Digital Privacy
Privacy Policy
This policy explains how Baek Physical Therapy & Wellness handles information connected to baekpt.com, portal.baekpt.com, public request forms, account access, and SMS communications tied to those services.
Last updated June 5, 2026 · Applies to the public website and portal · hello@BaekPT.com · (914) 573-4780
01 Scope
What this policy covers
This Privacy Policy covers the Baek PT & Wellness public website, the secure portal, public request and contact forms, related email or SMS communications, and information collected when you access or use those services.
This page is intended to explain digital privacy practices. It complements, but does not replace, separate intake forms, patient consents, financial policies, or healthcare-specific notices that may apply if you become a patient.
02 Collection
What personal information we collect
- Information you provide directly. This can include your name, email address, phone number, preferred contact method, care path or service interest, scheduling timeframe, brief note, and any other information you submit through a public request form, portal form, or account process.
- Portal and account information. If you use the portal or secure account features, we may collect login identifiers, password reset details, magic-link requests, multi-factor authentication setup details, passkey metadata, and session information needed to protect access.
- Operational and support records. We may create lead records, follow-up tasks, audit entries, security logs, and internal workflow notes related to your request, account, or communications with the practice.
03 Automatic Data
Information collected automatically
When you browse the public website or use the portal, we may automatically collect technical and usage data such as your IP address, browser and device information, user agent, referrer, landing path, page views, UTM parameters, campaign identifiers, language, timezone, and screen size.
baek_visitor_id
Used to support first-party website event logging and help the practice understand how visitors move through the site.
portal_csrf / portal_session
Used to protect forms and maintain authenticated portal sessions when you sign in.
baek-theme
Stored in your browser to remember the site’s light or dark display preference.
04 Public Forms
How the public request and contact forms work
The public request experience is intentionally limited. It is designed for basic contact, fit, timing, and next-step questions only. Please do not submit urgent concerns, detailed medical history, or highly sensitive health information through the public website.
Based on the current site implementation, the public request form is designed to open a draft in your own email client when JavaScript is available. If that client-side flow is unavailable or a fallback submission path is used, the same form may instead post to our server, create a lead record, generate a follow-up task, and log related website events for operational follow-up.
If you would rather not place your information into an email draft, call the practice directly at (914) 573-4780.
05 Portal
Portal, sign-in, and account-security data
If you access the secure portal, the system may process information needed to authenticate and protect your account, including sign-in attempts, session records, IP addresses, browser data, password reset requests, magic-link requests, multi-factor authentication events, and passkey-related records.
We use this information to maintain portal security, investigate misuse, enforce access controls, and support legitimate user access to the services.
06 Use
How we use personal information
- Respond and follow up. To contact you about your inquiry, appointment request, scheduling preferences, or care-related next steps.
- Operate the website and portal. To render pages, protect forms, authenticate users, maintain sessions, and keep the services functioning.
- Security and fraud prevention. To rate-limit abuse, detect spam or suspicious activity, maintain audit logs, and protect accounts and records.
- Improve operations. To understand site traffic, referral sources, campaign performance, and common request patterns using first-party event data.
- Legal and administrative needs. To comply with legal obligations, enforce policies, resolve disputes, and maintain required records.
07 Sharing
Who personal information is shared with
We do not sell personal information. We may disclose information only as reasonably necessary for practice operations, legal compliance, or safety, including to these categories of recipients:
- Service providers and contractors. This can include hosting, infrastructure, secure communications, authentication, document or storage, scheduling, analytics, or other vendors that help us operate the website, portal, or practice systems.
- Professional advisors. Lawyers, accountants, compliance consultants, or insurers when disclosure is reasonably necessary.
- Government authorities or legal process. When required by law, court order, subpoena, regulation, or to protect rights, property, or safety.
- Business transition participants. If all or part of the practice or its systems are reorganized, sold, transferred, or merged, subject to applicable law.
Our public site is currently configured to rely on first-party assets and first-party event logging rather than third-party advertising pixels or social media trackers on pages we control today.
SMS consent is not shared with third parties or affiliates.
08 SMS
SMS, phone, and email communications
If you choose to opt into SMS, Baek PT & Wellness may contact you by text for inquiry follow-up, scheduling, account notifications, care coordination, and related customer-care communications described in the SMS Terms & Conditions.
- Consent is optional. SMS consent is not a condition of receiving care.
- Frequency and charges. Messaging frequency may vary, and message or data rates may apply.
- Opt-out and help. You may text STOP to opt out or HELP for assistance.
09 Healthcare Privacy
Healthcare privacy and HIPAA-related context
Public website browsing and basic contact requests are not the same thing as a full clinical intake. Once you become a patient or use secure clinical tools, additional privacy rules may apply to protected health information, including healthcare privacy requirements such as HIPAA where applicable.
This website Privacy Policy is not a substitute for a separate Notice of Privacy Practices or patient-facing consents that may apply to treatment, payment, healthcare operations, secure intake, clinical records, or other protected health information.
If you want a copy of the practice’s healthcare privacy information or want to raise a privacy concern, contact hello@BaekPT.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights through the OCR complaint portal.
10 Retention
How long we keep information
We keep information for as long as reasonably necessary for the purposes described in this policy, including scheduling and inquiry follow-up, security monitoring, recordkeeping, legal compliance, dispute resolution, and operational continuity.
Clinical or patient-related records may be retained longer when required by law, professional standards, payer rules, or healthcare recordkeeping obligations.
11 Security
How we protect information
We use reasonable administrative, technical, and operational safeguards designed to protect information handled through our website and portal. These measures may include HTTPS transport protection, access controls, rate limiting, security headers, account authentication controls, session management, and internal audit logging.
No website, email flow, messaging channel, or storage system can be guaranteed to be completely secure. Please use caution when deciding what information to send through public forms or ordinary email.
12 Choices
Your choices and privacy rights
- Contact preferences. You can choose whether to call, email, or, if offered, opt into SMS.
- SMS choice. You may withdraw SMS consent at any time by texting STOP.
- Browser controls. You can control cookies, local storage, and saved preferences through your browser settings.
- Access, correction, or deletion requests. Depending on the nature of the information and applicable law, you may contact us to request access, corrections, or deletion, subject to legal, security, and record-retention limits.
13 Children
Children’s privacy
This website is not directed to children under 13, and we do not knowingly collect personal information online from children under 13 through the public website without appropriate involvement from a parent, guardian, or authorized representative.
14 Updates
Changes, questions, and complaints
We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. When we do, we will update the effective date shown on this page.
Email hello@BaekPT.com, call (914) 573-4780, review our SMS Terms & Conditions, or return to the request page.