top of page

Privacy Policy & Notice of Privacy Practices

ZOLY LLC d/b/a ZOLY PT
5738 Northpointe Ln, Boynton Beach, FL 33437
admin@zolypt.com | (561) 223-1912
Effective Date: August 9th, 2025

1. Scope

We handle two broad categories of information. Protected Health Information (PHI) is any data you provide while receiving our physical-therapy services—such as diagnoses, treatment plans, progress notes, and payment history—and it is safeguarded under the U.S. HIPAA regulations as well as applicable Florida physical-therapy rules. We also collect Personal Information (PI) from visitors who browse our website, engage with us on social media, or sign up for newsletters. This PI can include your IP address, browser cookies, details you enter in contact forms, and your marketing or communication preferences, and it is protected under U.S. Federal Trade Commission guidelines and other state consumer-privacy laws.

2. Definitions

“We,” “our,” and “us” refer to ZOLY LLC, its employees, contractors, and agents.
“You” refers to patients or visitors interacting with our services.

3. Information We Collect

  • Protected Health Information (PHI)

    • How we obtain it: telehealth platforms such as Jane or Zoom for Healthcare, electronic intake forms, direct email, phone calls, and SMS.

    • Why we use it: to diagnose and treat you, generate superbills for potential reimbursement, and monitor clinical outcomes.

  • Contact details

    • How we obtain them: appointment-booking pages and newsletter opt-in forms.

    • Why we use them: to confirm visits, send educational or service-related updates, and respond to inquiries.

  • Payment details

    • How we obtain them: secure processors like Stripe and HSA/FSA card gateways.

    • Why we use them: to process your transactions and issue refunds when necessary.

  • Usage and device data

    • How we obtain them: browser cookies, Google Analytics, and Meta Pixel tracking.

    • Why we use them: to improve site usability, refine the user experience, and measure advertising effectiveness.

  • Approximate location

    • How we obtain it: browser geolocation (only if you enable it).

    • Why we use it: to direct you to a therapist licensed for your current location and maintain regulatory compliance.

4. How We Use & Share Information

  • Treatment, payment, and healthcare operations

    • Does this involve PHI?  Yes

    • Legal basis: Permitted without additional authorization under HIPAA §164.506.

  • Electronic or mailed superbills

    • Does this involve PHI?  Yes

    • Legal basis: Provided only at your written request.

  • Marketing messages (e.g., promotional emails)

    • Does this involve PHI?  No — only personal information (PI)

    • Legal basis: Sent only with your explicit opt-in, per FTC CAN-SPAM and TCPA regulations.

  • Testimonials and social proof

    • Does this involve PHI? Possibly  — if it includes identifiable health details

    • Legal basis: Requires a separate, signed HIPAA Marketing Authorization form.

  • Disclosures required by law (e.g., subpoena, public-health reporting)

    • Does this involve PHI? Yes or No — depending on the nature of the request

    • Legal basis: Allowed under HIPAA §164.512 without prior consent.

  • We never sell or rent your PHI or personal information (PI) to third parties.

    • This is a core privacy commitment and applies universally.

5. Your Rights

Under HIPAA you may, at no charge:

  1. Access and obtain a copy of your PHI (within 30 days).

  2. Request amendments to PHI you believe is incorrect.

  3. Receive an accounting of certain disclosures.

  4. Request restrictions or confidential communications (we will accommodate when feasible).

  5. File a complaint with us or the U.S. HHS OCR if you believe your privacy rights have been violated.
    We will not retaliate for filing a complaint.

For non-PHI data, you may opt-out of marketing emails at any time via the “unsubscribe” link or by contacting us.

6. Data Security

  • Physical safeguards: encrypted laptops, locked file cabinets (for any paper notes).

  • Technical safeguards: TLS 1.2+ encryption, HIPAA-signed BAAs with vendors, MFA for staff logins.

  • Administrative safeguards: annual HIPAA training, role-based access, incident-response plan.

7. Cookies & Tracking Technologies

We use first-party cookies and analytics pixels to:

  • recognize repeat visitors,

  • analyze traffic patterns, and

  • refine advertising spend (Google Ads, Meta Ads).

You can disable non-essential cookies via our banner or your browser settings without affecting care.

8. Data Retention

  • PHI: retained 7 years (Florida law) from the date of last treatment, then securely destroyed.

  • Marketing PI: retained until you withdraw consent or after 24 months of inactivity.

9. Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect their PI without verifiable parental consent (COPPA).

10. International Visitors

We provide services only to individuals physically located in Florida at the time of care. If you access our site from outside the U.S., you consent to transferring your information to the United States.

11. Changes to This Policy

We may update this policy. If we make material changes, we will:

  1. Post the revised version with a new “Effective Date,” and

  2. Email patients with active episodes of care at least 15 days before the change takes effect.

12. How to Contact Us

Privacy Officer — William Johnston
Email: admin@zolypt.com
Phone: (561) 223-1912 
Mail: 5738 Northpointe Ln, Boynton Beach, FL 33437

​

If you believe we have violated your HIPAA rights, you may also contact:
Office for Civil Rights, U.S. Dept. of Health & Human Services, 200 Independence Ave SW, Washington DC 20201 | 1-800-368-1019 | www.hhs.gov/ocr

​

By using our website or receiving services, you acknowledge that you have read, understood, and agree to this Privacy Policy & Notice of Privacy Practices.

bottom of page