FitMe Physio collects several categories of data to provide and improve its services. These include personal data such as name, phone number, and email address; protected health information (PHI), including medical history, treatment records, and prescriptions; payment data including billing information, which is processed through secure channels; and technical data, such as IP addresses and cookies, used solely for website analytics. All health-related data is collected only with the explicit consent of the user and is stored and managed in full compliance with HIPAA and GDPR regulations.

All data processing activities are conducted at our secure operational facilities and other locations where authorized parties involved in the treatment or operations are located. Processing is carried out using encrypted digital systems. We maintain HIPAA-compliant electronic health records, enforce GDPR-standard access control mechanisms, and follow the ethical data handling guidelines as defined by BAPIO.

FitMe Physio processes user data under several legal justifications. In cases where treatment is required, data is processed based on medical necessity as per HIPAA. For users located within the European Union, we rely on explicit consent to meet GDPR compliance. Data may also be processed when required to fulfill legal obligations under healthcare regulations, or in situations where we have a legitimate interest in doing so, such as for sending appointment reminders or improving the quality of our services.

We retain different categories of data for varying durations based on their purpose and legal requirements. Medical records are stored for a minimum of seven years or longer if required by law. Payment data is retained until transactions are completed and for an additional one year for administrative purposes. Website and technical analytics data are typically retained for up to 26 months. Once the relevant retention periods expire, the corresponding personal data is securely deleted.

The information collected from users is primarily processed to deliver physiotherapy treatment, manage medical documentation, and support insurance claim procedures. Additionally, data is used to send secure appointment reminders and to enhance the quality of our services through the use of anonymized usage data.

In accordance with HIPAA, GDPR, and BAPIO ethical standards, users have several rights concerning their personal and health data. Users may access their health records, request corrections to inaccurate information, withdraw previously given consent for non-essential communications, and request the deletion of their data where legally permissible. They may also request to receive their personal data in a portable format and have the right to lodge formal complaints with regulatory authorities regarding data handling practices.

User data may be used for legal purposes by FitMe Physio in cases involving misuse of the platform or services. This may include use in court proceedings or in the preliminary stages leading to legal action.

FitMe Physio employs robust data security protocols to protect personal and health information. These include end-to-end encryption of health data, regular training for staff on confidentiality and data protection, secure disposal methods for sensitive documents, and independent third-party audits conducted annually to ensure continued compliance and improvement.

For diagnostic and maintenance purposes, FitMe Physio and its authorized third-party service providers may maintain logs that record user interactions with our website and services. These may include technical identifiers such as IP addresses and access timestamps, used strictly for system performance and security monitoring.

FitMe Physio reserves the right to modify this privacy policy at any time. Users will be informed of significant updates via email notifications or visible notices posted on the website. Continued use of our services after changes have been published constitutes acceptance of the updated policy terms.