Privacy Policy & Notice of Privacy Practices

1. Who We Are

Own Your Recovery ("we," "us," or "our") operates ownyourrecovery.app, a digital health platform that provides evidence-based recovery plans for patients and clinical tools for healthcare providers. Our principal place of business is located in Tennessee.

For privacy questions or concerns, contact us at: hello@ownyourrecovery.app

2. What Information We Collect

From Patients:

• Name, email address, and account credentials
• Age, biological sex, weight, and occupation
• Chief complaint, body region, symptom history, and pain levels
• Prior injuries, surgeries, and relevant medical history
• Current medications
• Goals and functional limitations
• Exercise completion data and recovery progress

From Providers:

• Name, email address, practice name, credentials, and specialty
• Patient clinical intake information entered on behalf of patients
• Clinical notes and plan modifications

Automatically Collected: IP address, device information, browser type, pages visited, session duration, and activity timestamps. This information is used for security, auditing, and platform improvement only.

3. How We Use Your Information

We use your health information to:

• Generate personalized, evidence-based recovery plans
• Track your progress through your recovery program
• Enable communication between you and your healthcare provider
• Send you plan-related notifications and updates
• Process subscription payments
• Improve the quality and accuracy of our platform
• Comply with applicable laws and regulations

We do not sell your health information to third parties. We do not use your health information for advertising purposes.

4. How We Share Your Information

With Your Provider: If a healthcare provider creates a recovery plan for you, they have access to your intake information, plan content, and progress data.

With Service Providers (Business Associates): We work with trusted technology partners who help us operate our platform. These partners are required to protect your health information under Business Associate Agreements (BAAs) and may not use it for any purpose other than providing services to us. Our current service providers include:

• Supabase — database and authentication
• Vercel — application hosting
• Anthropic — recovery plan generation
• Resend — email delivery
• Stripe — payment processing

As Required by Law: We may disclose your health information when required by federal or state law, court order, or government regulation.

For Safety: We may disclose information if we believe in good faith that disclosure is necessary to prevent serious harm to you or others.

We will not share your health information for any other purpose without your written authorization.

5. Your Rights

You have the right to:

• Access Your Information: Request a copy of your health information held by Own Your Recovery at any time by contacting hello@ownyourrecovery.app.
• Request Corrections: If you believe your health information is inaccurate or incomplete, you may request that we correct it.
• Request Restrictions: You may request that we limit how we use or share your health information.
• Request an Account of Disclosures: You may request a list of instances where we have shared your health information.
• Withdraw Authorization: If you have given us written authorization to use or share your health information, you may withdraw that authorization at any time.
• Request Deletion: You may request that we delete your account and health information by contacting hello@ownyourrecovery.app. We may be required to retain certain records for legal or regulatory purposes.
• File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us at hello@ownyourrecovery.app or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr.

We will not retaliate against you for filing a complaint.

6. How We Protect Your Information

We implement industry-standard technical and administrative safeguards to protect your health information, including:

• Encryption of data at rest and in transit using TLS/SSL
• Role-based access controls — users only access their own data
• Automatic session timeout after 15 minutes of inactivity
• Audit logging of all access to health information
• Regular security monitoring and updates
• Business Associate Agreements with all third-party service providers

7. Data Retention

We retain your health information for as long as your account is active or as needed to provide services. If you request account deletion, we will delete your health information within 30 days, except where retention is required by law.

8. Cookies

We use essential cookies to maintain your login session and platform functionality. We do not use advertising or tracking cookies.

9. Children's Privacy

Our platform is not intended for use by individuals under the age of 18 without provider supervision. We do not knowingly collect health information from minors without appropriate clinical oversight. If you believe a minor has provided us with personal information, please contact us immediately.

10. Beta Testing Notice

11. Changes to This Policy

We may update this Privacy Policy and Notice of Privacy Practices from time to time. We will notify registered users of material changes by email. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For any privacy questions, requests, or concerns:

Email: hello@ownyourrecovery.app

Website: ownyourrecovery.app

Address: Tennessee, United States