Able Hands Rehabilitation PC / Able Hands Orthotics Inc.

Privacy Policy

Effective Date: 02/11/2025

Introduction

At Able Hands Rehabilitation PC / Able Hands Orthotics Inc., your privacy is critically important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you (1) opt into our SMS messaging program, and (2) use the Able Hands 3D Scanner mobile app.

By opting into our SMS service, you agree to the terms in Sections 1–10, which are in compliance with the latest 2024 regulations under the Telephone Consumer Protection Act (TCPA) and the Campaign Registry guidelines.

By using the Able Hands 3D Scanner mobile app, you agree to the terms in Sections 11–15.

1. Information We Collect (SMS)

When you opt in to receive SMS messages from us, we collect the following information:

  • Phone Number: The mobile number provided during the opt-in process.
  • Message Interaction Data: Includes information such as delivery status, response data, and message engagement rates.
  • Consent Data: We maintain records of when and how you provided consent to receive SMS messages, including the method of opt-in (e.g., web form, keyword, or verbal consent).

2. How We Use Your Information (SMS)

We use your information to:

  • Send text messages based on the preferences you indicated when opting in, such as updates, notifications, and alerts.
  • Ensure compliance with federal regulations, including the TCPA.
  • Monitor and improve our SMS services by tracking engagement metrics.

Your information will only be used for the purpose specified at the time of opt-in and will not be used to send unrelated messages.

3. One-to-One Consent Requirement

In line with FCC regulations (March 2024), your SMS opt-in applies to communications from Able Hands Rehabilitation PC / Able Hands Orthotics Inc. only. Your consent to receive SMS messages is specific to our company and does not extend to third-party businesses or affiliates unless explicitly stated and separately agreed upon.

4. Message Frequency and Data Rates

The SMS message frequency will vary but will not exceed 5 messages per day unless there is a notification event. Message and data rates may apply depending on your mobile carrier and plan. We encourage you to review your carrier’s terms for more details on messaging fees.

5. Opt-Out Instructions

You can opt out of our SMS service at any time by replying with STOP to any message you receive from us. Once you opt out, you will immediately cease receiving further messages unless you opt back in. For help, you can reply with HELP or contact us directly at info@ablehandsrehab.com or (732) 727-7333.

6. Data Sharing and Disclosure (SMS)

We will never share or sell your information to third parties for marketing purposes without your explicit consent. We may, however, share your information with trusted third-party service providers for the purpose of facilitating SMS delivery (e.g., telecommunications providers). All such parties are bound by strict confidentiality agreements and are prohibited from using your data for any purpose other than SMS delivery.

In compliance with Do Not Call (DNC) Registry regulations (2024), you have the right to register your number with the National DNC Registry. If you are on the DNC Registry, we will not send you promotional SMS messages unless you have provided express consent to do so.

7. Security of Your Information

We take reasonable measures to protect the information you provide from unauthorized access, disclosure, or misuse. However, no system is completely secure, and we cannot guarantee the absolute security of your data during transmission or storage.

8. Record-Keeping and Proof of Consent

As required by the TCPA and Campaign Registry guidelines, we maintain records of all opt-ins and opt-outs, including timestamps and the method of consent. These records are kept securely and may be used to demonstrate compliance with regulatory requirements if needed.

9. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. Any significant changes will be communicated via SMS or on our website. Continued use of our SMS service or the mobile app after any changes indicates your acceptance of the revised policy. Please check back periodically to stay informed of any updates.

10. Contact Us

If you have any questions about this Privacy Policy or wish to update your preferences, you can contact us at:

11. Information We Collect Through Our Mobile App

When you use the Able Hands 3D Scanner mobile app, we collect the following categories of information in addition to anything described above:

a. Account Information. When you create an account, we collect your email address, first and last name, and a password (stored as a one-way hash by AWS Cognito; we never see or store your plaintext password). For users authorized to use the app in a medical context, we may also collect a professional role designation and license/NPI number.

b. 3D Scan Data and Face Data. When you take a scan, the app uses the TrueDepth camera on your iPhone to capture depth measurements of the subject you are scanning (which may include a hand, face, other body region, or inanimate object). These depth measurements are converted on your device into a 3D mesh file (in .stl, .obj, .mtl, .jpg, and .txt formats) which constitutes the “scan.” Where the subject of a scan is a face, the resulting mesh is considered “face data” under Apple’s developer terms.

c. Subject Metadata. When you save a scan, the app collects the metadata you enter on the scan form: a subject identifier (first and last name OR object name depending on scan type), a scan date, an optional brace name (medical workflow only), and optional free-text notes.

d. Purchase Records. When you purchase a scan export, we record the Apple transaction identifier, your account identifier, and the scan the purchase was applied to. We do not see your payment method — Apple handles payment processing entirely.

e. Diagnostic Information. We log routine operational data (timestamps, error codes, request identifiers) to operate and troubleshoot the service. These logs do not contain face data, scan content, or subject identifiers.

12. How We Use 3D Scan Data and Face Data

We use the 3D scan data, including face data, ONLY for the following purposes:

a. To process, store, and deliver the scan you captured back to you, including by email if you request the email-export feature.

b. To support the design of custom orthotic devices for users in a medical workflow, when the scan is reviewed by an Able Hands Orthotics clinician you have authorized through your professional account.

c. To diagnose technical problems if you submit a support request that includes a specific scan.

We do NOT use face data for any of the following purposes:

  • We do not use face data for identification or authentication.
  • We do not use face data for advertising, marketing, or for creating user profiles unrelated to the orthotic or scanning use case.
  • We do not provide face data to data brokers or analytics providers.
  • We do not train machine learning models on face data.

13. How We Share 3D Scan Data and Face Data

We do not sell your face data or 3D scan data, and we do not share it with third parties for advertising or marketing.

We use the following service providers strictly to operate the service, under contractual obligations to keep your data confidential and use it only for the purposes we direct:

  • Amazon Web Services (AWS) — provides cloud storage (Amazon S3) and database services (Amazon DynamoDB) where scan files and metadata are stored at rest in the United States, encrypted using AWS Key Management Service (KMS).
  • Amazon Cognito — manages account credentials.
  • Amazon Simple Email Service (SES) — delivers scan files to your email when you request the email-export feature.
  • Apple — processes in-app purchases and provides the TrueDepth camera APIs we use to capture scans. Apple’s privacy policy governs Apple’s handling of payment data and device telemetry.

If we are required to disclose data in response to a valid legal process (subpoena, court order, or law enforcement request), we will do so only to the minimum extent legally required and, where permitted, will notify you first.

14. Retention of 3D Scan Data and Face Data

Scans you save are retained in your account until you delete them.

You may delete an individual scan at any time from the Scan History tab in the app. When you delete an individual scan from the app, we also delete the corresponding mesh file from our servers within a reasonable period (typically within 30 days), subject to routine backup retention.

You may also delete your entire account, which permanently removes every scan you have taken, all account metadata, and all purchase records from our servers. To delete your account, open the app, go to the Account tab, and tap Delete Account. This action is permanent and cannot be reversed.

We do not retain face data for any purpose beyond delivering and storing the scan you captured. If you do not save a scan, the depth measurements used to capture it are discarded on your device and never transmitted to our servers.

15. Your Choices and Rights

a. Access — you can view all scans associated with your account through the Scan History tab in the app.

b. Deletion — you can delete individual scans from the app, or delete your entire account (which deletes everything) from the Account tab.

c. Email — if you no longer wish to receive scan exports by email, simply do not request the email-export feature; we do not send marketing emails from this app.

d. Withdrawal of Consent — uninstalling the app and deleting your account is sufficient to withdraw consent. After account deletion, no further data is collected.

e. Contact — for any privacy request not covered by the in-app controls, contact us at the address in Section 10.

Links

Key 2024 Compliance Elements

  • One-to-One Consent: Consumers are only giving consent to receive messages from the specific business they opt into, not from multiple parties.
  • Clear Disclosures: The policy includes clear language about the nature of the messages, frequency, potential charges, and opt-out mechanisms.
  • Do Not Call Protections: The policy reflects the latest FCC guidance that DNC protections apply to SMS, making it clear that businesses must adhere to DNC regulations.
  • Data Sharing and Record-Keeping: Emphasizes the importance of maintaining proof of consent and clear guidelines on how data is shared for operational purposes.

This Privacy Policy aligns with current 2025 TCPA and FCC guidelines, ensuring our business remains compliant while fostering transparency with consumers.