Privacy Policy

Effective Date: January 1, 2025
Last Updated: October 27,2025

Introduction

Peeq Consulting ("Peeq," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.

This policy applies to all visitors, users, and clients of Peeq Consulting's services, including our strategic consulting, marketing automation, AI implementation, and workflow optimization services for independent physical therapy practices.

By using our services or providing us with your information, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

Contact us through our website, email, or phone
Request a consultation or free market analysis
Schedule an appointment or assessment
Engage our services as a client
Subscribe to our newsletter or communications
Register for events or webinars
Fill out forms on our website

This information may include:

Contact Information: Name, email address, phone number, business name, mailing address
Professional Information: Practice name, role/title, number of locations, staff size, specializations
Business Information: Current systems (EMR/EHR), technology infrastructure, marketing practices, operational challenges
Financial Information: Payment information for services (processed securely through third-party payment processors)
Communications: Content of emails, messages, or other communications with us
Assessment Data: Information you provide during consultations, audits, or assessments

1.2 Information Automatically Collected

When you visit our website, we automatically collect certain information about your device and browsing behavior:

Technical Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages visited, time spent on pages, links clicked, referring website, date and time of visits
Location Data: General geographic location based on IP address
Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 8)

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Business partners who refer you to our services
Professional networks such as LinkedIn
Industry associations such as MARN (Mid-Atlantic Rehab Network)
Public sources such as business directories
Analytics providers that help us understand website traffic

1.4 Client Practice Data

When providing services to physical therapy practices, we may access or process certain data on behalf of our clients, including:

Practice operational data (appointment volumes, staff utilization, financial metrics)
Marketing data (website analytics, social media performance, review data)
System configuration data (EMR/EHR settings, workflow documentation)
De-identified aggregate data for benchmarking and analysis

Important: We do NOT collect, access, or process Protected Health Information (PHI) as defined by HIPAA. Our services focus on practice operations, marketing, and technology implementation—not patient records or clinical data. Any patient data remains exclusively under the control of the healthcare provider.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

Provide consulting services including strategy development, implementation support, and ongoing guidance
Conduct assessments and audits of your practice's readiness for AI and automation
Develop customized roadmaps and implementation plans
Implement solutions including marketing automation, AI agents, and workflow optimization
Provide technical support and troubleshooting
Monitor performance and measure results

2.2 Communication

Respond to inquiries and provide customer support
Send service-related communications including updates, confirmations, and notices
Deliver newsletters and educational content you've subscribed to
Notify you about webinars, events, or educational opportunities
Request feedback on our services

2.3 Business Operations

Process payments and maintain billing records
Manage client relationships and maintain accurate records
Improve our services based on feedback and usage patterns
Develop new services and features
Conduct research and analysis to enhance our methodologies
Ensure security and prevent fraud

2.4 Marketing and Analytics

Send marketing communications about our services (with your consent or as permitted by law)
Analyze website traffic and user behavior to improve user experience
Create benchmarks using de-identified aggregate data
Develop case studies and testimonials (with explicit client consent)
Improve our CARE Flywheel™ methodology using anonymized practice data

2.5 Legal and Compliance

Comply with legal obligations including tax and regulatory requirements
Protect our rights and defend against legal claims
Enforce our terms of service and policies
Ensure HIPAA compliance in our client implementations (we act as advisors, not Business Associates)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar privacy laws, we process your personal information based on the following legal grounds:

Consent: When you have given explicit consent for specific processing activities
Contract Performance: When processing is necessary to fulfill our contractual obligations to you
Legitimate Interests: When processing serves our legitimate business interests and doesn't override your privacy rights
Legal Obligation: When required by law to process your information

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party vendors and service providers who assist us in operating our business:

Technology providers (website hosting, cloud storage, email services)
Payment processors (Stripe, PayPal, or similar)
Analytics services (Google Analytics, tracking tools)
Marketing platforms (email marketing, CRM systems)
Professional services (legal, accounting, insurance)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 AI and Automation Tools

When implementing AI agents and automation for clients, we may configure or integrate:

AI platforms (e.g., OpenAI, Anthropic, specialized healthcare AI)
Workflow automation tools (Zapier, Make, custom solutions)
Chatbot platforms (HIPAA-compliant chat services)
Analytics and reporting tools

We ensure all such tools have appropriate security measures and, where required, Business Associate Agreements (BAAs) for HIPAA compliance.

4.3 Business Transfers

If Peeq Consulting is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information when required by law or in response to:

Subpoenas, court orders, or legal process
Government or regulatory requests
Investigations of potential legal violations
Protection of rights and safety of Peeq, our clients, or others

4.5 With Your Consent

We may share your information for purposes not described in this policy with your explicit consent.

4.6 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

Industry benchmarks and best practices
Research and publications about physical therapy practice management
Case studies with identifying details removed
Statistical analysis for industry reports

5. Data Security

We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

5.1 Technical Safeguards

Encryption: All data transmitted to and from our systems uses TLS 1.2 or higher encryption
Secure storage: Data at rest is encrypted using AES-256 encryption
Access controls: Role-based access with multi-factor authentication
Firewalls and intrusion detection: Network security monitoring
Regular security audits: Periodic vulnerability assessments and penetration testing

5.2 Organizational Safeguards

Employee training: Regular privacy and security training for all staff
Confidentiality agreements: All employees and contractors sign confidentiality agreements
Limited access: Information is accessible only to personnel who need it to perform their duties
Incident response plan: Procedures for detecting, responding to, and reporting security breaches

5.3 Physical Safeguards

Secure facilities: Office security measures including access controls
Device security: Encrypted laptops, secure mobile devices, remote wipe capabilities
Clean desk policy: Secure storage of physical documents

Important: While we use industry-standard security practices, no system is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

6. HIPAA and Healthcare Data

6.1 Our Role

Peeq Consulting provides business consulting, marketing, and technology implementation services to physical therapy practices. We do NOT:

Access, store, or process Protected Health Information (PHI)
Act as a Business Associate under HIPAA
Provide clinical services or make clinical decisions
Handle patient records or treatment data

6.2 Client Responsibilities

Our physical therapy practice clients remain solely responsible for:

HIPAA compliance in their own operations
Patient data security and privacy
Business Associate Agreements with their own vendors
HIPAA training for their staff
Breach notification if patient data is compromised

6.3 Our Services Related to HIPAA

We DO provide consulting and guidance on:

HIPAA compliance requirements for AI and automation tools
Vendor evaluation to ensure HIPAA-compliant solutions
Policy and procedure development for compliant operations
Staff training coordination on HIPAA best practices
Risk assessment of technology implementations

When we recommend or implement AI tools that may handle PHI (such as documentation assistants or chatbots), we ensure clients obtain proper Business Associate Agreements from those vendors.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

Active client data: Retained throughout the business relationship and for a reasonable period afterward
Billing records: Retained for 7 years to comply with tax and accounting requirements
Marketing communications: Until you unsubscribe or request deletion
Website analytics: Typically 26 months, then aggregated
Communications records: Retained for 3-5 years for business continuity
Legal or compliance requirements: As required by applicable law

7.2 Deletion After Retention Period

After the retention period expires, we securely delete or anonymize your information unless:

Legal obligations require continued retention
The information is necessary to establish, exercise, or defend legal claims
You have requested that we retain the information

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and understand how visitors use our site.

8.2 Types of Cookies We Use

Essential Cookies (Required)

Enable core website functionality
Remember your preferences during your visit
Maintain security and prevent fraud

Analytics Cookies (Optional)

Track website traffic and usage patterns
Help us understand which pages are most popular
Identify technical issues
Examples: Google Analytics

Marketing Cookies (Optional)

Track your interests based on pages visited
Enable personalized content and advertisements
Measure effectiveness of marketing campaigns
Examples: Facebook Pixel, LinkedIn Insight Tag

8.3 Managing Cookies

You can control cookies through:

Browser settings: Most browsers allow you to refuse cookies or delete existing ones
Opt-out tools: NAI opt-out tool (networkadvertising.org), DAA opt-out tool (aboutads.info)
Cookie consent banner: Manage preferences through our website banner (where required by law)

Note: Disabling essential cookies may affect website functionality.

8.4 Third-Party Analytics

We use Google Analytics to understand website usage. Google Analytics uses cookies to collect information about how visitors use our site. This data is reported in aggregate and does not identify individual users.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

9. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information:

9.1 Rights for All Users

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Opt-out of marketing: Unsubscribe from promotional communications at any time
Data portability: Receive your data in a structured, commonly used format (where technically feasible)

9.2 Additional Rights for EEA/UK/California Residents

European Economic Area (GDPR) and United Kingdom (UK GDPR)

Right to restriction: Limit how we process your information
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent at any time (where consent is the legal basis)
Right to lodge a complaint: File a complaint with your local data protection authority
Right to data portability: Receive your data in machine-readable format

California (CCPA/CPRA)

Right to know: What personal information we collect and how we use it
Right to delete: Request deletion of personal information (with exceptions)
Right to opt-out of sale: We do not sell personal information
Right to non-discrimination: Equal service regardless of privacy rights exercised
Right to correct: Request correction of inaccurate information
Right to limit use of sensitive information: Applies to certain sensitive categories

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: info@peeqconsulting.com
Phone: 614-546-9867
Mail: Peeq Consulting, 841 Royal Oak Dr, Marysville, OH 43040

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request to protect your security.

9.4 No Discrimination

We will not discriminate against you for exercising any of your privacy rights, including:

Denying services
Charging different prices or rates
Providing a different level of service quality

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately at privacy@peeqconsulting.com, and we will delete that information.

11. International Data Transfers

Peeq Consulting is based in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from your country. However, we take steps to ensure adequate protection of your information regardless of where it is processed, including:

Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses when transferring data from the EEA
Data processing agreements: Contractual commitments with service providers to protect your information
Adequate safeguards: Implementation of security measures consistent with this policy

By using our services, you consent to the transfer of your information to the United States and other countries for processing.

12. Third-Party Links

Our website may contain links to third-party websites, including:

Social media platforms (LinkedIn, Facebook, Twitter)
Partner websites and resources
Industry associations and professional organizations
Technology vendors we recommend

We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information. This Privacy Policy applies only to information collected by Peeq Consulting.

13. California Privacy Disclosures

13.1 California Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, contact us at privacy@peeqconsulting.com.

13.2 CCPA/CPRA Disclosures

Categories of Personal Information Collected:

Identifiers (name, email, phone, business information)
Commercial information (services purchased, transaction history)
Internet/electronic activity (website usage, browsing behavior)
Professional information (role, practice details)
Inferences (preferences, characteristics drawn from data)

Sources: Directly from you, automatically through website use, from third parties (referrals, business partners)

Business/Commercial Purposes: Service delivery, communication, business operations, marketing, legal compliance (as detailed in Section 2)

Categories Shared: With service providers, professional advisors, as required by law (as detailed in Section 4)

Sale of Personal Information: We do NOT sell personal information as defined by CCPA/CPRA.

Retention: As described in Section 7

To exercise your CCPA/CPRA rights, see Section 9.3.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will provide prominent notice on our website or by email (for active clients)
Continued use of our services after changes take effect constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Peeq Consulting

Email: info@peeqconsulting.com
Phone: +1 614-546-9867
Mailing Address:
841 Royal Oak Dr, Marysville, OH 43040

Response Time: We aim to respond to all privacy inquiries within 5 business days for general questions and within 30 days for formal rights requests.

16. Specific State Privacy Rights

16.1 Nevada

Nevada residents may opt out of the sale of covered personal information. We do not sell personal information as defined by Nevada law. If you still wish to submit an opt-out request, contact us at privacy@peeqconsulting.com.

16.2 Virginia (VCDPA)

Virginia residents have rights similar to GDPR, including access, correction, deletion, data portability, and opt-out rights. To exercise these rights, contact us using the information in Section 15.

16.3 Colorado (CPA)

Colorado residents have rights including access, correction, deletion, data portability, and opt-out of targeted advertising and profiling. To exercise these rights, contact us using the information in Section 15.

16.4 Connecticut (CTDPA)

Connecticut residents have rights similar to Virginia and Colorado. To exercise these rights, contact us using the information in Section 15.

16.5 Utah (UCPA)

Utah residents have rights to access, deletion, data portability, and opt-out of targeted advertising and sale of personal information. To exercise these rights, contact us using the information in Section 15.

Acknowledgment

By using Peeq Consulting's services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Updated: October 27, 2025
Effective Date: January 1, 2025