ProperForm Privacy Policy

Last Updated: 3/30/2026

1. About This Privacy Policy

This Privacy Policy describes how ProperForm, Inc. ("ProperForm," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with your use of the services and platform offered by ProperForm (the "Platform"). When we refer to your “data” or your “information” in this Privacy Policy, we are referring to personal data or personal information as defined by applicable law. Because different laws use the terms “data” or “information,” we use those terms interchangeable throughout this Policy to refer to data or information that relates to you as an identifiable person, that identifies, relates to, or describes you, or that is reasonably capable of being associated with or linked to you.

This Policy applies to two groups of people:

  • Providers and their Team Members: Providers using ProperForm’s business service (“Providers”) and their authorized staff who access the provider-facing portal of the Platform (“Team Members”); and
  • Clients: Individuals to whom Providers provide their own services who access the client-facing portal of the Platform to view plans assigned to them by their Provider (“Clients”).

Where this Policy applies differently to Providers and Clients, we say so. References to "you" apply to whichever group is relevant in context.

This Policy does not apply to third-party websites or services that may be linked from the Platform. Those services have their own privacy policies, which we encourage you to review.

2. A Note on HIPAA

Some of the personal information processed through the Platform relates to physical care and may constitute Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").

ProperForm processes this PHI as a Business Associate of your Provider, who is the HIPAA Covered Entity responsible for your care. ProperForm's handling of PHI is governed by its Business Associate Agreement ("BAA") with your Provider, not by this Privacy Policy. If you are a Client and have questions about your rights under HIPAA with respect to your PHI, those rights run primarily against your Provider, not ProperForm. To the extent that personal information processed by ProperForm is subject to HIPAA, it may be exempt from applicable U.S. state privacy laws. ProperForm processes information subject to HIPAA in accordance with HIPAA's requirements and the BAA with your Provider.

ProperForm processes PHI only at the direction of the Provider and in connection with the services ProperForm provides to the Provider, in which case that information may not be subject to this Privacy Policy.

Clients should contact their Provider directly with HIPAA-related requests.

3. Information We Collect

3.1. Information We Collect from Providers and Team Members

When a Provider and its Team Members use the provider-facing Platform, we may collect personal information in two distinct capacities:

  1. Information collected in our capacity as a business or data controller (as defined by applicable data privacy laws):
    • Identifiers: such as name, email address, IP address, device identifiers, and login credentials provided during account creation.
    • Professional or Employment-Related Information: such as job title and professional information provided during account creation or in connection with use of the Platform.
    • Commercial Information: such as subscription plan type, subscription history, and records of services purchased or obtained.
    • Financial Information: payment method information provided at the time of purchase. Note: ProperForm uses third-party payment processors and does not store full payment card numbers.
    • Internet or Other Electronic Network Activity Information: log data, device information, browser type, pages or features accessed, and other technical information generated through use of the Platform.
    • Communications: information contained in support requests, feedback, and other communications Providers or Team Members send to ProperForm.
    • Provided Information: other information you voluntarily submit or provide to the Platform.
    • Inferences: inferences drawn from the above categories, such as usage patterns and engagement data derived from Provider and Team Member activity on the Platform.
  2. Information processed in our capacity as a service provider or data processor (as defined by applicable data privacy laws) on behalf of Providers:
    • Provider Content: such as therapy plans, clinical notes, AI-generated transcriptions, and other clinical content that Providers create or generate through the Platform.
    • Audio and Visual Recordings: audio visual recordings and videos that Providers record, upload, or generate through the Platform.

3.2. Information We Collect from Clients

When a Client accesses the patient-facing portal, we may collect:

  • Identifiers: such as name, email address, and login credentials, which are typically established through the Provider's invitation process.
  • Health and Medical Information: such as therapy and fitness plans, exercise instructions, and related clinical content assigned to a Client by their Provider, as well as exercise completions, self-reported progress metrics, and other information Clients voluntarily log through the patient-facing portal of the Platform. This content originates with the Provider and is made available to the Client through the Platform.
  • Internet or Other Electronic Network Activity Information: log data, device type, operating system, IP address, and other technical information generated through use of the app.
  • Provided Information: other information you voluntarily submit or provide to the Platform.
  • Inferences: Inferences drawn from the above categories, such as engagement patterns derived from progress and activity data.

3.3. Sources of Personal Information

We collect personal information in the following ways:

  • Directly from you: when you create an account, use the Platform, log or input data, or contact us with questions or support requests.
  • Automatically: through your use of the Platform, including through cookies and similar tracking technologies that collect log data, device information, and usage activity.
  • From your Provider: in the case of Clients, when a Provider establishes your access to the patient-facing portal, we receive account information and therapy plan content from the Provider on your behalf.

We do not purchase personal information from data brokers or third-party marketing sources, and we do not receive personal information about you from social media platforms or other consumer data sources.

4. How We Use Information

ProperForm collects your information to perform our contracts with Providers, to facilitate Providers in their provision of healthcare or their services to you, as instructed by Providers, with your consent, or to serve ProperForm’s legitimate interests.

4.1. How We Use Provider and Team Member Information

We may use information collected from Providers and Team Members to:

  • provide our services to the Provider;
  • provide, operate, maintain, and improve the Platform and its features;
  • process subscriptions and manage billing;
  • communicate with Providers about their accounts, subscriptions, updates, and support requests;
  • monitor Platform usage for security, compliance, and operational purposes;
  • enforce our agreements and comply with applicable law;
  • generate anonymized and aggregated analytics and usage data to understand Platform performance and improve our services;
  • as necessary to comply with applicable laws and to respond to lawful governmental requests; and
  • otherwise with your consent.

4.2. How We Use Client Information

We may use information collected from Clients to:

  • create and maintain Client accounts;
  • provide and facilitate Client access to Provider-assigned programs and content;
  • communicate with Clients about their accounts and use of the Platform;
  • communicate directly with Clients for marketing purposes where permitted;
  • maintain the security and integrity of the Platform; and
  • as necessary to comply with applicable laws and responding to lawful governmental requests; and
  • otherwise with your consent.

5. Artificial Intelligence Features

5.1. Platform AI Features

The Platform uses artificial intelligence and machine learning features ("AI Features"), including AI-based transcription of Provider audio recordings. When a Provider uses these AI Features, audio or video content or other input (“Input”) containing your information to generate output from the AI Features (“Output”). The Input and Output may be processed by ProperForm or by third-party AI providers engaged by ProperForm to provide the applicable AI Feature.

Output is made available to the Provider as part of the Platform. Output may contain errors and should not be relied upon without Provider review.

5.2. Automated Decision-Making

ProperForm does not make decisions about individuals that produce legal or similarly significant effects solely on the basis of automated processing, including profiling. AI Features are tools that support Provider decision-making; all clinical decisions remain with the treating Provider.

6. How We Share Information

We may disclose personal information in the following circumstances:

  • To Providers: We disclose to the Client’s applicable Provider the Client’s Identifiers, Health and Medical Information, and other Provided Information collected in the course of providing the Platform to the Provider.
  • Platform Service Providers: We may disclose all categories of your information to third-party providers that perform certain functions of our Platform in order to provide our Platform to Clients or Providers. These third-parties include our sub-processors listed on ProperForm’s Sub-processor list page here: Sub-processor List.
  • Other Third Parties: We may disclose your Identifiers and Internet or Other Electronic Network Activity Information to other third parties, including payment processors to process payments you make to ProperForm; analytics tools to help us understand your use of our Platform, services to authenticate your identity when you access the Platform, and technical, security, and fraud prevention services.
  • Sales and Marketing: We may share your Identifiers and Internet or Other Electronic Network Activity Information for our own marketing, communication, and advertising services to provide you with information and offers about our Platform.
  • Integrations: Where our Platform integrates with third-party services used by the Provider, we may disclose all categories of your information to the applicable third-party integrated services as determined by the Provider.
  • Legal or Compliance Purposes: If we have a legal obligation to share your information to comply with applicable law, we will share any category of your information with third parties as required for us to comply.
  • Our Affiliates. We may disclose all categories of your information to an affiliated entity that owns, is owned by, or has the same owner(s) as ProperForm, consistent with the terms of the Privacy Policy.
  • Business Transfers. If we sell or merge our business or sell all or substantially all of our assets (or are preparing to do so), we may disclose all categories of your information to the successor entity, and your information may be one of the assets transferred. In these cases, we will take reasonable steps to ensure your information remains subject to protections at least as protective as the terms of this Privacy Policy.
  • Legitimate Interests. We may disclose any category of your information in other cases where it is reasonably necessary to achieve our legitimate interest or a business purpose in accordance with applicable law.
  • With Your Consent. We may request any category of information for which you separately consent to us disclosing your information for a specific purpose and, in those cases, we will only disclose your information with your consent.

ProperForm does not sell or share your personal information with third parties for their own advertising or marketing purposes.

6.2. International Data Transfers

ProperForm is based in the United States. If you are located outside the United States, by using the Platform, you consent to your personal data being transferred to and processed in the United States..

7. Cookies and Tracking Technologies

The Platform may use cookies, pixel tags, and similar tracking technologies to maintain session state, authenticate users, and collect usage data. You may configure your browser to reject cookies, but doing so may affect your ability to use certain features of the Platform. We do not use cookies to serve behavioral advertising.

Do Not Track. Some browsers offer a "Do Not Track" ("DNT") setting that signals your preference regarding online behavioral tracking. Because there is no uniform industry standard for interpreting DNT signals, the Platform does not currently alter its data collection or use practices in response to browser DNT signals.

Global Privacy Control. ProperForm recognizes and responds to the Global Privacy Control ("GPC") signal as an opt-out of the sale or sharing of personal information for California residents, to the extent required by applicable law. Because ProperForm does not sell or share personal information for cross-context behavioral advertising, the GPC signal will not change the information we collect or how we use it, but we honor it as an expression of your privacy preference.

8. Data Retention

ProperForm retains personal information for as long as we continue to provide the Platform to you or your Provider, or for as long as reasonably necessary to fulfill the purposes described in this Policy, whichever is longer. We will also retain personal information as necessary to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and maintain appropriate business records.

Personal information that ProperForm processes on behalf of a Provider, including Provider Content, Client therapy plan data, and PHI, is retained in accordance with ProperForm's agreements with the Provider, including the BAA and data processing agreements. The Provider governs the retention of that information and is responsible for disclosing its retention practices to its clients. Requests related to the retention or deletion of that information should be directed to your Provider.

9. Your Rights and Choices

9.1. Rights Available to All Users

Regardless of your location, you may request:

  • To Access to the personal information ProperForm holds about you;
  • Correction of inaccurate personal information;
  • Deletion of your personal information, subject to our legal obligations and the rights of your Provider; and
  • Portability of your personal information in a portable format.

9.2. Additional Rights for users in the European Economic Area or the UK

If you are located in the EEA, United Kingdom, or Switzerland, you have the following additional rights under GDPR with respect to personal data for which ProperForm is the data controller:

  • Request that we restrict the processing of your personal data in certain circumstances, for example, while the accuracy of the data is being contested, where processing is unlawful and you prefer restriction to deletion, or where you have objected to processing pending verification of whether our grounds override yours;
  • Object to the processing of your personal data where ProperForm relies on legitimate interests as its lawful basis, in which case will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims;
  • Withdraw your consent where processing is based on consent, at any time without affecting the lawfulness of processing carried out before withdrawal; and
  • The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, except where one of the conditions in Article 22(2) GDPR applies (such as where the decision is necessary for entering into or performing a contract, is authorized by law, or is based on your explicit consent.

In addition, if you consider our processing of your data to be in violation of your rights under GDPR, you have the right to complain to your applicable data protection supervisory authority.

These rights are subject to applicable limitations and exceptions under GDPR and do not apply to personal data ProperForm processes as a data processor on behalf of Providers, which is governed by our agreement with your Provider. For data processed on behalf of your Provider, please contact your Provider directly.

9.3. Additional Rights for Clients Under State Privacy Laws

If you are a Client located in a state with applicable consumer privacy laws (including California, Colorado, Connecticut, Virginia, and others), you may have additional rights under those laws, including the right to opt out of certain uses of your personal information and to be free from discrimination for exercising your rights.

California Residents

California residents have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA") as follows:

  • No Sale or Sharing of Personal Information. ProperForm does not sell or share your personal information as those terms are defined under the CCPA/CPRA. We will update this Policy and provide the required opt-out mechanism.
  • No Targeted Advertising or Profiling. ProperForm does not use your personal information for cross-context behavioral advertising or for profiling in furtherance of decisions that produce legal or similarly significant effects. If our practices change, we will update this Policy accordingly.
  • Right to Limit Use of Sensitive Personal Information. The CCPA/CPRA gives California residents the right to limit the use and disclosure of Sensitive Personal Information to purposes necessary to provide the services requested. PHI or certain other information ProperForm collects may qualify as SPI under the CCPA/CPRA. To the extent ProperForm uses this information for any purpose beyond those necessary to provide the Platform and as otherwise permitted under the CCPA/CPRA, you have the right to direct ProperForm to limit such use. Please note that most Sensitive Personal Information that ProperForm processes is PHI is governed by the BAA between ProperForm and your Provider, with respect to which your rights run against your Provider under HIPAA rather than against ProperForm under the CCPA/CPRA.
  • 12-Month Information Collection. The categories of personal information we may have collected over the past 12 months are listed in the “Information We Collect” section of this Privacy Policy. The categories of personal information we may have collected over the past 12 months are listed in the “Data We Collect and Process” section of this Privacy Policy.

California residents may designate an authorized agent to submit a rights request on your behalf. To do so, provide your authorized agent with a signed written authorization designating them to act on your behalf, and have your agent include that authorization with their request to ProperForm. We may contact you directly to verify your identity and confirm the agent's authorization before processing the request.

Other State Residents.

If you reside in Colorado, Connecticut, Virginia, Texas, or another state with applicable consumer privacy laws, you may have similar rights to access, correct, delete, and port your personal information, and to opt out of certain processing activities.

If you are a U.S. resident and your appeal is denied, you may have the right to submit a complaint to your state attorney general or other applicable regulatory authority.

9.4. GDPR

For purposes of the General Data Protection Regulation ("GDPR") and similar laws,, ProperForm acts in two capacities depending on the data involved:

  • Data Controller: For personal data ProperForm collects and uses for its own purposes, ProperForm acts as the data controller.
  • Data Processor: For personal data ProperForm processes on behalf of Providers, the Provider is the data controller and ProperForm is the data processor. Data subjects with questions about how this data is handled should contact their Provider directly.

9.5. HIPAA Rights

If your personal information constitutes PHI, your rights under HIPAA, including the right to access, amend, and receive an accounting of disclosures of your PHI, run primarily against your Provider as the Covered Entity. Please contact your Provider to exercise HIPAA-related rights. ProperForm will cooperate with your Provider in responding to such requests as required under the BAA.

9.6. Non-Discrimination

ProperForm will not discriminate against you for exercising any privacy rights described in this Policy. We will not deny you access to the Platform, charge you different prices, or provide a different quality of service because you exercised a right under applicable privacy law.

9.7. Submitting a Rights Request; Verification

To protect your personal information, we will verify your identity before processing any rights request. We may ask you to confirm account information associated with your request or, for more sensitive requests, to provide additional identifying information. We will respond to verified requests within the time required by applicable law. If we require additional time to respond, we will notify you within the initial response period and may extend our response period beyond that period as permitted by applicable law.

9.8. Exercising Your Rights

To exercise your rights under this Privacy Policy or applicable law, contact us at support@properform.fit or contact your Provider to exercise any rights that relate to information your Provider has submitted to ProperForm.

10. Children's Privacy

The Platform is not directed to children under the age of 13, and ProperForm does not knowingly collect personal information from children under 13 without verified parental or legal guardian consent. Clients between the ages of 13 and 17 may access the patient-facing portal of the Platform where their Provider has obtained all required parental or guardian consents in compliance with applicable law, including the Children's Online Privacy Protection Act ("COPPA"). ProperForm relies on Providers to ensure that any required consents are obtained before minors are granted access to the Platform.

If ProperForm becomes aware that it has collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information promptly.

The Platform may contain links to third-party websites or services. ProperForm is not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through the Platform.

12. Changes to This Policy

ProperForm may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. If we make material changes, we will post the updated Policy on our website and, where appropriate, notify affected users through the Platform or by email. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@properform.fit or ProperForm, Inc., 1001 S. Main St., Suite 500, Kalispell, Montana 59901.