Privacy Policy

July 24, 2022

Celloscope, Inc. and its affiliates (“OneStep”) are deeply committed to protecting the privacy and security of our customers’ data.

Description of Users and Acceptance of Terms

This Privacy Policy (“Privacy Policy”) sets forth and describes the practices that we will follow with respect to the privacy of the information of visitors and users of this site and our mobile applications. By accessing and using the digital platform, visiting OneStep.co (“Website”) and using OneStep’s mobile application (“Application”), (collectively, the “Services”) you acknowledge that you accept the practices and policies outlined in this Privacy Policy.

This Privacy Policy applies to information of visitors to the Website or Application, who view only publicly-available content (“Visitors”), individuals who have signed up to use our Services (“Users”). If you are accessing or using the Services as a Provider (as defined in our Terms of Use) of physical therapy or remedial exercise coaching or services and as such you have signed up to use our Services (“Providers”) or an applicant Provider, you shall also be subject to the OneStep Providers Privacy Policy which OneStep shall provide to you under such terms and conditions made available to you. “You”, “your”, or similar terms refers collectively to Visitor, User and Provider.

This Privacy Policy applies to information we collect through the Services; and via email, text, or other electronic messages between you and any employee or agent of OneStep. This policy does not apply to the actions of any company or entity that we do not control and to individuals who we do not directly employ or manage.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use.

Types of Information We May Collect:

Personal Information which you actively provide to us through use of the Services.

This is information you intentionally and/or actively provide to us  in the course of your use of the Services, including  contact information from Visitors of the Website; this information typically includes your name, email address, and any information you provide in messages or job applications to us;  when you register and open an Account and/or update your Account details, such as your e-mail address, birthday, gender, phone number, full address, username and password.

Health Information

Some of the information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended from time to time. To the extent other state or local privacy and data protection laws apply to your data, we comply with those requirements as well.  You may also share information directly to a Provider acting within the scope of their license in the provision of service.

Personal Images

Collection and Use of Images In our ongoing effort to provide a personalized and enriching experience within our Application, we allow users the option to upload images. These images may be used solely for the purpose of creating personalized logos within the user's profile or other areas of the app to enhance the user experience. We want to assure our users that the security and confidentiality of their uploaded images are paramount. The images are stored securely and are not shared with any third parties. They are exclusively used within the app for the purposes described herein. This practice is part of our commitment to upholding the highest standards of privacy and data protection for our users.

Personal Information which is being collected by us automatically when you use or access the Services.

This is information which we automatically receive upon you access or interact with our Services. This information may include:

  • IP address, UDID (Unique Device Identifier) or other persistent user and/or mobile device token (as applicable), advertising ID, device type, operating system, browser type and version, screen resolution, browser and keyboard language, the User’s ‘click-stream’ and activities on the Services, the period of time the User visited the Website and/or and related time stamps.
  • Geolocational Information – with your consent, we may, automatically collect geolocational information from your mobile device, your wireless carrier, or certain third-party service providers (“Geolocational Information”). Collection of such Geolocational Information occurs only when the OneStep Application is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case OneStep will not be able to provide certain features of the OneStep Application to you.
  • Gait Information – with your consent we will automatically collect information from sensors on your mobile device, in order to evaluate Your gait and Your walk score and monitor your progress (“Gait Information”). The Gait Information is tracked only while the OneStep Application is running on your mobile device. You may decline to allow us to collect such Gait Information, by turning off your location services on your mobile device, in which case OneStep will not be able to provide certain features of the OneStep Application to you.

From Cookies

Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We use both first- and third-party session cookies and persistent cookies.

  • Session Cookies: These make it easier for you to navigate our Website and Services.
  • Persistent Cookies: This cookie remains on your hard drive for an extended period of time or until you delete them. To the extent we provide a log-in portal or related feature on our Services, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our Visitors, Users and Providers to personalize the experience on our Platform. You can remove persistent cookies by following directions provided on your web browser. If you do not wish for us to place this cookie on your hard drive, please consult your Internet browser’s documentation for information please. However, if you decide not to accept cookies from us, the Service may not function properly.

Third-Party Analytics

We also use third-party analytics services (such as Google Analytics and Mixpanel) to assess your use of the Services, analyze performance metrics, and analyze other information connected to mobile and Internet usage. By accessing and using the Services, you consent to these third parties processing the data about you in the way and for the purposes set out in this Privacy Policy. To learn more, about such third parties, including how to opt out from certain data collection by these specific third parties, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Service.

For Google Analytics, please visit https://www.google.com/analytics.

For Mixpanel, please visit https://www.mixpanel.com.

Information Received by Providers or Third Party Service Providers

To the extent that You use our OneStep-Powered RCS feature (as detailed in our Terms of Use), we may receive any information required in connection with such use (including without limitation, any Personal Information or Health Information detailed above) from the Providers and/or Third Party Service Provider you choose, and which has assured us they do so subject to your explicit consent.

Use of Health Information and Personal Information

The OneStep Service enables Users to access and communicate with their Providers through their use of the Services. These communications may include Health Information and personal information, which may be stored on the Services as a result of your relationship with a Provider. The User is solely responsible for choosing and approving any Providers as and sharing their Health Information and personal information with these Providers.

If you do share any of your Health Information through the Services with a Provider, you acknowledge and agree that such information is made available to such Provider and use by such Provider is not subject to the OneStep Terms of Services Privacy Policy.

The Providers may also share data relating to their Users with OneStep. We use this data in accordance with the terms and conditions of the Providers Terms of Use and the Privacy Policy.

The Purposes and Legal Basis of the Collection, Processing and Use of Information

Legal Basis for Use

We collect, process, and use your Personal Information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds:

  • In Performing an agreement with you: We collect and process your Personal Information in order to provide you with the Site, following your acceptance of this Privacy Policy and pursuant to the Terms of Use; to maintain and improve our services to you; to develop new services and features for our Users; and to personalize the use of the Services in order for you to get a better user experience.
  • With your consent: We ask for your agreement to collect and process your information for specific purposes and you have the right to withdraw your consent at any time.
  • Legitimate interest: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our services, protecting against harm to the rights, property or safety of our properties, or  our users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our Terms of Use.

Purpose of Use

We may use the Personal Information that we collect about you for the following purposes:

  • To provide operate and improve the Services, Website and/or Application for  our Users and to manage our business.  
  • To send you updates, notices, notifications, and announcement related to the Services as well as newsletters, coupons, commercial offers and additional communications regarding our products and services.
  • To verify your eligibility and deliver prizes in connection with promotions and referral programs we may hold from time to time.
  • To be able to manage your Account and provide you with customer support services. to enable us to further develop, customize and improve the Service based on Users’ common preferences, uses, attributes and anonymized or de-identified data.
  • Aggregated Information. We may use aggregated statistical data and other cumulative information and we perform anonymization on your information so as to render it non-identifiable,  and sue such anonymized or other conclusive information that is non-personal, to enable us to provide our Users with a better user experience with more relevant and accurate information, services, third party services, features and functionalities, statistical and research purposes, marketing purposes, etc. and to improve our Website, Application and/or Services. We may share aggregated or anonymized information between Users who are performing similar exercises and/or undergoing similar therapy,
  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities,
  • To complete a transaction through our Services.
  • To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.
  • To engage with the Providers and Related Third Parties in order to perform certain operations on behalf of OneStep, including service providers and affiliates of our customers. These companies will have access only the Information only as necessary to perform their functions and to the extent permitted by law. We may also share your Information with any of our affiliates.
  • Where You access the Services via Third Party Service Providers (as defined in our Terms of Use), we may share Personal Information with Such Third Party Service Providers.
  • Business Transfers. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.

Onboarding and Provider Engagement

You acknowledge and affirmatively consent to the fact that OneStep personnel will, as needed, review your particular reports or forms in a HIPAA/HITECH approved de-identified form for any or all of the following reasons:

‍During the process of your enrolment and onboarding to a Provider in order to determine whether you are able to successfully engage with the Provider, and similarly to transition you to another Provider, which will access  only de-identified information and which may be accomplished using a OneStep on-boarding specialist and not a Provider; if applicable, to review your complaint that you may report about your Provider practices; or to address raised quality assurance concern(s) that may apply to an individual Provider, a state-wide compliance issue or a national network issue.‍

You also consent to OneStep using “Meta Data” and other search terms to scan only HIPAA ‘Safe Harbor” de-identified transcripts to search for trends and patterns that may affect the quality of the Services provided to you; or to assess the practices utilized by the Providers.

Your Consent to OneStep recording your calls to Customer Service to assure quality assurance.

You grant OneStep permission to have your Provider supply non-content based assessments of your progress to OneStep. You understand that OneStep gives the Providers clinical assessment tools that in order to provide information on your fitness and well-being; and that results can be seen by your Provider to discuss with you.

Private Messaging

Users and their Providers may be able to communicate through the digital platform, including through video or direct messages. If you contact a Provider outside of the Services you acknowledge and agree that none of the information contained in that message (including, without limitation, personal information and/or Health Information) is covered by  this Privacy Policy and OneStep is not responsible or liable for how such information is being used, or processed, or for any resulting breaches of personal information during transmission of the message.

Accessing and Amending Personal Information and Choices

If you enrolled in the Services, and have an Account with OneStep, you may access, review, and make changes to your personal information by following the instructions found on the Website. You may also modify and manage your marketing and non-transactional communications by clicking on the “unsubscribe” button located at the end of any marketing email sent by OneStep.  We will use commercially reasonable efforts to timely handle your requests. You cannot opt out of receiving e-mails related to your Account. Please note that we are not responsible for the information, including, modifying, updating, or removing the information held by Provider.

How We Protect the Information

We take commercially reasonable steps to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website and/or Application may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. You further understand that the electronic nature of the Services means that there is a greater risk to the privacy of your electronic health information relative to receiving in-person care.

Intellectual Property Rights

We respect other people’s rights, and expect the same of you. You may not post any content or take any action on OneStep.co or its Applications that infringes or violates any other party’s rights or the law. We can remove any content or information you post on the Website if we believe that it violates this Privacy Policy or the Terms of Use. You may not use any of our copyrights or any similar marks, without our written permission.

Portable Electronic Devices

Our Services are available to you on many different portable electronic devices. Our connection to the mobile device is free of charge, but your carrier’s normal rates and fees, such as text messaging fees, may still apply.

Important Notice to Non-U.S. Residents

The Website, Application and the Services are operated in the United States. Please note that your information, including personal information, may be transferred to, processed, stored, accessed, and used on computers, servers, and systems located outside of your state, country, or other jurisdiction where the privacy laws may not be as protective as those in your own jurisdiction. If you are located outside the United States and choose to use the Website, Application and/or the Services, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States. This Privacy Policy is governed by the substantive laws of the State of Delaware, without regard to its conflict of laws provisions.

Children

We do not knowingly collect personal information from children under the age of 13 through the Website, Application and/or the Services. If you are under 13, do not use or access the Website, Application and/or the Services, and do not provide us with any personal information. Without relieving you of your responsibility to comply with the Terms of Use and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that minors under the age of 13 are not using our Services. If You have added and listed a Visitor or User under the age of 13 you hereby declare to OneStep that You are the parent or legal guardian of such Visitor or User with sufficient rights to do so. In the event that it comes to our knowledge that a person under the age of 13 is using our Website, Application and/or the Services, not in accordance with the abovementioned terms, we will use our best efforts to prohibit and block such Visitor or User from accessing our Website, Application and/or the Services and will use our best efforts to promptly delete any Personal Information.

Third-Party Websites

The Website may contain links to third-party websites (“Third-Party Sites”). We do not endorse or sponsor such Third-Party Sites and we are not responsible for their privacy practices o. Please refer to the privacy policies of those Third-Party Sites for more information.

California Residents and the California Consumer Privacy Act (CCPA) Notice

If you are a California resident, you have certain rights. California Users should understand that OneStep does not sell User data to third parties. Almost all User data is kept in encrypted storage, including all User created transcripts. State Law requires OneStep to retain such records for at least seven years. The CCPA does not generally apply to medical information governed by the California Confidentiality of Medical Information Act (CMIA), or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.

“Shine-the-Light Law”: Once every year, residents of California have the right to request whether OneStep has shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. To request a copy of this information, please contact us on the link on the website or at our email address support@onestep.co. Please allow a reasonable time for a response.

Minors: If you are a California resident and under the age of 18, and a registered User, you have the right to request and obtain removal of content or information you have publicly posted on our site. OneStep does not have Users below the age of 13 and does not allow or enable Users to publicly post information on our Website. However, if you think that you have indeed posted information on the Website and you are between the ages of 13 and 17, please contact us through our Website or via email at support@onestep.co. Please note that this request does not necessarily mean complete removal of the information/content you may have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested. Please allow reasonable time to respond to this request.

Right to Know: You may request access to your specific personal data collected by us over the past 12 months. You may also request additional details about our information practices, including the categories of your personal data collected by us, the sources of the collection, the categories of personal data we share for business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on at the “contact us” link on the website, or via email support@onestep.co. Please note the response may take a reasonable amount of time.

Designated Agent: You may designate an agent to make any of the requests on your behalf, such agent must be authorized to and have access to your account in order for us to confirm requests.

Non-Discrimination: OneStep will never discriminate against you, for exercising your rights under the CCPA.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date at the top of Privacy Policy. We may amend it from time to time and will post any changes on the Website as soon as they go into effect. By accessing the Website, Application and/or using the Services after we make any such amendments to this Privacy Policy, it will be considered to have accepted such changes. Please refer back to this Privacy Policy on a regular basis to note changes.

Contact Us

If you have questions about this Privacy Policy, please e-mail us at support@onestep.co, “Privacy Policy” in the subject line.