Effective Date: February 3, 2026
This Privacy Policy explains how ATMA LLC ("we," "us," "our," or "FlexPath") collects, uses, stores, and protects your personal information in connection with your use of our mobile application "FlexPath" (the "App") and our website https://tryflexpath.com (the "Website") (collectively, the "Services"). This policy also explains your rights regarding your personal information and how you can exercise them.
When you create an account and use FlexPath, we collect the following information:
We do not collect device identifiers, IP addresses, browser information, or other derivative data beyond what is necessary for authentication and analytics purposes.
When you sign up using third-party authentication services (Apple, Google), we receive your display name, display photo, and email address as provided by those services. We do not collect any additional information from third-party sources.
We use your personal information for the following purposes:
We use artificial intelligence services, including OpenAI's ChatGPT, to generate personalized recovery exercise plans for you. To create these plans, we share anonymized, non-personally identifiable information with OpenAI, including:
Important: This data is sent without any personally identifiable information (such as your name, email, or account ID). OpenAI processes this anonymized data solely to generate your exercise plan and does not retain it after processing. We do not sell, rent, or share your personal information with AI services.
We do not sell, rent, or trade your personal information for monetary gain.
We share your information only in the following limited circumstances:
We work with trusted third-party service providers who help us operate and improve our Services:
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
We may disclose your personal information if required by law or in response to valid legal requests from law enforcement agencies or government authorities.
In the event of a business sale, merger, or acquisition, we will provide users with adequate notice and make it simple to delete any or all information from their profiles. We will not transfer your data without giving you the opportunity to opt out.
We do not disclose personally identifiable information to business affiliates, advertising partners, data brokers, or any other third parties not listed above.
We implement appropriate technical and organizational security measures to protect your personal information:
In the event of a data breach that affects your personal information, we will notify you via email as required by applicable law.
We retain your personal information for as long as your account remains active. We also automatically purge inactive accounts annually to minimize data retention.
Upon account deletion:
You can view and update your personal information at any time within the App settings.
You can request deletion of your account and all associated personal information by emailing us at support@tryflexpath.com. We will process your deletion request within 14 days.
You can manage push notification preferences in your device settings. We do not send marketing emails or newsletters.
You can request a copy of your personal information by contacting us at support@tryflexpath.com. We will respond to your request within 30 days.
You have the right to challenge our compliance with this Privacy Policy. If you believe we have not complied with our privacy obligations, you may submit a complaint to support@tryflexpath.com. We will investigate your complaint and respond within 30 days. If you are not satisfied with our response, we will provide information on further steps you can take, including contacting the appropriate privacy regulatory authority.
We provide all users with GDPR-level privacy protections, regardless of location. This means you benefit from one of the world's strongest privacy frameworks. Regional variations are noted below where local laws require additional protections or use different terminology.
You have the following rights regarding your personal information:
You have the right to obtain confirmation of whether we process your personal information and to access that information. To request a copy of your personal information, contact us at support@tryflexpath.com. You can view and update some of your profile information directly in the App settings.
You have the right to correct inaccurate or incomplete personal information. You can update your profile information (name, recovery goals, preferences) directly in the App settings. For other corrections, contact us at support@tryflexpath.com.
You have the right to request deletion of your personal information. To request account deletion, contact us at support@tryflexpath.com. We will delete your account and all associated personal information within 14 days of your request, unless we are required by law to retain certain information.
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another service provider.
You have the right to request that we limit how we use your personal information in certain circumstances, such as while we verify the accuracy of disputed information.
You have the right to object to our processing of your personal information based on legitimate interests. We do not use your information for direct marketing.
Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. You can do this through the App settings under "Privacy & Data Rights" or by contacting us.
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.
We will respond to your requests within 30 days. If we need additional time, we will notify you and explain the reason for the delay. We do not charge a fee for processing your requests unless they are manifestly unfounded or excessive.
To exercise any of these rights, contact us at support@tryflexpath.com with your request. Please include:
You can also update certain profile information (name, fitness goals, preferences) directly in the App settings.
The following sections outline region-specific terminology, additional rights, or procedural differences required by local laws. All users receive the GDPR-level protections described in Section 7.1 above.
The rights described in Section 7.1 are your rights under the General Data Protection Regulation (GDPR) and UK GDPR. To lodge a complaint with your supervisory authority:
Terminology: Under Indian law, you are referred to as a "Data Principal" and we are a "Data Fiduciary."
Additional Rights:
Terminology: We are an "APP entity" subject to the Australian Privacy Principles (APPs).
Additional Rights:
Additional Rights:
Additional Disclosures:
Swiss residents are protected under the Swiss Federal Act on Data Protection (FADP), which provides protections substantially similar to the GDPR. All GDPR-level rights in Section 7.1 apply to you.
Singapore residents are protected under the Personal Data Protection Act 2012 (PDPA). All GDPR-level rights in Section 7.1 apply to you.
Hong Kong residents are protected under the Personal Data (Privacy) Ordinance (PDPO). All GDPR-level rights in Section 7.1 apply to you.
Sri Lankan residents are protected under the Personal Data Protection Act No. 9 of 2022. All GDPR-level rights in Section 7.1 apply to you.
Nepalese residents benefit from our GDPR-level protections as described in Section 7.1, which exceed the requirements of Nepal's Individual Privacy Act 2018. Contact us at support@tryflexpath.com to exercise your rights.
Residents of states with comprehensive privacy laws receive the same GDPR-level protections described in Section 7.1. Contact us at support@tryflexpath.com to exercise your rights.
FlexPath is not intended for use by individuals under the age of 18. While anyone can download the App, our target audience does not include minors. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
All data storage and processing occurs in the United States. If you access our Services from outside the U.S., your personal information will be transferred to, stored, and processed in the United States.
We transfer personal information to the following service providers located in the United States:
For users in regions requiring specific data transfer mechanisms:
The United States is not currently on India's restricted countries list for cross-border data transfers. By using our Services from India, you consent to the transfer of your personal data to the United States for the purposes described in this Privacy Policy.
We take reasonable steps to ensure overseas recipients (listed in Section 9.1) comply with the Australian Privacy Principles. By using our Services, you consent to cross-border disclosure on the basis that APP 8.1 will not apply. Under section 16C of the Privacy Act 1988, we may be held accountable if an overseas recipient breaches the APPs in handling your information.
We ensure that all cross-border data transfers comply with applicable local laws and provide appropriate safeguards for your personal information.
We use push notifications to inform you when your workout plan is ready, provide workout reminders, and deliver important app updates. You can control push notification permissions in your device settings. We do not use third-party providers for push notifications; all notifications are sent directly from our servers.
Our App does not use cookies. Our Website may use basic cookies for functional purposes (such as maintaining session state). We do not use tracking cookies for advertising or marketing purposes.
Our App allows you to share content (such as workout achievements) on social networks. When you choose to share, you will be directed to the third-party social network's sharing interface, which is governed by their privacy policy. We do not control what information you share or how those platforms handle your data.
Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
FlexPath is not a medical device and does not provide medical advice, diagnosis, or treatment. The information and workout plans provided through our Services are for informational and educational purposes only. You should consult with qualified healthcare professionals before starting any exercise program, especially if you have pre-existing medical conditions, injuries, or physical limitations. Never disregard professional medical advice or delay seeking it because of information provided through FlexPath.
To help ensure a safe and pain-free workout experience, you are responsible for providing complete and accurate information to the AI system. You acknowledge that pain is subjective and may vary in nature and intensity. The AI system may distinguish between types of pain; however, it is your responsibility to discontinue any activity that causes discomfort you deem unsafe and to seek professional medical advice when necessary.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this page. We will not make material changes that reduce your privacy rights without providing you with notice.
Your continued use of FlexPath after changes become effective constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We will respond to your inquiry as promptly as possible, typically within 30 days.
FlexPath was created to help people stay consistent with their recovery exercises after physical therapy ends — so their progress doesn't disappear. Privacy is fundamental to that mission. We are committed to:
Thank you for trusting FlexPath with your recovery.