Back
Degree Wellness

Privacy Policy

DEGREE WELLNESS TEAM PORTAL PRIVACY POLICY

Last Updated: December 2025

This Privacy Policy (the “Policy”) explains how Degree Wellness Franchise, LLC (“Degree Wellness,” “we,” “our,” or “us”) and its contracted technology provider, Everyday Media, LLC ("EM"), collect, store, use, and disclose personal information (“Personal Data”) in connection with the cloud‑hosted Degree Wellness Team Portal (the “Portal”). The Portal may capture and store certain personal health information, including protected health information (“PHI”), in a HIPAA-compliant manner using HIPAA-eligible service providers. User Data processed through the Portal may also include Personal Data about Degree Wellness end customers that Portal Users input, upload, or otherwise submit in connection with their job duties (including PHI where applicable).

The Portal is an internal, web‑based collaboration and operations platform that supports Degree Wellness corporate employees, franchise owners, and franchise employees located in the United States. Access is restricted to authorized Users only.

Except where otherwise indicated, this Policy applies solely to Personal Data processed through the Portal. It does not apply to (i) customer‑facing Degree Wellness websites, (ii) third‑party business systems used by franchisees (e.g., Mindbody or Mindbody Payments), or (iii) EM's independent business activities unrelated to the Portal.

1.      SCOPE AND KEY DEFINITIONS

“Account” means the workspace or instance within the Portal provisioned by Degree Wellness or an authorized Admin for use by Users.

“Account Owner” means the entity responsible for the Account, which may be Degree Wellness and/or an authorized franchise entity, as determined by Degree Wellness.

“Admin” means a User who is granted administrative rights within an Account, including (a) managing other Users, (b) configuring integrations, (c) viewing, exporting, or deleting User Data, and (d) committing the Account to additional terms or fees.

“Portal Software” means all code, databases, APIs, and user‑interface components created, owned, or licensed by EM and sublicensed to Degree Wellness for the provision of the Services.

“Service Providers” EM, Amazon Web Services, Inc. ("AWS"), Mindbody, and any subcontracted vendors (including contractor developers and support providers) that host or support the Portal on behalf of Degree Wellness.

“Services” means the web‑based intranet, collaboration, workflow, training, and data‑management functionality provided via the Portal.

“User” means an individual authorized by Degree Wellness to access the Portal, such as a corporate employee, franchise owner, or franchise employee, using approved login credentials.

“User Data” means any data, information, files, text, images, or other content (including Personal Data) uploaded or transmitted to the Portal by or on behalf of a User in connection with their job duties, which may include Personal Data about Degree Wellness end customers.

2.      CATEGORIES OF PERSONAL DATA WE COLLECT

We process four broad categories of Personal Data through the Portal:

2.1 Account Registration Data
 • Name and surname
 • Business or work email address
 • Data related to franchise entity ownership
 • Franchise or corporate role (e.g., Studio Manager, Marketing Associate)
 • Phone number (optional)
 • Single‑Sign‑On (SSO) identifiers, if enabled

2.2 Usage and Technical Data
 • IP address and approximate geolocation (city/state)
 • Browser type, operating system, and device identifiers
 • Date/time stamps of logins, logouts, and feature usage
 • Clickstream data, activity logs, and error reports
 • Cookies and session tokens (see Section 6)

2.3 Support & Communications Data
 • Help‑desk tickets and email messages
 • Screenshots or attachments Users choose to submit
 • Phone or video recordings with Degree Wellness support personnel (with notice)

2.4 End Customer Data 
 • End customer name/contact information
 • End customer profile, biographical and customer preference-related information
 • Appointment and visit information
 • Sales data
 • PHI where applicable

Note: The Portal is not intended to store payment‑card data (primary account numbers, or "PAN"). Users should refrain from entering such data unless expressly authorized in writing by Degree Wellness compliance leadership.

3.      HOW WE COLLECT PERSONAL DATA

3.1 Directly From Users
Users provide Personal Data when they:
 • Accept an email invitation and create login credentials;
 • Update their user profile;
 • Upload files, enter text, or post comments in the Portal; or
 • Submit support requests or feedback.

3.2 Automatically via the Portal
When Users access the Portal, we automatically log Usage and Technical Data via server logs, analytics scripts, and cookies.

3.3 From Degree Wellness Service Providers
The Portal may integrate with third‑party applications (e.g., Braze, Google, Mindbody), which provide Personal Data. The Portal is not designed to and does not intentionally receive or store PAN via API connections or integrations. PHI may be transmitted only where authorized under applicable BAA and consistent with HIPAA.

3.4 From Franchise Owners
Franchise owners may provide employee lists to Degree Wellness franchise operations staff, who upload those details to create user accounts on the Portal.

3.5 Indirectly From End Customers 
We collect Personal Data about Degree Wellness end customers when Portal Users input, upload, or otherwise submit such information into the Portal in connection with their job duties.

4.      PURPOSES AND LEGAL BASES FOR PROCESSING

We use Personal Data for the following business purposes:

 | # | Purpose of Processing | Examples of Activities | Legal Basis* 
 | 1 | Provide and operate the Portal | Authenticate logins, enable collaboration features, maintain user profiles | Contractual necessity
 | 2 | Support and improve the Portal | Diagnose bugs, conduct usage analytics, develop new features | Legitimate interests
 | 3 | Communicate with Users | Respond to support tickets, send system alerts or policy updates | Contractual necessity
 | 4 | Enforce policies, prevent fraud | Audit logs, investigate suspicious activity | Legitimate interests; legal obligation
 | 5 | Comply with U.S. laws | Retain records, satisfy subpoenas, or other lawful requests | Legal obligation

*For Users located in California, these purposes align with “business purposes” under the California Consumer Privacy Act (CCPA). 

5.      DISCLOSURES OF PERSONAL DATA

We disclose Personal Data only as described below:

5.1 Service Providers
EM, cloud‑hosting partners (e.g., Amazon Web Services), POS and CRM partners (e.g., Mindbody), payment providers (e.g., Moov), analytics vendors, and IT‑security providers may process Personal Data strictly to operate or secure the Portal. Service Providers are bound by written agreements or law, as applicable, limiting their use of Personal Data to these purposes. Where Personal Data includes PHI, Service Providers may process such PHI only as permitted by HIPAA and applicable written agreements. Certain Service Providers (including subcontracted developers) may be located outside the United States or may access the Portal from outside the United States solely to operate, support, maintain, secure, or develop the Portal, subject to the contractual restrictions described above.

5.2 Other Users Within the Same Account
Profile information and content you create in the Portal may be visible to co‑workers in your Account, subject to role‑based permissions configured by the Admin.

5.3 Franchise & Corporate Leadership
Account Admins, franchise owners, or Degree Wellness corporate managers may access usage reports and content within their respective teams for oversight and compliance purposes.

5.4 Legal and Safety Disclosures
We may disclose Personal Data to government authorities or third parties if we believe disclosure is (i) required by law, subpoena, or court order; (ii) necessary to prevent or respond to fraud, security incidents, or other harmful acts; or (iii) needed to protect the rights, property, or safety of Degree Wellness, its franchisees, Users, or the public.

5.5 Corporate Transactions
 If Degree Wellness undergoes a merger, acquisition, or sale of assets, Personal Data may be transferred to the acquiring entity, subject to continued protection consistent with this Policy.

6.      COOKIES AND SIMILAR TECHNOLOGIES

We use the following types of cookies in the Portal:

 | Type | Purpose | Duration 
 | Session cookies | Maintain login state and route traffic to the nearest data center | Expires when you log out or close browser
 | Security cookies | Detect authentication anomalies and prevent fraudulent logins | Up to 24 hours
 | Analytics cookies | Aggregate usage metrics (page views, feature adoption) | 12 months

Users can control non‑essential cookies via their browser settings; however, disabling certain cookies may impair core Portal functionality. We do not respond to “Do Not Track” signals because essential cookies are required to deliver the Portal.

7.      DATA LOCATION, TRANSFERS, AND STORAGE

The Portal is hosted using segregated, HIPAA-eligible services for any systems that store or process PHI, and other AWS services for systems that do not store or process PHI, on servers physically located in Amazon Web Services’ US‑East data centers (Northern Virginia and Ohio). Backup and disaster‑recovery replicas are stored within the continental United States. Degree Wellness does not intentionally store Portal Personal Data outside the United States; however, authorized Degree Wellness personnel, EM, and Service Providers (including subcontracted developers) may access or process Portal Personal Data from outside the United States for development, maintenance, security and support purposes, subject to appropriate technical, administrative access control and contractual safeguards. Where required by applicable law, we implement appropriate safeguards for cross‑border access or processing of Personal Data.

8.      DATA RETENTION

We retain Personal Data for the shorter of:
 • As long as needed to comply with applicable U.S. laws, resolve disputes, or enforce agreements; or
 • The duration of the User’s active employment or franchise relationship, plus up to ninety (90) days

9.      YOUR PRIVACY CHOICES & RIGHTS

9.1 Access and Correction
Users may review and update their profile information directly in the Portal or by contacting their Account Admin.

9.2 Deletion
Users may request deletion of their Portal account by submitting a support ticket in the Portal or by emailing privacy@degreewellness.com. Degree Wellness will deactivate the account and delete Personal Data in accordance with Section 8. Degree Wellness end customers may request that their Personal Data be deleted from the Portal by emailing privacy@degreewellness.com, and we will review and respond in accordance with applicable law and contractual obligations.

9.3 California Privacy Rights
If you are a California resident, you may have the right to request (i) disclosure of categories or specific pieces of Personal Data we have collected about you, (ii) deletion of your Personal Data, and (iii) that we do not sell or share your Personal Data (note: we do not sell). You or an authorized agent can exercise these rights by emailing privacy@degreewellness.com. We will verify your request using information associated with your account or other information in our records.

Degree Wellness will not discriminate against you for exercising any privacy rights under California law.

10. DATA SECURITY AND INCIDENT RESPONSE

The Portal uses industry‑standard physical, administrative, and technical safeguards to protect Personal Data, including:
 • TLS 1.3 encryption in transit
 • AES‑256 encryption at rest
 • Multi‑factor authentication for privileged access
 • Annual penetration tests and vulnerability scans
 • Continuous security monitoring and centralized logging
 • Role‑based access controls and least‑privilege permissions for Users and Service Provider personnel

These safeguards are designed to support HIPAA Security Rule requirements when the Portal processes PHI.

Incident Response. In the event of a confirmed data breach involving Portal Personal Data, Degree Wellness will notify affected Users and franchise owners without undue delay, consistent with applicable U.S. breach‑notification laws.

11. CHILDREN’S PRIVACY

The Portal is intended for adults engaged in Degree Wellness employment or franchise operations. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personally identifiable information from anyone under the age of 13 without requesting parental consent. If we discover that a minor has provided us with Personal Data, we will delete it promptly.

12. CHANGES TO THIS POLICY

We may update this Policy periodically. Continued use of the Portal after the effective date constitutes acceptance of the revised Policy.

13. CONTACT INFORMATION

Questions about this Policy or privacy practices may be directed to:

Degree Wellness Franchise, LLC
Attn: Legal Department
200 Riverside Avenue, Suite 8
Jacksonville, FL 32202
or by email legal@degreewellness.com

BY ACCESSING OR USING THE DEGREE WELLNESS TEAM PORTAL, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.