RxGames Privacy Statement

Effective Date: May 18, 2023

Introduction

RxGames takes your privacy seriously. This Privacy Statement describes our practices for collecting, storing, and processing the personal information of users of our software applications in the United States.

We offer therapeutic gaming software that is configured by your therapist for use as your home exercise program. We do this through our websites, including, www.rxgames.com and any other site to which this Privacy Statement is linked or affixed (collectively the “Sites”), the RxGames mobile applications, and other electronic means such as cell phones and portable computers (together, the “Services”). The Services are owned by RxGames, PBC (“RxGames,” “our,” “us,” or “we”).

We license our applications to professional therapy practices which employ doctors of physical therapy and other professionals (each a “Professional” or together, the “Professionals”) that provide musculoskeletal care, neurologic rehabilitation, and other wellness services provided by a Professional (“Clinical Services”). We do not provide Clinical Services. 

Our Services collect data on patient activity relating to the Clinical Services and may be Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), such as your home exercise program and movement metrics. PHI is covered by a separate policy called the HIPAA Notice of Privacy Practices. The HIPAA Notice of Privacy Practices describes how RxGames uses and shares PHI and contains more information about your rights under HIPAA. This Privacy Statement may provide additional detail on how PHI is collected, processed, or stored, but if there is a conflict between this Privacy Statement and the HIPAA Notice of Privacy Practices with respect to PHI, the HIPAA Notice of Privacy Practices will solely apply.

We encourage you to read both the Privacy Statement and the HIPAA Notice of Privacy Practices carefully. If you have any questions about this policy or our practices, please send an email to info@RxGames.com. 

Personal Information We Collect

We may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular user or household (“Personal Information”) as further described in the following categories below. We collect Personal Information from you and from your use of the Services. By using the Services, and visiting the Sites, you agree that we can collect and use your Personal Information as described in this Privacy Statement.

Information You Provide To Us

We collect information that you provide to us, including when you download the gaming software, respond to a survey, or contact us. Specifically, we may collect the following categories of information:

  • Contact or other Identifying Information, such as your name, address, email address, telephone number, username and RxGames password when you register/set up an account;
  • Mental and physical condition information, such as height, weight, general health, feelings of pain and fatigue, exercise patterns;
  • Medical information such as current or former injuries and medical diagnoses; and
  • Communications with RxGames, including communications with the Professionals.

Information Collected While Using Our Services

We may also collect certain information when you access our Sites and use our Services. This information is generated by the Sites, or the mobile app, computer, tablet, or cell phone used in the Services. Specifically, we may collect the following categories of information:

  • Internet and other electronic activity data, such as the name of the domain and host from which you access the internet; the browser software you use and your operating system; the date and time you access the Sites; how often you access the Services, and the internet address of the website from which you directly linked to RxGames;
  • Log and Troubleshooting Information: We collect information about how our Services are performing when you use them, like service related diagnostic and performance information. This information includes log files, timestamps, diagnostic or crash data, website/app performance logs and error messages or reports.
  • Identifiers  such as Internet Protocol (IP) address; and
  • Game play data including the type and order of exercises, number of repetitions, duration, manner, and individual performance including range of motion, movement errors, and compliance with the assignment movement.

Information Collected from Clinical Services Professionals

In connection with your use of the Services, we may combine or compare data we have collected from you with information collected from Professionals. Some examples of information we may receive from Professionals include:

  • In connection with your treatment, we may collect medical information. This may include past or present diagnoses, previous treatments, general health, test results and reports related to your treatment.

Use of Personal Information

We may use the Personal Information we collect for one or more of the following business purposes:

  • To provide, personalize, improve, update, and expand our Services, including: 
  • For product testing and development, data analysis, and survey purposes; and,
  • For scientific, statistical, and historical research;
  • To communicate with you about the Services, including: 
  • To respond to your inquiries and concerns;
  • Provide you with information or request action in response to technical, security and other operational issues; or
  • To create de-identified information (for example, aggregated statistics) related to the use of the Services or for scientific research;
  • To comply with laws and regulations, including to respond to law enforcement or a government request(s) as required by applicable law, court order, or governmental regulations and to monitor our compliance with those obligations;
  • To protect the integrity and maintain the security of our Services;
  • To enforce our Terms and Conditions; and
  • For any other purpose for which you may provide consent or as disclosed to you when you provide information to us.

When we use the term “de-identified information,” we mean information that is neither used, nor intended to be used, to identify an individual. We may use de-identified information without restriction and may share it with unaffiliated third parties.

Sharing Personal Information

RxGames does not share your Personal Information with third parties except as described in this Privacy Statement, the HIPAA Notice of Privacy Practices, or with your additional consent (if required).

RxGames may share Personal Information with the following categories of third parties for the following purposes:

  • Service Providers: We may share your Personal Information with service providers, such as contractors and other third parties we use to support our organization and provide us with services. These companies are subject to contractual obligations governing privacy, data security, and confidentiality consistent with applicable laws. These companies include our cloud services infrastructure providers, vendors that assist us in marketing and consumer research analytics, fraud prevention, security, communications infrastructure providers, vendors that help us provide some support functions, like phone support or survey tools, and third-party partners for analytics and advertising purposes.
  • Research Partners: We may share your Personal Information with research partners if you provide us with your express consent or if otherwise permitted by law. Research partners include commercial or non-profit organizations that conduct or support scientific research, the development of therapeutics, medical devices or related material to treat, diagnose, or predict health conditions. In some circumstances, a research partner or RxGames may have a financial interest in the research arrangement.
  • Health Care Providers, Health Plans, and Similar Organizations: Personal Information that we create or obtain about you may be shared with health care providers, health plans, or other similar health care organizations as permitted by law or pursuant to your consent.
  • Law Enforcement, Government Agencies or Other Third Parties: From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or other similar legal process. If we disclose your Personal Information in this way, we will reasonably attempt to provide you with advance notice, unless we are prohibited from doing so. We may share your Personal Information if we believe it is reasonably necessary to: 
  • Comply with valid legal process (e.g., subpoenas, warrants);
  • Respond to a government request;
  • Enforce or apply the RxGames Terms and Conditions;
  • Investigate fraud;
  • Protect the security or integrity of the Services;
  • Protect the rights, property, or safety of RxGames, our employees, members, or users; or
  • At your direction or with your permission.
  • Corporate Transaction: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of our assets, we may share or transfer your Personal Information as part of such corporate transaction.

Retention of Personal Information

RxGames will retain the Personal Information you provide while creating your account until such time as you delete your account, or you request deletion provided you are entitled to request deletion under applicable law. Any clinical records created as a result of your use of the Services will be securely maintained by RxGames for a period that is no less than the minimum number of years such records are required to be maintained under applicable law, which is typically at least six years. RxGames may also retain certain information as reasonably necessary to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, securities, and regulatory compliance requirements.

Choices Regarding Your Personal Information

Opt-Out of Marketing Communications

Opt-out of marketing communications: You may opt out of marketing communications from us at any time by following the opt-out or unsubscribe instructions provided within our marketing communications, or contracting us at RxGames, PBC ATTN: Privacy Office 1275 Kinnear Rd, Columbus, OH 43212 or via email info@RxGames.com. Please note that if you opt out of marketing communications, we may continue to send you necessary information about our business relationship or other transactions that you may have with us.

Do Not Track

We do not currently respond to “do not track” or similar signals that users may configure in their browsers, in part because there is not currently a strong consensus around their use. For more information about “do not track” signals, please visit https://allaboutdnt.com/.

Exercising Rights and Making Inquiries About Your Personal Information

Depending on where you live and the scope of applicable laws, you may have certain privacy rights with respect to the Personal Information we collect and maintain about you, such as the following:

  • Right to Know/Access: You may have a right to request access to your Personal Information and to be provided with a copy of certain information in a readily useable format, including:
  • The categories of Personal Information we collected about you;
  • The categories of sources from which we have collected your Personal Information;
  • Our business or commercial purpose for collecting or selling that Personal Information;
  • The categories of your Personal Information that we have shared with third parties;
  • The categories of third parties with whom we share your Personal Information; or,
  • The specific pieces of Personal Information we collected about you.

  • Right to Rectify/Modify: You may have the right to request that we rectify/correct the Personal Information we have collected and maintain about you. To request to modify your Personal Information, email us at info@RxGames.com. We may request additional information from you in order to verify your identity and update your Personal Information per your request.

  • Right to Request Deletion: You may have the right to request that we delete the Personal Information that we have collected and maintain about you subject to applicable law. We may deny your request under certain circumstances, such as if we need your Personal Information to respond to your inquiries. If we deny your request for deletion, we will let you know the reason why. There may be some latency in deleting your Personal Information from our backup systems after it has been deleted from our primary production and development systems.

  • Right to Data Portability: You may have the right to request us to provide you, or a third-party, with a copy of your personal information in a structured, commonly used machine readable format.

  • Right to be Free from Discrimination: You have the right not to be discriminated against for exercising your privacy rights, including the right not to be retaliated against or be charged differently for our Services based on your exercising your data subject rights. 

How to Exercise Your Privacy Rights

If applicable, you may exercise your right to know/access and your right to request deletion twice a year free of charge. To exercise your rights to know/access and request deletion, please contact us at info@RxGames.com]. For requests to delete, rectify/modify, and to know, we will take steps to verify your identity before processing your request. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify that you are the individual about whom we collected Personal Information. When submitting your request, please provide us with your name and contact information for purposes of enabling us to begin verifying your identity. We may request additional information about you if needed to verify your identity. Unless you have previously provided us your Personal Information for another purpose, we will only use the Personal Information provided in the verification process to verify your identity or authority to make a request, and to track and document your request to meet our obligations. We do not discriminate against individuals for exercising any of the above privacy rights. These rights may not be available to you and certain exceptions and exemptions may apply that will limit your ability to exercise these rights.

We will initially respond to you no later than 10 business days after receiving a request to delete, correct or to know to confirm receipt of the request and provide information about how we will process your request, including any additional information that we may need to verify your identity. We will respond to your request within 45 days after receipt.  We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. 

If necessary, we may take an additional 45 calendar days to respond to your request, but, if we do, we will provide you notice of the reason for this additional time needed to process your request. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


For Colorado residents only, within 45 days of a valid and verifiable data subject request, if we do not take any action on the request, we will let you know why, which is usually because we cannot verify your identity or we have verified your identity but identified that you are not and have not been a Colorado consumer in the relevant time period and not able to exercise rights under the CPA. We will provide information about how you may appeal this decision / non-action in that communication. You may contact the Colorado Attorney General if you have concerns about the result of your appeal.

Use of Authorized Agents

If required under applicable law, you may use an authorized agent to submit a request to know/access or a request to delete on your behalf. Even if you use an authorized agent, you will still need to communicate directly with RxGames to verify your identity and address. We require that you provide us with a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to contact you directly if we have any questions or concerns about the request from your agent.

Within the preceding 12 months:

  • We have collected the categories of Personal Information described above in “Personal Information We Collect” from the sources described therein for the purposes described in “How We Use and Share Your Personal Information.”
  • We have shared categories of Personal Information to Service Providers, and Other Third Parties (as described further in “How We Use and Share Your Personal Information”).
  • We have not “sold” or “shared” your Personal Information as those terms are defined by the CCPA and CPRA, respectively. For purposes of the CPRA, “shared” means disclosed to another person or entity for cross-behavioral advertising purposes. 

California Shine the Light Law

California's “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@RxGames.com [or write us at: RxGames, 1275 Kinnear Rd, Columbus, OH 43212.

Nevada Resident Rights

Nevada law permits our Users who are Nevada consumers to request that their personally identifying information not be sold (as defined under applicable Nevada law), even if their personally identifying information is not currently being sold. Requests may be sent to info@RxGames.com.

Parents of MinorsIf you are the parent of a child under is under 13 years of age (or under another age specified by applicable regulations) and believe your child has provided us with information without your consent, email us at info@RxGames.com and we will delete the information from our system. 

How We Protect Personal Information

We take great care to protect the Personal Information we maintain about you. RxGames has a broad information security program designed to protect your Personal Information using administrative, physical, and technical safeguards. We have measures in place to protect against inappropriate access, loss, misuse, or alteration of Personal Information under our control. For example, Personal Information is stored on encrypted servers. While we strive to protect your Personal Information, we cannot guarantee the security of information you provide to us. This is especially true for information you transmit to us via email because email may not have the security features that are commonly built into websites. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure of your Personal Information. Additionally, please be aware that we have no control over the information collected by your internet service provider or information that you disclose over a public network. We are not responsible for any information collected by third parties not within our control or how such information is used or maintained.

Children’s Information

We take the privacy of children seriously and recognize the need to provide additional protections for their personal information. In compliance with the Children's Online Privacy Protection Act (COPPA), we have established the following practices for the collection and use of personally identifying information of minors under the age of 13.

We encourage parents and guardians to teach their children about privacy and how their personal information may be used on the Internet. Children should never disclose their name, address or phone number, or any other personal information, without their parents’ or guardian’s prior permission.

  • Parental Consent: We will not collect, use, or disclose personal information from children under the age of 13 without obtaining verifiable parental consent. Parents or legal guardians will be required to provide consent through a reliable and secure method, such as an electronic signature or a consent form sent via email. In the case of activities that involve the collection of personal information, we will provide parents with a clear and comprehensive description of the information we intend to collect, how it will be used, and the option to consent to our collection and use of their child's information.
  • Parental Rights: Parents have the right to review, modify, or request deletion of their child's personal information at any time. They can also revoke their consent and ask us to stop collecting and using their child's information. To exercise these rights, parents should contact us via email at info@RxGames.com.
  • Limited Collection and Use: We will only collect personal information from minors that is reasonably necessary for the intended purpose, such as participating in an online activity. We will not use or disclose the collected information for any other purposes without obtaining additional parental consent.
  • Data Security: We have implemented appropriate security measures to protect the personal information of minors from unauthorized access, use, or disclosure. These measures include, but are not limited to, encryption, restricted access, and regular monitoring of our systems.
  • Third-Party Services: When working with third-party service providers, we ensure that they adhere to our privacy practices and provide adequate protection for the personal information of minors. These providers are contractually obligated to maintain the confidentiality and security of such information and are prohibited from using it for any other purpose.

By using our services, you acknowledge and agree to this Section and provide consent on behalf of your child if they are under the age of 13. If you have any questions or concerns about our collection and use of personally identifying information of minors, please contact us using the contact details provided in the "Contact Us" section of this Privacy Statement.

Parents must exercise their privacy rights for their children. Please refer to the "Parents of Minors" section of this Privacy Statement.

In the event parental consent has not be obtained, of if we consider that any of our Services are directed at users under the minimum legal age required in their state of residents, we can block such users from using the Services or from providing information and/or limit the collection of information from such users as described below in more detail. 

No personal information should be submitted to RxGames by users under the minimum legal age required in their state of residence without parental consent. We apply the following limitations to personal information collection for a user that is not of the minimum legal age required in their state of residence. Such a user cannot:

• display their real name or any information in the games

• access the chat, leaderboard, forums, or social networks

• use any other feature where users could appear under their real names

If you become aware that an individual under age 13 has provided Personal Information directly to us without the necessary consent or if you are a parent and would like to withdraw such consent, please contact us as described in the “Contact Us” section, so that we can delete the information.

A parent or guardian of a person under 18 years of age may create an account on behalf of their child, provided that the parent assumes full responsibility for the account and for the interpretation and use of any information provided through the Services. Further, the parent or guardian agrees to supervise their child’s use of the Services. Once a child reaches the age of 18, their Personal Information becomes theirs to control, and the parent or guardian no longer has the ability to control the account.

External Websites

The Sites may contain links to other websites, including, but not limited to, investor relations sites, job applicant information gathering, assessment, and testing sites. These third-party sites have their own privacy practices and measures to secure and protect your information. This Privacy Statement does not apply to any third-party sites. We encourage you to review the privacy statement of any other third-party website you may visit.

Changes to This Privacy Statement

This Privacy Statement is effective as of the date stated at the top of this Privacy Statement. We may change this Privacy Statement from time to time. Please be aware that, to the extent permitted by applicable law, our use of your information is governed by the Privacy Statement in effect at the time we collect the information. If you visit the Sites or use the Services after a change to this Privacy Statement is posted on the Sites, you will be bound by such change.

Contact Us:

If you have any questions or comments regarding this Privacy Statement, please contact us at:

RxGames, PBC ATTN: Privacy Office 1275 Kinnear Rd, Columbus, OH 43212 or info@RxGames.com.