Back to Dashboard

Privacy Policy

Last Updated: December 12, 2025

1. Introduction

PhysiPhone Global Healthcare Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital rehabilitation platform and related services (the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you personally, including:

  • Name, email address, and phone number
  • Account credentials (username and encrypted password)
  • Payment information (processed securely by Stripe)
  • Professional credentials (for physiotherapists)

2.2 Health-Related Information

We collect health-related information to provide wellness guidance and movement programs:

  • Medical history and symptoms
  • Physical health data (ROM measurements, photos/videos)
  • Rehabilitation programs and routine details
  • Progress notes and reassessment data
  • Communications with clinical support

HIPAA-Aligned Safeguards: While PhysiPhone is not a HIPAA Covered Entity, we apply HIPAA-aligned administrative, physical, and technical safeguards as a best-practice standard to protect health-related information. All health data is encrypted in transit (TLS 1.3) and at rest (AES-256).

For users receiving services through licensed providers integrated with the platform, certain information may be treated as Protected Health Information (PHI) under applicable law.

2.3 Usage Data

We automatically collect information about your use of our Services:

  • Device information (browser type, OS, device ID)
  • IP address and geolocation data
  • Usage patterns (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for:

  • Service Delivery: Providing health intakes, rehabilitation programs, and ongoing care checks
  • Communication: Sending reminders, program updates, and service notifications
  • Payment Processing: Processing subscription fees and provider payments via Stripe
  • AI Processing: Analyzing health data to generate personalized wellness guidance and movement recommendations. AI-generated outputs are provided for informational and wellness guidance purposes only and should not be relied upon as medical advice or diagnosis.
  • Platform Improvement: Enhancing our algorithms, user experience, and service quality
  • Compliance: Maintaining audit logs for regulatory requirements and best-practice standards
  • Security: Detecting and preventing fraud, abuse, and unauthorized access

4. Information Sharing and Disclosure

4.1 With Your Consent

We may share your information with:

  • Clinical Support System: For program generation and safety monitoring
  • Healthcare Providers: When you authorize sharing with your doctor or physical therapist

4.2 Service Providers

We share data with trusted third-party service providers:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Google Cloud / Vercel: Hosting and infrastructure
  • Firebase: Database and authentication services
  • OpenAI: AI-powered health analysis. Data shared with AI processing services is de-identified or pseudonymized to the extent reasonably possible and processed under contractual safeguards.
  • WhatsApp (Meta): Messaging services are used only when explicitly enabled by the user and may be subject to third-party platform privacy practices.

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process (subpoenas, court orders)
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Respond to emergencies involving imminent harm

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access with multi-factor authentication for staff
  • Audit Logging: Comprehensive logging of all health data access (retained for 16 years)
  • Regular Security Audits: Penetration testing and vulnerability assessments
  • Employee Training: Privacy, security, and best-practice compliance training for all staff

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any breaches as required by law.

6. Your Privacy Rights

6.1 Health Data Rights

You have the right to:

  • Access: Request copies of your health information
  • Amendment: Request corrections to inaccurate information
  • Accounting: Receive a list of disclosures of your health data
  • Restrictions: Request limits on how we use/disclose your information
  • Confidential Communications: Request communications via specific methods

6.2 General Rights

You also have the right to:

  • Deletion: Request deletion of your account and data (subject to legal retention requirements)
  • Data Portability: Export your health data in machine-readable formats
  • Opt-Out: Unsubscribe from marketing communications
  • Withdraw Consent: Revoke consent for data processing. Withdrawal of consent may require termination of services where processing of health data is essential to functionality.

To exercise these rights, contact us at contact@physiphone.ca. We will respond within 30 days.

7. Data Retention

We retain your information for:

  • Health Records: 16 years after last treatment (or longer if required by law)
  • Audit Logs: 16 years for regulatory compliance and best-practice standards
  • Account Data: Until account deletion (or 90 days after last activity)
  • Payment Records: 16 years for tax and financial compliance

8. Children's Privacy

Our Services support pediatric rehabilitation for children under 18. For users under 18, we require parental consent. Parents/guardians can review, modify, or delete their child's information by contacting us.

9. Data Residency and International Transfers

We are committed to keeping your data secure and complying with local data residency regulations. Your personal and health data is stored based on your location:

  • Clients in India: Your personal and health data is securely stored on servers located within India, in compliance with the Digital Personal Data Protection Act (DPDP). We do not transfer your sensitive health data outside of India without your explicit consent.
  • Clients in Canada & Rest of World: Your data is securely stored on servers located within Canada (and/or the United States where necessary for specific processing), in compliance with PIPEDA and applicable provincial privacy laws.

If you access our Services from outside these regions, your information may be transferred to, stored, and processed in a country different from your residence, but we always ensure adequate safeguards are in place, including standard contractual clauses and appropriate data protection agreements.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering user preferences
  • Analytics and performance monitoring
  • Security and fraud prevention

You can control cookies through your browser settings. Disabling cookies may affect service functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use after changes constitutes acceptance.

12. Contact Us

PhysiPhone Global Healthcare Inc.

Privacy Officer

Email: contact@physiphone.ca

Address: 13402 104 Ave, V3T 1V6, Surrey, BC, Canada

Back to Dashboard