Rehabify Health – Privacy Policy

1. Introduction

Rehabify Health ("Rehabify", "we", "our", "us") is committed to protecting the privacy and confidentiality of all users who interact with our digital health platform, including clinics, physiotherapists, patients, and partners.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you access our website, mobile applications, or related services (collectively, the "Platform"). By using Rehabify, you consent to the practices described in this Policy.

2. Data We Collect

We collect different categories of information depending on your role:

a) For Patients

• Personal details: name, date of birth, gender, contact information.
• Medical documents you upload (e.g., scans, prescriptions).
• Treatment plans, assigned exercises, and progress logs.
• Billing and payment information (processed securely through Paystack).

b) For Physiotherapists

• Professional details: name, license number, years of practice, specialties.
• Verification documents (license, tax certificate, insurance proof, etc.).
• Clinical notes, exercise prescriptions, and patient communication logs.

c) For Clinics

• Facility details: registration number, contact details, and location.
• Staff details for assigned physiotherapists.
• Uploaded business documents (licenses, tax documents).

d) For All Users

• Device information: browser type, operating system, and IP address.
• Usage data: login times, features accessed, errors encountered.
• Communication data: messages, calls, notifications.

3. How We Use Your Data

We use the collected information to:

• Provide access to the Platform and its features.
• Enable secure communication between patients and physiotherapists.
• Process billing, payments, and payouts.
• Verify the credentials of physiotherapists and clinics.
• Track treatment progress and generate reports.
• Improve platform functionality, security, and user experience.
• Generate anonymized, aggregated insights to support healthcare research and system improvements.

4. Legal Basis for Processing

We process personal data under the following legal grounds:

• Consent – when patients upload documents or share personal information.
• Contractual necessity – to deliver the services users sign up for.
• Legal obligations – compliance with NDPR, taxation, or regulatory requirements.
• Legitimate interest – improving platform safety, preventing fraud, and conducting research.

5. Data Sharing & Disclosure

We do not sell or rent user data. However, data may be shared in the following cases:

• Physiotherapists and clinics: to provide care and treatment to patients.
• Patients: to receive progress updates and treatment information from physiotherapists.
• With partners – only where referrals are made, with user consent.
• With regulators – if required by Nigerian law or court orders.
• With service providers – payment processors, hosting providers, analytics tools (bound by confidentiality obligations).

6. Data Storage & Security

• All data is stored securely on cloud servers with 99.9% uptime.
• Encryption is applied to sensitive health and payment data in transit and at rest.
• Access is role-based, ensuring only authorized users (e.g., assigned physiotherapist) can view specific patient records.
• Regular security audits and penetration testing are conducted.

7. Data Retention

• Patient records are retained for the duration of care plus 5 years in compliance with medical record standards.
• Physiotherapist/clinic verification documents are retained as long as the accounts remain active.
• Users may request account deletion; however, some data may be retained for regulatory compliance purposes.

8. User Rights

Under NDPR (and GDPR-style protection for future expansion), you have the right to:

• Access the personal data we hold about you.
• Correct inaccuracies in your personal data.
• Request deletion of your personal data ("right to be forgotten").
• Withdraw consent at any time.
• Request a copy of your data in a portable format.

Requests can be made via email to rehabify.app@gmail.com

9. Children's Privacy

Rehabify does not knowingly collect data from individuals under 18 without the consent of their guardian. Parents or guardians are responsible for supervising child accounts.

10. Third-Party Links & Services

Rehabify may contain links to third-party platforms (e.g., referral partners). This Privacy Policy does not cover those platforms, and we are not responsible for their practices.

11. Changes to This Policy

We reserve the right to update this Privacy Policy from time to time. Updates will be communicated via email or platform notification, and continued use of the Platform indicates acceptance.

12. Contact Us

For privacy-related inquiries or complaints, please contact: