Legal

Privacy Policy

Effective Date: April 3, 2026  ·  Last Updated: April 3, 2026

1. Overview

6 PAC Method ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at 6pacmethod.com and when you use our online physical therapy and wellness services.

By accessing our website or enrolling in any of our programs, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

This policy applies to all information collected through our website, telehealth platform, email correspondence, intake forms, and any other digital channels we operate.

2. Information We Collect

We collect information you provide directly to us and information gathered automatically as you interact with our services.

Information You Provide

  • Identity & Contact: Full name, email address, phone number, mailing address, and date of birth.
  • Health & Medical Information: Medical history, current symptoms, pain descriptions, injury history, functional limitations, medications, prior surgeries, and rehabilitation goals.
  • Assessment Data: Movement screen results, postural analysis, range-of-motion measurements, and functional performance metrics collected during virtual or recorded assessments.
  • Billing & Payment: Credit/debit card details (processed via our third-party payment processor), billing address, and transaction history.
  • Program Participation: Exercise logs, check-in responses, nutrition journals, progress notes, and communications with Dr. Kelvin Lee or our clinical team.
  • Account Credentials: Username and encrypted password for your client portal account.
  • Communications: Emails, messages, or other content you send to us, including consultation requests and support inquiries.

Information Collected Automatically

  • Usage Data: Pages visited, time spent, links clicked, and features accessed.
  • Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Cookies & Similar Technologies: Session cookies, persistent cookies, and pixel tags (see Section 7).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To create and manage your client account, deliver your physical therapy and wellness program, and communicate with you about your care.
  • Clinical Assessment: To evaluate your movement patterns, pain levels, and functional status in order to design and update your personalized rehabilitation and wellness protocol.
  • Billing & Payments: To process your program enrollment, charge subscription fees, issue receipts, and manage refunds.
  • Scheduling & Communication: To schedule Zoom assessments, send appointment reminders, program updates, and wellness content.
  • Progress Monitoring: To track clinical outcomes, adapt your program based on weekly check-in data, and measure your recovery milestones.
  • Safety & Compliance: To comply with applicable health, legal, and regulatory requirements, and to maintain accurate clinical records.
  • Service Improvement: To analyze aggregate, de-identified usage trends to improve our website, methodology, and client experience.
  • Marketing (with consent): To send promotional emails about new programs, articles, or offers — only if you have opted in. You may unsubscribe at any time.

We do not sell your personal information to third parties. We do not use your health data for advertising purposes.

4. Disclosure of Information

We may share your information with the following categories of parties, and only to the extent necessary:

Service Providers

  • Payment Processors: Stripe or equivalent processors handle payment card data. They are PCI-DSS compliant and do not store full card numbers on our behalf.
  • Telehealth Platforms: Zoom or equivalent HIPAA-eligible video conferencing tools used to conduct your biomechanics assessments and consultations.
  • Cloud & Hosting: Secure cloud infrastructure providers (e.g., AWS, Google Cloud) that store our databases and application data under confidentiality agreements.
  • Email & Communication Tools: Providers that deliver transactional and marketing emails on our behalf (e.g., Mailchimp, ConvertKit), bound by data processing agreements.
  • Analytics Providers: Services such as Google Analytics that receive anonymized, aggregated data to help us understand website performance.

Legal & Regulatory Requirements

  • We may disclose your information if required to do so by law, court order, subpoena, or government regulation.
  • We may disclose information to protect the rights, safety, or property of 6 PAC Method, our clients, or the public — including situations involving imminent harm.

Business Transfers

  • In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.

With Your Consent

  • We may share your information with other parties when you have given us explicit, informed consent to do so (for example, sharing a case summary with a referred specialist).

5. Method of Disclosure

When we share your information with third parties, we use the following methods and safeguards:

  • Data Processing Agreements (DPAs): All service providers who handle personal data on our behalf sign binding DPAs that restrict their use of the data to the services they perform for us.
  • Encrypted Transmission: Data transferred to third parties is transmitted over encrypted channels (TLS 1.2 or higher) to prevent interception in transit.
  • Minimum Necessary Standard: We share only the minimum amount of information required for the third party to fulfil the specific purpose. Health data is shared with service providers only when strictly necessary for care delivery.
  • API Integrations: Where systems are connected via API (e.g., scheduling or payment tools), data exchange is authenticated via secure API keys and OAuth 2.0 tokens.
  • No Onward Transfers Without Consent: We prohibit service providers from disclosing your data to other parties without our prior written authorization.

6. Security Practices

We take the security of your personal and health information seriously and implement the following safeguards:

Technical Safeguards

  • Encryption at Rest: Sensitive data — including health records and payment information — is encrypted at rest using AES-256 encryption.
  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS/HTTPS. We enforce HTTPS sitewide with HTTP Strict Transport Security (HSTS).
  • Access Controls: Database access is restricted to authorized personnel on a role-based, least-privilege basis. Credentials are managed with multi-factor authentication (MFA).
  • Secure Password Storage: User passwords are never stored in plaintext. They are hashed using bcrypt with a minimum cost factor of 12.
  • Regular Security Audits: We perform periodic vulnerability assessments and penetration tests on our infrastructure.

Organizational Safeguards

  • Only Dr. Kelvin Lee and explicitly authorized team members have access to client health records, restricted to what is necessary for your care.
  • We maintain an incident response plan. In the event of a data breach affecting your information, we will notify you within 72 hours of discovery, consistent with applicable law.
  • Employees and contractors with access to personal data are bound by confidentiality obligations.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. We encourage you to use strong, unique passwords and to keep them confidential.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our services:

  • Essential Cookies: Required for the website and client portal to function. They enable session management and authentication. These cannot be disabled.
  • Analytics Cookies: Collect aggregate, anonymized data about how visitors interact with our website (e.g., Google Analytics). You may opt out via your browser settings or the Google Analytics Opt-Out Browser Add-on.
  • Marketing Cookies: Used to track conversions if you arrived from an advertisement. We do not use persistent advertising-profile cookies without your consent.

Most web browsers allow you to control cookie settings. Disabling essential cookies may impair functionality of your client portal.

8. Health Information

The 6 PAC Method collects protected health information (PHI) as part of delivering physical therapy and wellness services. We treat this information with the highest level of care:

  • Health data is stored separately from general account data in access-controlled, encrypted environments.
  • We do not disclose your health information to employers, insurance companies, or marketing platforms without your explicit written consent.
  • You may request a copy of your health records or ask us to correct inaccuracies at any time by contacting us at the address in Section 12.
  • If applicable to your jurisdiction, we comply with HIPAA and other relevant health data protection regulations.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements (e.g., clinical record retention laws).
  • Portability: Request your data in a structured, machine-readable format.
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us directly.
  • Withdraw Consent: Where we process data based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us using the details in Section 12. We will respond within 30 days.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Post the updated policy on this page with a revised "Last Updated" date.
  • Send an email notification to active clients at least 14 days before the changes take effect.

Your continued use of our services after the effective date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a privacy concern, please contact us:

6 PAC Method

Attn: Dr. Kelvin Lee, PT, DPT

Email: privacy@6pacmethod.com

Website: 6pacmethod.com

We are committed to resolving any privacy concerns promptly and transparently.