Privacy Policy

Effective date: May 12, 2026
Last updated: May 12, 2026

This Privacy Policy explains how Align Chiropractic ("Align," "we," "us," or "our") collects, uses, discloses, and protects information when you use our website, patient portal, iOS app, Android app, or related online services (collectively, the "Services").

Align Chiropractic is located at:

Align Chiropractic
477 Lancaster Ave Suite 106
Malvern, PA 19355
Email: info@alignpa.com
Phone: (484) 318-7921

HIPAA and Medical Information

Some information we collect or maintain may be protected health information under the Health Insurance Portability and Accountability Act ("HIPAA"). When information is protected by HIPAA, our Notice of Privacy Practices applies in addition to this Privacy Policy. If there is a conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices for protected health information, the HIPAA Notice of Privacy Practices controls.

Our HIPAA Notice of Privacy Practices describes how medical information about you may be used and disclosed, how you can access that information, and your rights under HIPAA. Align's current HIPAA privacy page is posted at https://www.alignpa.com/hipaa-privacy-policy/. You may request a paper or electronic copy of that notice by contacting us at the address or phone number above.

Information We Collect

We collect information you provide directly, information created through use of the Services, and limited technical information needed to operate and secure the Services.

Account and Contact Information

We collect your name, email address, role as a patient or staff user, and related account details. Patients and staff sign in using an email address and a short-lived verification code.

Patient Portal and Treatment Information

If you are a patient, the Services include treatment-related information selected or entered by Align staff, such as assigned videos, treatment instructions, treatment notes, and exercise completion history. Exercise completion events are tied to your patient account. Staff may also maintain patient notes or administrative details needed to support care and portal access.

Communications and Email Delivery Information

We collect and store information about patient portal invitations, sign-in code emails, message delivery status, failed delivery information, and related technical identifiers from our email service providers.

Push Notification Information

If you use the iOS or Android app and allow push notifications, we collect and store a device push token, device platform, and related delivery information so we can send app notifications. You can disable push notifications through your device settings.

App Activity and Usage Information

We collect information about how the Services are used, such as sign-in events, treatment assignment views, video completion actions, and other activity needed to provide the Services, maintain security, troubleshoot problems, and improve reliability.

Device, Log, and Security Information

When you use the Services, our systems and service providers may process technical information such as IP address, browser or device type, operating system, app platform, request timestamps, error logs, and similar diagnostic information. We use this information to operate, protect, debug, and improve the Services.

Cookies and Similar Technologies

The web portal uses cookies or similar technologies for authentication, session management, CSRF protection, and security. These cookies are needed for the Services to work. You can configure your browser to block cookies, but some portal features may not function correctly.

Mobile App Permissions

The iOS and Android apps request permission to send push notifications. The Android app also uses standard network access so it can connect to Align's servers. The apps do not request access to your location, camera, microphone, contacts, photos, HealthKit or other health platform data, or biometric identifiers.

How We Use Information

We use information for the following purposes:

  • To provide and operate the website, patient portal, iOS app, Android app, and related Services.
  • To authenticate patients and staff using email sign-in codes.
  • To display patient treatment assignments, instructions, videos, and completion history.
  • To allow staff to manage patient accounts, treatment plans, content, and portal access.
  • To send operational emails, including sign-in codes and portal invitations.
  • To send push notifications when enabled.
  • To maintain security, prevent unauthorized access, monitor failed sign-in attempts, and protect the Services.
  • To troubleshoot, debug, maintain, and improve the Services.
  • To comply with legal, regulatory, professional, contractual, and HIPAA obligations.
  • To respond to requests, support needs, or other communications from patients, staff, or authorized representatives.

We do not use patient portal data for third-party advertising.

How We Disclose Information

We may disclose information in the following circumstances:

Within Align Chiropractic

Authorized Align staff may access information as needed to provide care, manage treatment plans, support patient access, operate the practice, and maintain the Services.

Service Providers

We use service providers to host, operate, secure, and support the Services. These may include cloud hosting providers, database providers, email delivery providers, mobile push notification providers, app platform providers, logging or monitoring services, and other vendors that process information on our behalf.

For protected health information, we use business associate agreements where required by HIPAA.

App Platforms and Push Notification Providers

For mobile app functionality, certain technical information may be processed by Apple, Google, Firebase/Google services, or Amazon Web Services as needed for app distribution, push notification delivery, device registration, hosting, or infrastructure operations.

Embedded or Linked Content

The Services may link to or display third-party content, such as videos hosted on YouTube. Third-party websites and services have their own privacy practices. We are not responsible for their independent privacy practices.

Legal, Compliance, and Safety

We may use or disclose information when required or permitted by law, including to comply with legal process, enforce our rights, protect the security of the Services, respond to fraud or security concerns, or meet healthcare regulatory obligations.

Business Transfers

If Align Chiropractic is involved in a merger, acquisition, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to applicable law and HIPAA requirements.

Sale of Personal Information and Advertising

We do not sell patient personal information or protected health information. We do not share patient portal data with third parties for cross-context behavioral advertising, targeted advertising, or data broker purposes.

Tracking and Analytics

The Align app does not track you across apps or websites owned by other companies. We do not use third-party advertising SDKs or third-party analytics SDKs in the app.

Data Security

We use administrative, technical, and physical safeguards designed to protect information, including access controls, authentication, HTTPS for traffic between the apps, website, and our servers in production, production infrastructure controls, and security monitoring. No system can be guaranteed to be completely secure, but we work to protect information in a manner appropriate to its sensitivity and our legal obligations.

Data Retention

We retain information for as long as needed to provide the Services, maintain patient and business records, comply with legal and professional obligations, resolve disputes, and enforce agreements. Medical and treatment-related records may be retained according to healthcare recordkeeping requirements and Align Chiropractic policies.

Your Choices and Rights

Depending on your relationship with Align Chiropractic and applicable law, you may have the right to:

  • Request access to certain information we maintain about you.
  • Request correction of inaccurate information.
  • Request restrictions on certain uses or disclosures of protected health information.
  • Request confidential communications.
  • Request deletion of certain non-medical account or app information, where deletion is legally permitted.
  • Disable push notifications through your device settings.
  • Control browser cookies through your browser settings.

Requests involving protected health information are handled under our HIPAA Notice of Privacy Practices. To make a privacy request, contact Align Chiropractic using the contact information in this policy.

Account and Data Deletion Requests

Patients and staff may request account deletion from inside the app or patient portal. Align Chiropractic will review deletion requests and respond as required by applicable law.

Because Align is a healthcare provider, account deletion is a request-based process rather than an instant hard-delete. Some records, including medical records, treatment records, billing records, legal records, audit logs, security records, and records needed to comply with HIPAA or other healthcare obligations, may need to be retained even if portal access is disabled or an app account is no longer used. Where deletion is permitted, Align will delete or de-identify eligible account or app information.

You may also contact Align Chiropractic using the contact information in this policy and include the email address associated with your account.

State Privacy Rights

Depending on where you live, you may have additional privacy rights under state privacy laws. These rights may include requesting access to, correction of, deletion of, or information about certain personal information. Some health information maintained by Align may be governed by HIPAA and healthcare recordkeeping laws rather than general state consumer privacy laws. To make a state privacy request, contact Align Chiropractic using the contact information in this policy.

If you are a California resident, you may have rights under California privacy law to know or access certain personal information, correct inaccurate personal information, request deletion of certain personal information, opt out of sale or sharing where applicable, and limit the use or disclosure of sensitive personal information where applicable. Align does not sell patient personal information or share patient portal data for cross-context behavioral advertising. Protected health information governed by HIPAA, medical records, and other legally retained healthcare records may be handled under HIPAA and medical-record retention rules rather than general consumer deletion rules.

Children's Privacy

The Services are intended for patients of Align Chiropractic and authorized staff. They are not directed to children under 13 for general consumer use. Align may provide care to minors, and minor patient use of the Services should occur through, or with involvement from, a parent, guardian, or legally authorized representative as required by law and practice policy.

International Users

Align Chiropractic is located in the United States, and the Services are intended for use in the United States. If you access the Services from outside the United States, your information may be processed in the United States, where privacy laws may differ from those in your location.

Changes to This Policy

We may update this Privacy Policy from time to time. When we update it, we will revise the "Last updated" date above. The current version will be posted on our website or otherwise made available through the Services.

Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your privacy choices, contact us:

Align Chiropractic
477 Lancaster Ave Suite 106
Malvern, PA 19355
Email: info@alignpa.com
Phone: (484) 318-7921

If your concern relates to protected health information or HIPAA rights, you may also ask for Align Chiropractic's Privacy Officer or request a copy of the HIPAA Notice of Privacy Practices.