare Compliance: To maintain accurate medical records as required by law

  • Communication: To send appointment-related updates and service notifications

We do not use your information for marketing, advertising, or any purpose unrelated to your care.

3. SMS MESSAGING & CONSENT

What Messages You'll Receive

By providing your mobile phone number and giving verbal consent (which we record in our system as written consent status), you agree to receive SMS messages from Empower Physical Therapy & Athletic Training, including:

  • Appointment reminders (sent 48 hours before scheduled sessions)

  • Appointment confirmations

  • Payment receipts (sent immediately after payment is processed, including a link to download your receipt and view upcoming appointments)

  • Payment links (when balance is low, we may include a secure payment link for your preferred payment method - Zelle or Venmo - for convenient session refills)

  • Manual payment reminders (sent when your session balance reaches zero or goes negative, reminding you to refill sessions to continue scheduling appointments)

  • Refund confirmations (sent when a refund is processed)

  • Secure read-only links to view your next 10 upcoming appointments (no login required)

  • General service notifications

Message Frequency

You can expect to receive approximately 2-4 SMS messages per week, with a maximum of 10-12 messages per month, depending on your appointment schedule and service usage. Breakdown:

  • Appointment reminders: 1-3 per week (depending on session frequency)

  • Appointment confirmations: Occasional (when new sessions are scheduled)

  • Payment receipts: 1-2 per month (when purchasing session packages)

  • Refund confirmations: Rare (only when refunds are processed)

Third-Party Sharing - Critical A2P Compliance Statement

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

SMS delivery is facilitated by Twilio - SMS messaging for appointment reminders and notifications. Data shared: Phone number, appointment times. HIPAA Status: Not applicable (no protected health information sent via SMS) Note: Twilio is our messaging service provider and is only used to deliver SMS messages on our behalf. Your phone number is never shared with Twilio for their own purposes or sold to third parties.

Opt-Out & Contact

  • To opt out of SMS messages at any time: Reply STOP to any message. You will receive a confirmation that you've been unsubscribed.

  • For help or questions: Reply HELP or contact us at paul@empower-ptw.com

  • Message and data rates may apply as determined by your mobile carrier

4. EMAIL COMMUNICATIONS

We use your email address to:

  • Send medical invoices and superbills for insurance reimbursement (containing protected health information)

  • Provide appointment-related communications as needed

  • Send important service notifications

Medical invoices sent via email contain protected health information (PHI) including diagnosis codes (ICD-10), procedural codes (CPT), dates of service, and charges. To protect this sensitive information:

  • Emails are only to the email address you provided during intake

  • Recipients are advised to store these documents securely

  • Clients can request physical mail delivery as an alternative

We do not use your email for marketing purposes.

5. HOW WE STORE & PROTECT YOUR DATA

Data Storage & Security

We implement industry-standard security measures to protect your information, including:

  • Encrypted database storage via Supabase (HIPAA-compliant cloud infrastructure)

  • Role-based access controls ensuring only authorized staff can access client information

  • Secure transmission protocols for all data exchanges

  • Secure email delivery for medical documentation

  • HIPAA-compliant systems across all platforms (Supabase)

Data Retention

In compliance with healthcare regulations, we retain your personal and health information for 7 years after your last appointment. After this period, records are securely deleted unless legally required to retain them longer.

Client Access to Appointments

Clients receive secure, read-only links via SMS to view their next 10 upcoming appointments. These links:

  • Are unique to each client (not shareable)

  • Contain only appointment dates and times (no health information)

  • Are temporary and may expire after a period of inactivity

  • Do not require login credentials and are designed for convenience while maintaining security.

6. THIRD-PARTY SERVICE PROVIDERS

We work with trusted third-party service providers to deliver our services. These providers only receive the minimum information necessary to perform their specific functions:

Supabase - Secure database storage. Data shared: All client data (encrypted). HIPAA Status: HIPAA-compliant ✅

Twilio - SMS messaging for appointment reminders and notifications. Data shared: Phone number, appointment times. HIPAA Status: Not applicable (no protected health information sent via SMS)

Email Service Provider - Secure email delivery for medical invoices. Data shared: Email address, medical documentation. HIPAA Status: Secure transmission protocols in place

Venmo/Zelle/Square - Payment processing. Data shared: Payment transaction data. HIPAA Status: N/A

These providers are contractually required to:

  • Use your information only for the services they provide to us

  • Maintain appropriate security measures

  • Comply with HIPAA and data protection standards (where applicable)

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

7. YOUR PRIVACY RIGHTS

You have the right to:

  • Access your data: Request a copy of the personal and health information we maintain about you

  • Correct inaccuracies: Request correction of any incorrect or incomplete information

  • Request deletion: Request deletion of your information, subject to legal and medical record-keeping requirements (7-year retention for healthcare records)

  • Opt out of communications: Unsubscribe from SMS messages at any time by replying STOP

  • Choose delivery method: Request alternative methods for receiving medical invoices (physical mail instead of email)

To exercise any of these rights, please contact us using the information below.

8. HIPAA COMPLIANCE

As a healthcare provider, Empower Physical Therapy & Athletic Training complies with the Health Insurance Portability and Accountability Act (HIPAA). Your protected health information (PHI) is handled in accordance with HIPAA Privacy and Security Rules.

Notice of Privacy Practices: As required by HIPAA, we maintain a Notice of Privacy Practices that provides detailed information about how we use and disclose your protected health information. This Privacy Policy supplements our HIPAA Notice of Privacy Practices.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy indicates when it was last revised. Continued use of our services after updates constitutes acceptance of the revised policy.

10. CONTACT US

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:

Empower Physical Therapy & Athletic Training, PLLC
Email: paul@empower-ptw.com
Address: 603 E Boston Post Rd #101, Mamaroneck, NY 10543

By engaging with our services and providing your contact information, you acknowledge that you have read and understood this Privacy Policy.