Digital Privacy

Privacy Policy

This policy explains how Baek Physical Therapy & Wellness handles information connected to baekpt.com, portal.baekpt.com, public request forms, account access, and SMS communications tied to those services.

Last updated June 5, 2026 · Applies to the public website and portal · hello@BaekPT.com · (914) 573-4780

01 Scope

What this policy covers

This Privacy Policy covers the Baek PT & Wellness public website, the secure portal, public request and contact forms, related email or SMS communications, and information collected when you access or use those services.

This page is intended to explain digital privacy practices. It complements, but does not replace, separate intake forms, patient consents, financial policies, or healthcare-specific notices that may apply if you become a patient.

02 Collection

What personal information we collect

  • Information you provide directly. This can include your name, email address, phone number, preferred contact method, care path or service interest, scheduling timeframe, brief note, and any other information you submit through a public request form, portal form, or account process.
  • Portal and account information. If you use the portal or secure account features, we may collect login identifiers, password reset details, magic-link requests, multi-factor authentication setup details, passkey metadata, and session information needed to protect access.
  • Operational and support records. We may create lead records, follow-up tasks, audit entries, security logs, and internal workflow notes related to your request, account, or communications with the practice.

03 Automatic Data

Information collected automatically

When you browse the public website or use the portal, we may automatically collect technical and usage data such as your IP address, browser and device information, user agent, referrer, landing path, page views, UTM parameters, campaign identifiers, language, timezone, and screen size.

First-party visitor cookie

baek_visitor_id

Used to support first-party website event logging and help the practice understand how visitors move through the site.

Security cookies

portal_csrf / portal_session

Used to protect forms and maintain authenticated portal sessions when you sign in.

Preference storage

baek-theme

Stored in your browser to remember the site’s light or dark display preference.

04 Public Forms

How the public request and contact forms work

The public request experience is intentionally limited. It is designed for basic contact, fit, timing, and next-step questions only. Please do not submit urgent concerns, detailed medical history, or highly sensitive health information through the public website.

Based on the current site implementation, the public request form is designed to open a draft in your own email client when JavaScript is available. If that client-side flow is unavailable or a fallback submission path is used, the same form may instead post to our server, create a lead record, generate a follow-up task, and log related website events for operational follow-up.

Practical guidance.

If you would rather not place your information into an email draft, call the practice directly at (914) 573-4780.

05 Portal

Portal, sign-in, and account-security data

If you access the secure portal, the system may process information needed to authenticate and protect your account, including sign-in attempts, session records, IP addresses, browser data, password reset requests, magic-link requests, multi-factor authentication events, and passkey-related records.

We use this information to maintain portal security, investigate misuse, enforce access controls, and support legitimate user access to the services.

06 Use

How we use personal information

  • Respond and follow up. To contact you about your inquiry, appointment request, scheduling preferences, or care-related next steps.
  • Operate the website and portal. To render pages, protect forms, authenticate users, maintain sessions, and keep the services functioning.
  • Security and fraud prevention. To rate-limit abuse, detect spam or suspicious activity, maintain audit logs, and protect accounts and records.
  • Improve operations. To understand site traffic, referral sources, campaign performance, and common request patterns using first-party event data.
  • Legal and administrative needs. To comply with legal obligations, enforce policies, resolve disputes, and maintain required records.

07 Sharing

Who personal information is shared with

We do not sell personal information. We may disclose information only as reasonably necessary for practice operations, legal compliance, or safety, including to these categories of recipients:

  • Service providers and contractors. This can include hosting, infrastructure, secure communications, authentication, document or storage, scheduling, analytics, or other vendors that help us operate the website, portal, or practice systems.
  • Professional advisors. Lawyers, accountants, compliance consultants, or insurers when disclosure is reasonably necessary.
  • Government authorities or legal process. When required by law, court order, subpoena, regulation, or to protect rights, property, or safety.
  • Business transition participants. If all or part of the practice or its systems are reorganized, sold, transferred, or merged, subject to applicable law.

Our public site is currently configured to rely on first-party assets and first-party event logging rather than third-party advertising pixels or social media trackers on pages we control today.

SMS consent.

SMS consent is not shared with third parties or affiliates.

08 SMS

SMS, phone, and email communications

If you choose to opt into SMS, Baek PT & Wellness may contact you by text for inquiry follow-up, scheduling, account notifications, care coordination, and related customer-care communications described in the SMS Terms & Conditions.

  • Consent is optional. SMS consent is not a condition of receiving care.
  • Frequency and charges. Messaging frequency may vary, and message or data rates may apply.
  • Opt-out and help. You may text STOP to opt out or HELP for assistance.

09 Healthcare Privacy

Healthcare privacy and HIPAA-related context

Public website browsing and basic contact requests are not the same thing as a full clinical intake. Once you become a patient or use secure clinical tools, additional privacy rules may apply to protected health information, including healthcare privacy requirements such as HIPAA where applicable.

This website Privacy Policy is not a substitute for a separate Notice of Privacy Practices or patient-facing consents that may apply to treatment, payment, healthcare operations, secure intake, clinical records, or other protected health information.

If you want a copy of the practice’s healthcare privacy information or want to raise a privacy concern, contact hello@BaekPT.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights through the OCR complaint portal.

10 Retention

How long we keep information

We keep information for as long as reasonably necessary for the purposes described in this policy, including scheduling and inquiry follow-up, security monitoring, recordkeeping, legal compliance, dispute resolution, and operational continuity.

Clinical or patient-related records may be retained longer when required by law, professional standards, payer rules, or healthcare recordkeeping obligations.

11 Security

How we protect information

We use reasonable administrative, technical, and operational safeguards designed to protect information handled through our website and portal. These measures may include HTTPS transport protection, access controls, rate limiting, security headers, account authentication controls, session management, and internal audit logging.

No website, email flow, messaging channel, or storage system can be guaranteed to be completely secure. Please use caution when deciding what information to send through public forms or ordinary email.

12 Choices

Your choices and privacy rights

  • Contact preferences. You can choose whether to call, email, or, if offered, opt into SMS.
  • SMS choice. You may withdraw SMS consent at any time by texting STOP.
  • Browser controls. You can control cookies, local storage, and saved preferences through your browser settings.
  • Access, correction, or deletion requests. Depending on the nature of the information and applicable law, you may contact us to request access, corrections, or deletion, subject to legal, security, and record-retention limits.

13 Children

Children’s privacy

This website is not directed to children under 13, and we do not knowingly collect personal information online from children under 13 through the public website without appropriate involvement from a parent, guardian, or authorized representative.

14 Updates

Changes, questions, and complaints

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. When we do, we will update the effective date shown on this page.

Contact Baek PT & Wellness.

Email hello@BaekPT.com, call (914) 573-4780, review our SMS Terms & Conditions, or return to the request page.