Back to Dashboard

Privacy Policy

Last Updated: December 12, 2025

1. Introduction

PhysiPhone Global Healthcare Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital rehabilitation platform and related services (the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you personally, including:

  • Name, email address, and phone number
  • Account credentials (username and encrypted password)
  • Payment information (processed securely by Stripe)
  • Professional credentials (for physiotherapists)

2.2 Health Information (PHI)

We collect Protected Health Information as required to provide digital rehabilitation guidance:

  • Medical history and symptoms
  • Physical health data (ROM measurements, photos/videos)
  • Rehabilitation programs and routine details
  • Progress notes and reassessment data
  • Communications with clinical support

HIPAA Compliance: We are committed to HIPAA compliance and implement administrative, physical, and technical safeguards to protect your health information. All PHI is encrypted in transit and at rest.

2.3 Usage Data

We automatically collect information about your use of our Services:

  • Device information (browser type, OS, device ID)
  • IP address and geolocation data
  • Usage patterns (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for:

  • Service Delivery: Providing health intakes, rehabilitation programs, and ongoing care checks
  • Communication: Sending reminders, program updates, and service notifications
  • Payment Processing: Processing subscription fees and provider payments via Stripe
  • AI Processing: Analyzing health data to generate personalized care pathway options
  • Platform Improvement: Enhancing our algorithms, user experience, and service quality
  • Compliance: Maintaining audit logs for HIPAA compliance and regulatory requirements
  • Security: Detecting and preventing fraud, abuse, and unauthorized access

4. Information Sharing and Disclosure

4.1 With Your Consent

We may share your information with:

  • Clinical Support System: For program generation and safety monitoring
  • Healthcare Providers: When you authorize sharing with your doctor or physical therapist

4.2 Service Providers

We share data with trusted third-party service providers:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Google Cloud / Vercel: Hosting and infrastructure
  • Firebase: Database and authentication services
  • OpenAI: AI-powered health analysis (PHI is anonymized)
  • WhatsApp (Meta): Secure messaging with physiotherapists

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process (subpoenas, court orders)
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Respond to emergencies involving imminent harm

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access with multi-factor authentication for staff
  • Audit Logging: Comprehensive logging of all PHI access (retained for 16 years)
  • Regular Security Audits: Penetration testing and vulnerability assessments
  • Employee Training: HIPAA and security awareness training for all staff

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any breaches as required by law.

6. Your Privacy Rights

6.1 HIPAA Rights

Under HIPAA, you have the right to:

  • Access: Request copies of your health information
  • Amendment: Request corrections to inaccurate information
  • Accounting: Receive a list of disclosures of your PHI
  • Restrictions: Request limits on how we use/disclose your information
  • Confidential Communications: Request communications via specific methods

6.2 General Rights

You also have the right to:

  • Deletion: Request deletion of your account and data (subject to legal retention requirements)
  • Data Portability: Export your health data in machine-readable formats
  • Opt-Out: Unsubscribe from marketing communications
  • Withdraw Consent: Revoke consent for data processing (may limit service availability)

To exercise these rights, contact us at contact@physiphone.ca. We will respond within 30 days.

7. Data Retention

We retain your information for:

  • Health Records: 16 years after last treatment (or longer if required by law)
  • Audit Logs: 16 years for HIPAA compliance
  • Account Data: Until account deletion (or 90 days after last activity)
  • Payment Records: 16 years for tax and financial compliance

8. Children's Privacy

Our Services support pediatric rehabilitation for children under 18. For users under 18, we require parental consent. Parents/guardians can review, modify, or delete their child's information by contacting us.

9. Data Residency and International Transfers

We are committed to keeping your data secure and complying with local data residency regulations. Your personal and health data is stored based on your location:

  • Clients in India: Your personal and health data is securely stored on servers located within India, in compliance with the Digital Personal Data Protection Act (DPDP). We do not transfer your sensitive health data outside of India without your explicit consent.
  • Clients in Canada & Rest of World: Your data is securely stored on servers located within Canada (and/or the United States where necessary for specific processing), in compliance with PIPEDA and applicable provincial privacy laws.

If you access our Services from outside these regions, your information may be transferred to, stored, and processed in a country different from your residence, but we always ensure adequate safeguards are in place, including standard contractual clauses and HIPAA-compliant Business Associate Agreements.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering user preferences
  • Analytics and performance monitoring
  • Security and fraud prevention

You can control cookies through your browser settings. Disabling cookies may affect service functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use after changes constitutes acceptance.

12. Contact Us

PhysiPhone Global Healthcare Inc.

Privacy Officer

Email: contact@physiphone.ca

Address: 13402 104 Ave, V3T 1V6, Surrey, BC, Canada

Back to Dashboard