Phy Cookie Notice
This Cookie Notice (“Cookie Notice”) explains how Phyxd, Inc., 287 Park Avenue S., #525, NYC, NY 10010, USA, d/b/a Phy (Email: privacy@phyhealth.wpenginepowered.com) (“Phy”, “We,” “Our,” or “Us”) uses cookies and similar tracking technologies and what choices you have regarding their use when you access Our Website at www.phyhealth.wpenginepowered.com (the “Website”) or use the Phy App.
What Are Cookies?
Like most Websites and mobile App providers, We use cookies and similar technologies to remember things about you so that We can provide you with a better experience and improve the Website and Our services. Cookies are small text files that are stored in your browser or on your device. They can be set by the operator of the Website you visit or the provider of a mobile app (“first-party cookies”) or by third parties (“third-party cookies”) that assist the website operator or app provider in providing, improving and analyzing its Website, mobile app and providing its services. Cookies cannot run programs or transmit viruses to your computer or device and therefore cannot cause any damage. At the same time, they serve to make the Website more user-friendly and effective for you and to design and adjust it according to your needs and preferences.
Cookies may contain information that serves to recognize and enable recognition of the device you use to access the Website or the PhyApp. In some cases, However, cookies only contain information about settings you have made. Individuals cannot be directly identified by cookies. They can also be used to track your browsing behavior and to deliver personalized advertising across the Web. (Tracking) pixels are small images on a website or in an email. Pixels collect information about your browser or device and can trigger the setting of cookies.
What Categories Of Cookies Do We Use?
We use cookies, tracking pixels and other tracking technologies for various reasons, for instance to provide the functionality of the Website and Phy App, to remember your settings, to find out which features are most popular, to record the number of page views, to keep Our services secure, and to provide you with a better overall user experience and to analyze the use of the Website and the PhyApp. We may also use cookies for marketing purposes and to provide you with personalized ads across the web. Cookies are divided into session cookies, which are deleted as soon as the browser is closed, and permanent or persistent cookies. The latter are stored beyond a single browser session. The cookies We use generally fall into one of the following categories:
- Essential Cookies/Technical Cookies. Essential cookies or technical cookies are strictly necessary for Our online services to function properly and to ensure the security of the Website. These essential cookies are always enabled because Our Website cannot function properly without them. These cookies do not store any information about you for marketing purposes, nor do they track which Websites you have visited.
- Personalization. We use these cookies to store your settings and preferences and to provide you with enhanced and more personalized features. For example, We may use these cookies to store your language settings or data about your general location.
- Analytics Cookies. We use these cookies to better understand the use of Our Website and the services offered and to adapt and improve them according to your needs. For example, We use these cookies to identify the Website features that are most popular with Our users and the features that cause confusion or problems for Our users so that We can make improvements.
- Marketing. We and Our advertising partners use cookies and other tracking technologies to better understand Our users’ interests and to provide advertising on the Website and, where applicable, third-party Websites that is more relevant and meaningful to users and corresponds to their interests. Our advertising partners may collect information about users’ activity on Our Website and third-party Websites (such as Websites users visit and their interaction with Our advertising and other communications) and use this information to make predictions about users’ preferences, develop personalized content, and deliver ads that are more relevant on third-party Websites. This information may also be used to track and measure the effectiveness of Our advertising campaigns both on Our services and on other websites.
General Information On The Legal Basis For The Use of Cookies
The legal basis for the use and storage of essential or technical cookies, i.e., cookies that are strictly necessary for the technical functioning of the Website and to provide you with the Website at your express request, are the national transpositions of Art. 5 (3) ePrivacy Directive (Directive 2002/58/EC). Insofar as personal data is processed when using this type of cookies, the legal basis is Art. 6 (1) lit. f) GDPR or Art. 6 (1) lit. (f) UK GDPR. Insofar as the cookies used are not strictly necessary, We only use them with your prior consent in accordance with the national transpositions of Art. 5 (3) ePrivacy Directive with regard to the storage and access to data stored in the cookies, and Art. 6 (1) lit. a) GDPR or Art. 6 (1) lit. (a) UK GDPR insofar as personal data is processed and shared with Our partners. Further details on the specific cookies We use, Our partners, the type of cookie, the purpose pursued, the storage period and legal basis can be found in the table below:
Cookie Name: amplitude_id_[API_KEY]_[DOMAIN]
Provider of the Cookie: Amplitude
Category and Purpose(s) of the Cookie: Statistics / analytics – assigns a unique ID to a browser/device to recognize returning users and measure usage of the portal and the Phy App (e.g. which features are used, session counts).
Storage Duration: 13 months
Legal Basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG
Cookie Name: amplitude_session_id_[API_KEY]_[DOMAIN]
Provider of the Cookie: Amplitude
Category and Purpose(s) of the Cookie: Statistics / analytics – stores the current analytics session so that multiple events can be grouped into one visit/session.
Storage Duration: Session or short-term (e.g. 30 minutes of inactivity)
Legal Basis: Art. 6(1) (a) GDPR and § 25 (1) TDDDG
Cookie Name: amplitude_unsent_[API_KEY]_[DOMAIN] / amplitude_unsent_identify_[API_KEY]_[DOMAIN]
Provider of the Cookie: Amplitude
Category and Purpose(s) of the Cookie: Statistics / analytics – stores events temporarily when they cannot be sent immediately (e.g. offline use).
Storage Duration: Short-term (until events are sent or cleared)
Legal Basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (only with consent)
Cookie Name: Device / installation ID, analytics user ID (stored by SDK)
Provider of the Cookie: Amplitude (mobile SDK)
Category and Purpose(s) of the Cookie: Analytics – tracks app usage, screens, events and cohorts in the mobile app for product improvement.
Storage Duration: Persists for the life of the installation or until reset by user/app
Legal Basis: Art. 6 (1) (a) GDPR (consent for analytics) where required; §25(1) TDDDG (consent)
Cookie Name: Health data access tokens / permissions
Provider of the Cookie: Apple HealthKit (Apple)
Category and Purpose(s) of the Cookie: Functional / Comfort – health / fitness data access, which allows the Phy App to access and read health information from Apple Health (with OS-level consent).
Storage Duration: Stored until consent is withdrawn or data deletion request
Legal Basis: Art. 9 (2) (a) GDPR (explicit consent for health data) and Art. 6 (1) (a) GDPR, and § 25 (1) TDDDG for accessing information stored on the Users device.
Cookie Name: Functional cookies and web storages for UI state (e.g. theme, skipIntro, signupStep, allowVerifyPhoneModal, allowVerifyEmailModal, various “modal shown” flags, temporary cache of embedded report data such as user/measurement/performance/invoice/movement
plan information in localStorage and sessionStorage)
Provider of the Cookie: Phy (first-party, phyhealth.wpenginepowered.com portal)
Category and Purpose(s) of the Cookie: Functional / strictly necessary – functional cookies for UI state. These cookies are used to remember Your choices and interface settings (selected theme, whether introductory or verification modals have already been shown, progress in multi-step sign-up flows, temporary cache for embedded reports and movement plans to improve performance). These values are not used for marketing or behavioral profiling.
Storage Duration: Stored for the time needed for the corresponding function (from the browser session up to several months or 1 year, depending on the key).
Legal Basis: Art. 6 (1) (b) (performance of the contract regarding provision of user account and remembering settings) and § 25 (2) TDDDG (technically necessary).
The following cookies, codes, web beacons and other tracking technologies are used in Our PhyApp only:
Cookie Name: Secure storage entries for authentication data (e.g. token, refresh_token, user_data stored via react-native-keychain under the com.phy prefix)
Provider of the Cookie: Phy mobile app (first-party)
Category and Purpose(s) of the Cookie: Strictly necessary – used to securely store access tokens, refresh tokens and basic account data (username, roles, id, token expiry, fullyAuthenticated flag) so that the user can stay logged in and access protected features of the PhyApp.
Storage Duration: Stored on the device until the user logs out, resets the credentials or uninstalls the app
Legal Basis: Art. 6(1)(b) GDPR (performance of contract – operation of the user account) and Art. 6(1)(f) GDPR (security of the service), and § 25 (2) TDDDG (technically necessary).
Cookie Name: MMKV storage keys for interface and cache (e.g. newAppModalShown, routineSessionPopover_7, routineOnboardingViewed, lastBodyModel)
Provider of the Cookie: Phy mobile app (first-party)
Category and Purpose(s) of the Cookie: Functional / strictly necessary – to remember whether certain onboarding or information modals have been shown, the state of popovers and a cached reference to the last body model (id, URL, timestamp) to speed up loading and avoid repeatedly showing the same guidance screens.
Storage Duration: Stored locally on the device for as long as the app keeps the corresponding feature active or until the user clears data/uninstalls the PhyApp.
Legal Basis: Art. 6 (1) (b) (performance of contract – operation of user account and provision of the PhyApp), and § 25 (2) TDDDG (technically necessary).
Cookie Name: Amplitude SDK identifiers and local storage (mobile analytics)
Provider of the Cookie: Amplitude
Category and Purpose(s) of the Cookie: Statistics / analytics – store a device or installation identifier and event data in the Amplitude React Native SDK in order to measure how the app is used (screens, flows, retention) and improve the product. Not used for direct marketing.
Storage Duration: 13 months
Legal Basis: Art. 6 (1) (a) GDPR (consent), § 25 (1) TDDDG.
Cookie Name: Facebook SDK
Provider of the Cookie: Meta
Category and Purpose(s) of the Cookie: Marketing / analytics – enables attribution, app event tracking, campaign performance measurement, audience creation, and analytics related to advertising campaigns and user engagement within the PhyApp. May collect device information, app interactions, and advertising identifiers to measure and optimize Meta/Facebook advertising campaigns.
Storage Duration: Storage duration depends on the specific identifier and Meta policies; certain identifiers may persist for the lifetime of the app installation or until reset by the user/device.
Legal Basis: Art. 6 (1) (a) GDPR (consent for marketing/analytics tracking), Art. 6 (1) (f) GDPR where applicable for aggregated analytics, and § 25 (1) TDDDG (consent for accessing/storing information on the user’s device).
Cookie Name: Klaviyo identifiers, tracking pixels, push notification identifiers, and local storage used by Klaviyo SDK/services
Provider of the Cookie: Klaviyo
Category and Purpose(s) of the Cookie: Marketing / communication / analytics – used to send email and push communications, measure delivery and engagement (e.g. opens, clicks, app engagement), personalize communication content, and analyze campaign effectiveness within the Phy platform and mobile application. May process device identifiers, push tokens, email interaction events, and user engagement data.
Storage Duration: Storage duration depends on the specific identifier, communication token, or tracking technology and may persist until deleted, consent is withdrawn, or the app is uninstalled.
Legal Basis: Art. 6 (1) (a) GDPR (consent for marketing communications, push notifications, and tracking technologies), and § 25 (1) TDDDG where consent is required for storing/accessing information on the user’s device.