Privacy

Hinge Health Privacy Policy

Hinge Health, Inc. and its subsidiaries or affiliates (collectively, “We”, “Us”, “Our”, or “Hinge Health”), including Hinge Health MSO, Inc. (the “MSO”), an independent management entity with a national network of physicians, physical therapists and other healthcare providers who provide clinical services, and each of the professional service corporations and other clinical entities within such network to which the MSO provides management and administrative services, are deeply committed to protecting the privacy and security of Our customers’ data. 

Table of Contents

Scope

Information We Collect

How We Collect Information

How to Review and Change Your Personal Information

Use of Information

Targeted Advertising and Analytics

Disclosure of Information

Telephone Consumer Protection Act

Your Privacy Rights and Choices

How We Protect Information Online

How Can You Help Protect Your Information?

Children

Links to Other Websites

Do Not Track

How Long Do We Retain Your Information

Employment Information

Updates

Additional Disclosures and Notices at Collection for Residents of California

Scope

This statement sets forth Hinge Health’s Privacy Policy (“Privacy Policy”) and describes the practices that We will follow with respect to the privacy of the information of users of this website and its various webpages (“Sites”) and Our mobile applications (“Apps”). By visiting hingehealth.com and using Hinge Health’s mobile application and services (collectively, the “Services”) you acknowledge that you accept the practices and policies outlined in this Privacy Policy. “You”, “your”, or similar terms refer to you as a user of the Services. We encourage you to review this Privacy Policy regularly to stay informed about Our information practices and the choices available to you.

This policy applies to information We collect:

  • through the Services; and 

  • via email, text, or other electronic messages between you and any employee or agent of Hinge Health.

This policy does not apply to the actions of any company or entity that We do not control and to individuals who We do not directly employ or manage. Clinical services, such as medical and physical therapy services, are provided by the MSO and its network or affiliated healthcare professionals. The MSO is not a health care entity and does not provide clinical services, but is a management service organization that performs marketing, business, and administrative services including data security and privacy management under various state and federal laws on behalf of the licensed health care providers. This reference does not, and is not intended to, imply that any licensed health care provider is an employee of the MSO or that the MSO is providing or intends to provide clinical or healthcare services in any form. All clinical and healthcare services are exclusively provided by the appropriate affiliated professional entity, and provided in the healthcare provider’s sole and exclusive discretion. Personal information, including protected health information (“PHI”) obtained in connection with the provision of such services, is shared with the Hinge Health entities in accordance with data sharing agreements and applicable law. 

Some of the Services are provided using telehealth, which means that We use electronic communications to enable providers to exchange health and medical information from one site to the other for the purpose of treatment or patient care. Before you use the Services, you will be asked to affirmatively provide informed consent for telehealth services. If you do not agree to this informed consent, you are not authorized to access the Services or use Our Sites, and you must promptly exit Our Sites or Apps.

As used in this Privacy Policy, the terms “using” and “processing” information may include, amongst other things, subjecting such information to analysis, using cookies or web beacons, and managing information in a number of ways, including but not limited to: collection, storing, evaluating, modifying, deleting, using, combining, and/or disclosing. 

The MSO and its affiliated clinical entities are an Affiliated Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Some of the individually identifiable information We collect or that you provide to Us for the purposes of obtaining medical care may constitute PHI under HIPAA. PHI is subject to special protections under HIPAA. For more information about your rights under HIPAA, please refer to Hinge Health’s Notice of Privacy Practices. To the extent other state or local privacy and data protection laws apply to your data, We will comply with those requirements as well. Information that you provide directly to a physician, nurse practitioner, physical therapist, or other clinician acting within the scope of their license in the provision of medical, physical therapy or professional physical therapy services is covered by the Notice of Privacy Practices for the MSO and its network of affiliated healthcare professionals. The Notice of Privacy Practices does not apply to information that is not PHI. This Privacy Policy supplements the Notice of Privacy Practices for PHI. If there is ever any conflict between this Privacy Policy and the Notice of Privacy Practices, the Notice of Privacy Practices will apply.

Should you have any questions about this policy or Our practices, please send an email to privacy@hingehealth.com.

Information we collect

Hinge Health collects various types of information about you, as described below.

Contact Information: We may collect your name, e-mail address, phone number or other contact information. We may also collect information you provide to create an account or profile, such as your username and password.   

Health Information: We may collect or access medical records from your past, current, and future health care providers. This may include information about your existing or past diagnoses, previous treatments, general health, laboratory or pathology test results and reports, social histories, family medical history, and records about phone calls or emails related to your health or test results. If you choose to go through Our screening process and/or register for the Services We ask you to provide personal information, including but not limited to: your name, address, telephone number and/or email address, height, weight, and health information in connection with the use of Our products or Services.

Interests and Demographic Information: In order to better understand Our customers and offer products and services of interest to you, We may collect information from or about you that indicates your interests or demographic information. Examples may include date of birth, age or age range, gender, geographic location (e.g., zip code), favorite products, hobbies and interests, household or lifestyle data, or transactional information about the products or services that you purchase.

Group Health Plan or Employer Information: We may obtain information as to your current employer and whether you are covered by your employer or another group health plan to coordinate payment for Services. 

Customer Service and Feedback: We may collect information from you when you request customer support or information from Us, provide feedback or reviews about your experience with Us or Our products, or otherwise communicate with or contact Us.

Social Media Account Information: If you link a third-party social media account with Us, we may collect information you have publicly shared on your account.  

Consumer-Generated Content: We may collect content that you create and then share with Us on third-party social networks or one of Our Sites or Apps. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, Site community features, consumer engagement, and third-party social networking.

Location Information: We may collect or infer information about your location based on your zip code or IP address.

Site Usage and Device Information: We may collect information about your use of Our Services, including technical information about your device, browser or mobile carrier; usage information such as when you access the Services, for how long, and the websites you accessed before or after your use of the Services; and device identifiers and IP address. We may also capture information concerning your interaction with the Services.

You may choose not to provide Us with certain information, but that may result in Our inability to provide you access to the Services.

How we collect information

There are several ways We may obtain information about you. Hinge Health collects information from you (a) that you choose to share with Us when using Our Services and when you otherwise interact with Us, such as through Our customer service channels, (b) that We collect automatically when you use Our Services, and (c) that We receive from third parties.

We collect information from you directly. We collect information when you use Our Services or otherwise interact with Us. This may include signing up for communications, and registering for an account with Us. We may collect information when you use the Service, or enter a promotion or contest, or if you participate in any of Our surveys or provide a review. 

We collect information automatically. We and Our third party service providers collect data about you using automated technology like cookies and pixels via Our Services. We use these technologies to improve Our Services and your experience, see which areas and features of Our Services are popular, and count visits. They also help Us understand information like access times, pages viewed, links clicked, and the page you visited before navigating to Our Services. For more information about Our use of cookies and other tracking technologies, see the “Targeted Advertising and Analytics” section and the “Cookies” sub-section of the “Your Privacy Rights and Choices” section below. 

We get information about you from other sources. We may collect information about you from Our business partners or affiliates. We may also acquire information from other sources to help Us maintain the accuracy of the information We collect, personalize your experience with the Services, target Our communications so that We can inform you of products and services or other offers that may be of interest to you, measure ad quality and responses, and for internal business analysis or other business purposes.

How to review and change your personal information

To change or remove any information, please contact Us through the application, or at privacy@hingehealth.com.

Use of information

We may use the information that We collect from and about you for a variety of business purposes, as noted below. We may combine personal and non-personal information collected by Hinge Health about you, and may combine this information with information provided by external sources, as well as information collected offline, across other computers or devices that you may use, and from third party sources.  

  • We use information to communicate with you. We may use information to answer your questions and comments, including providing you with information about this Policy or Our Terms and Conditions. We may also use information to provide you with customer service. We may also use your contact information to request permission to use information you have volunteered in other contexts. By using the Services you consent to and authorize Hinge Health and its affiliates to disclose your eligibility for and participation in the Services (i.e., that you meet the enrollment criteria for the Services and that you have elected at your own discretion to participate) among themselves and to others, such as: Hinge Health senior management and administrators, your personal Hinge Health coach (your “Hinge Coach”) and other users of Hinge Health’s Services. In particular, these entities may be able to access a range of information about you, such as your first and last name, picture, and participation in Hinge Health’s program. Moreover, based on Hinge Health’s deployment model, you may be placed into a group of users with similar characteristics who may be co-workers or acquaintances (your “Peer Group”) who will be able to view such information. Only information you explicitly consent to be visible to the peer group will be shared. By default, only your first name is shared, and you may choose to use a pseudonym instead of your real first name.

  • We use information so you can use Our products and Services. We may use information to process and fulfill orders, administer your account, including your assignment and enrollment in your Peer Group, allow your Hinge Coach or your care team to personalize your experience, and provide you with access to particular tools and services. We may use information to process your registration with Our Services so you can use Our features. 

  • We use information to improve Our products and Services. We may use information to make Our Services better, such as by responding to your inquiries and sending you administrative communications; obtaining your feedback on Our Sites and Our offerings; statistically analyzing user behavior and activity; using machine learning, artificial intelligence, or other similar technology to analyze and process your content and information; providing Our users with more relevant content; and conducting research and measurement activities.

  • We use information to personalize the Services. We may use information to personalize your experience with us, including saving preferences or settings. This may include customizing the content you see or making it easier for you to log into your account, sending you personalized emails or secure electronic messages pertaining to your health information, or contacting you about the products and services We offer. In order to personalize the Services, We may analyze your preferences, information, and habits.

  • We use information for marketing purposes. We provide you with information about new products and special offers or promotions which may include advertisements for Our products and services that are tailored to you. We may use information to run a sweepstakes or contest. We deliver content to you through various channels, such as email and social media platforms. If you wish to opt out of marketing emails, please see the “Your Privacy Rights and Choices” section below.

  • We use information to protect Our company and others. We use information to identify fraud, and secure Our Services and systems in an effort to protect you and Our other customers. 

  • We use information for other lawful purposes or as we may disclose to you.

Targeted advertising and analytics

We engage others to provide analytics, serve advertisements, and perform related services across the web and in mobile apps. These entities may use cookies, web beacons, software development kits (“SDKs”), device identifiers, and other technologies to collect information about your use of Our Services and other website and mobile apps, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information allows Us to determine whether you have visited the Sites previously and save and remember any preferences that may have been set and statistically monitor how many people are using Our Sites and for what purpose. This information is used to deliver advertising targeted to your interests and to analyze and track data, determine the popularity of certain content and better understand your activity. We may also make use of “persistent” or “memory based” cookies, which remain on your computer’s hard drive until you delete them. You have the ability to modify your browser to either accept all cookies, notify you when a cookie is sent, or reject all cookies, but it may not be possible to utilize Our Services if you reject all cookies. Web beacons are small pieces of code (also called pixels) that are embedded on the pages of websites and that can report your visit or use to a third party. We use web beacons to collect automatic information about Our visitors but not personal information. Hinge Health may use these tools for the purposes of web analytics, marketing, and error management. You may modify your browser to prevent web beacons from collecting automatic information about you.

Disclosure of information

We may disclose information We collect from and about you as follows: 

We disclose information within Our family of companies. We may disclose information with the Hinge Health family of companies, which includes all direct and indirect subsidiaries and affiliates of parent company Hinge Health, Inc. and any future related companies.

We disclose information with service providers and other third parties we work with. We may disclose information with external companies who perform business, technical, professional, or marketing related services for Us. This also includes companies that help Us with fraud detection and Service operations. We may disclose information with data analytics vendors or market research companies. In some circumstances these entities may use your information for their own purposes. This might include internal analytics.

We disclose information if We think We have to in order to comply with the law or to protect ourselves. For example, We may disclose all categories of information to respond to a court order or subpoena. We will disclose information if a government agency or regulatory body requests it. This includes U.S. and non-U.S. law enforcement or regulatory authorities.

We disclose aggregate or anonymous information. We may disclose aggregate, anonymous, or de-identified information that cannot reasonably be used to identify you or via scientific research papers regarding Our Services.

We disclose information as permitted by law and for other reasons We may describe to you.

We will not disclose your personal information for any other purpose unless you have authorized Us to do so. 

Disclosure of Information by You:

Through your use of the Services, you may choose to make certain elements of your information, including PHI that you post and/or disclose in the course of engaging with the Services, available to other participants and users. While We take considerable efforts to protect your privacy, We cannot take and expressly disclaim responsibility for whether and how other users, including your Peer Group, will use or disclose information disclosed by you through the Services. As discussed above, the Services provide you the ability to share personal information, including regarding your medical condition and history to your Peer Group. Any information you voluntarily choose to provide through the Services may be visible to your Peer Group and Hinge Coach. As such, you should only provide information you feel comfortable disclosing to other members of your Peer Group and Hinge Coach.

Telephone Consumer Protection Act

Hinge Health may provide you with notices, including those related to your enrollment or use of the Services, including but not limited to by email, postal mail, short message service (“SMS”), multimedia messaging service (“MMS”), text message, or other reasonable means now known or hereinafter developed. Hinge Health will provide notice and request consent to receiving text messages at the point of collection for mobile phone numbers. By providing Hinge Health with your telephone number, this gives Hinge Health consent to send you text messages regarding your purchase(s), or for other non-telemarketing purposes, made by an automatic telephone dialing system.

You understand that you may receive email as part of using the Services, and while Hinge Health encrypts all email communications, your email server may not guarantee encryption. If your email provider does not encrypt email, you accept the risk that some PHI could be acquired by someone else.

You understand that you may receive text messages (SMS) as part of using the Services, such as a reminder about an upcoming appointment or to participate in Hinge Health services. SMS messages are encrypted by Hinge Health in transit to your cell phone provider, but cell providers do not guarantee encryption of SMS messages that are stored on your behalf. By using the Services you accept the risk that some PHI could be intercepted by someone else targeting your SMS communications.

Your privacy rights and choices

Access, correction, deletion. Depending on where you reside, you have the right to (1) request to know more about and access the personal information We collect, use, and disclose about you, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information. To request access, correction, or deletion of your personal information, please follow the prompts here or call Our toll-free number at (855) 902 2777. We may verify your request by asking you to provide information related to your recent interactions with Us, such as your name, email address, or phone number. If We deny your request, you may appeal Our decision by contacting Us at legal@hingehealth.com. If you have concerns about the results of an appeal, you may contact the Attorney General in the state where you reside.

Opting out of targeted advertising, sharing, and sales. As described in the “Targeted Advertising and Analytics” section above, We process personal information to understand and improve your experience with Our Services. Some of these activities may be considered “sales” or “sharing” of your personal information or “targeted advertising” under certain laws. Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your personal information. You can do so by navigating to the “Your Privacy Choices” link at the bottom of this page or by visiting Our Sites with a legally-recognized opt-out preference signal enabled, such as the Global Privacy Control. Please note that, depending on which opt-out preference signal you use and whether you are logged into your account with Us, Our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out if you use a different browser or device to access Our Services.

Nondiscrimination. We will not discriminate against you if you exercise your privacy rights.

Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of Our Sites. 

Communication preferences. You may opt out of receiving promotional communications from Us by following the instructions presented at the time you sign up for them, as well as by following the instructions in those communications. If you opt out, We may still send you non-promotional communications, such as those about your account, relationship with Us, or Our ongoing business relations.

How we protect information online

We exercise great care to protect your personal information through various administrative, technical and physical safeguards. This includes, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on Our systems. However, while We strive to protect your personal information, We cannot ensure or warrant the security of any information you transmit to Us or receive from Us while that information is in transit. This is especially true for information you transmit to Us via email since We have no way of protecting that information until it reaches Us since email does not have the security features that are built into Our Sites.

In addition, We limit Our employees’ and contractors’ access to personal information. Only those employees and contractors with a business reason to know have access to this information, and then may only access or use the minimum necessary for the task at hand. We educate Our employees about the importance of maintaining confidentiality of user information.

We also periodically review Our security arrangements and safeguards.

How can you help protect your information

If you are using a Hinge Health website or mobile application for which you registered and choose a password, We recommend that you do not share your password to anyone. Do not store extraneous personal information on Hinge Health provided devices, as We cannot protect the safety and security of devices in your personal possession, and keep the device password protected. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Always remember to sign out of the Hinge Health website and close your browser window when you have finished using the Services. This is to ensure that others cannot access your personal information and correspondence to Us if others have access to your computer or mobile device. If you are using a device or other hardware provided by Hinge Health, such as a tablet computer, you are responsible for maintaining the security of any such device; if you lose any hardware We provided to you, you are fully responsible for any such lost device, including loss, breach, or misuse of any data contained on or within the hardware. We will support the security of your tablet computer only for so long as you participate in the Services, and any security We provide will not apply to any uses of the tablet computer unrelated to the Service. 

Children

The Hinge Health Sites and Services are not designed to be used by or intended to attract children under the age of 13. Individuals who We actually know are under the age of 13 will not be permitted to use the Hinge Health Sites and Services and We will not collect their personal information. We do not share the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from the minor who is between 13 and 16 years of age. If you are a parent or guardian and you are aware that your child who is under the age of 13 has provided Us with identifiable personal data, please contact Us. If We become aware that We have inadvertently collected data from children under the age of 13 without verification of parental consent, We will timely remove that information from Our servers to the extent permissible by law.

We want to provide website visitors valuable information, services, and products. Featured programs and other Hinge Health website content may link Our users to third-party websites. Hinge Health does not control and is not responsible for privacy or security practices of any third party websites or the information that is collected, stored, or used by those sites, so please read each site’s privacy policy carefully.  

Do not track

Do Not Track is an optional setting that enables you to express your preferences regarding the collection of information about your online activities over time and across third-party websites. Your browser sends Do Not Track signals to the websites you visit expressing your preference not to be tracked. However, because there is no industry-standard approach to responding to Do Not Track signals, We do not process or respond to Do Not Track signals.

How long do we retain your information

We will retain your personal information for as long as is necessary for the purposes set out in this Policy unless a longer period is required under applicable law or is needed to resolve disputes or protect Our legal rights. For example, where We are processing personal information based on contract requirements, We generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship. PHI will be retained and protected as required by HIPAA, applicable federal and state law and any applicable contractual and insurance requirements. 

Employment information

This Privacy Policy does not apply to any collection or utilization of employment-related information. If you are a current or former job applicant, employee, owner, director, officer, or contractor of Hinge Health, Inc. or any of its affiliates please contact legal@hingehealth.com for more information.

Updates

As We continually update and improve Our Services, We may periodically make changes to this Privacy Policy. Or, We may modify this Privacy Policy to reflect new changes in laws or regulations. Accordingly, please check back and review this Privacy Policy periodically.

Additional disclosures and notices at collection for residents of California

If you are a resident of California, California law requires Us to disclose the following additional information with respect to Our collection, use, and disclosure of personal information. If you reside in California, this section applies to you and describes our data practices today and in the preceding 12 months. Please note that the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CPRA"), does not govern medical information or PHI that is collected by a covered entity or business associate that is governed by HIPAA.

We collect the following categories of personal information: identifiers, demographic information, commercial information, internet or other electronic network activity information, audio and visual data, and inferences. For details about the precise data points We collect and the sources of such collection, please see the “Information We Collect” section above. 

We collect personal information for the business and commercial purposes described in the “Use of Information” section above. 

We disclose personal information for the business and commercial purposes described in the “Disclosure of Information” section above. Specifically, we have disclosed the following categories of personal information to the following categories of recipients:

Categories of Personal Information

Categories of Recipients

Identifiers

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Demographic information

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Commercial information

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Internet or other electronic network activity information

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Audio and visual data

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Inferences

Advertising and marketing networks, data analytics providers.

We retain personal information for as long as necessary to carry out the purposes for which We originally collected it and for other purposes described in this privacy policy.

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you. 

Some of our advertising and analytics activities may constitute “sharing” or “selling” under California law. In order to advertise our products to you and better understand, improve, and personalize our interactions with you, we share and sell the following categories of personal information to the following categories of third parties:

Categories of Personal Information

Categories of Third Parties

Identifiers

Advertising and marketing networks.

Commercial information

Advertising and marketing networks.

Internet or other electronic network activity information

Advertising and marketing networks.

We do not knowingly sell or share personal information about consumers under the age of 16.

You have the right to opt out of sharing and sales at any time by navigating to the “Your Privacy Choices” link at the bottom of this page or by visiting Our Services with a legally-recognized opt-out preference signal enabled, such as the Global Privacy Control. Please see the “Your Privacy Rights and Choices” section above for more information about your privacy rights and how to exercise them. 

If you are submitting a rights request as an authorized agent, you are required to submit proof of your authorization to make the request, such as a valid power of attorney or proof that you have signed permission from the individual who is the subject of the request. Please do not provide any sensitive personal information in connection with the request, such as a driver's license or other government-issued ID. In some cases, We may be required to contact the individual who is the subject of the request to verify his or her own identity or confirm you have permission to submit this request. If you are an authorized agent seeking to make a request, please contact Us at (855) 902 2777 or by filling out this form.

Last updated December 27, 2023

Website: www.hingehealth.com

Email: privacy@hingehealth.com

Toll-free telephone number: 1-855-902-2777

Postal Address: Hinge Health Attn: Compliance 455 Market Street, Suite 700 San Francisco, CA 94105