Privacy Policy

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, phone number, and professional credentials
• Clinic or practice information
• Billing and payment information
• Profile information and preferences

2.2 Patient Health Information (PHI)

Healthcare professionals using our platform may input patient health information, including:

• Patient demographics and contact information
• Medical history and assessment data
• Treatment plans and progress notes
• Clinical test results and measurements
• Images, videos, and other clinical documentation

2.3 Technical Information

We automatically collect certain technical information, including:

• IP address, browser type, and device information
• Usage patterns and feature interactions
• Log files and system performance data
• Cookies and similar tracking technologies

3.1 Service Provision

We use your information to:

• Provide and maintain the AssessPro platform
• Process assessments and generate reports
• Enable communication between healthcare providers and patients
• Backup and restore your data

3.2 Account Management

We use your information to:

• Create and manage user accounts
• Authenticate users and prevent unauthorized access
• Process billing and subscription management
• Provide customer support and technical assistance

3.3 Improvement and Analytics

We may use aggregated, de-identified data to:

• Improve our services and develop new features
• Analyze usage patterns and system performance
• Conduct research to advance physiotherapy practices
• Generate industry insights and benchmarks

4.1 Security Measures

We implement comprehensive security measures to protect your information:

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• SOC 2 Type II compliance and certification
• Employee background checks and security training

4.2 Data Centers

Our data is hosted in secure, HIPAA-compliant data centers with 24/7 monitoring, redundant systems, and disaster recovery capabilities. All data centers maintain industry-leading security certifications and compliance standards.

4.3 Incident Response

In the unlikely event of a security incident, we have established procedures to quickly identify, contain, and remediate any issues. We will notify affected users and relevant authorities as required by applicable laws and regulations.

5.1 Business Associate Agreement

For healthcare providers subject to HIPAA, AssessPro serves as a Business Associate. We maintain appropriate safeguards for protected health information (PHI) and comply with all applicable HIPAA requirements, including the Security Rule, Privacy Rule, and Breach Notification Rule.

5.2 Minimum Necessary Standard

We adhere to the minimum necessary standard, ensuring that access to PHI is limited to the minimum amount necessary to accomplish the intended purpose. Role-based access controls ensure that users can only access information relevant to their responsibilities.

6.1 GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR). You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, please contact our Data Protection Officer.

6.2 Data Transfers

When transferring data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and ensure that adequate levels of protection are maintained in accordance with applicable data protection laws.

8.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform, including cloud hosting, payment processing, and customer support. All service providers are required to maintain appropriate security measures and confidentiality agreements.

8.2 Integration Partners

AssessPro may integrate with other healthcare systems and electronic health records (EHRs). Data sharing with integration partners is governed by separate agreements and is subject to your explicit consent and configuration.

9.1 Access and Control

You have the right to:

• Access and review your personal information
• Correct inaccurate or incomplete information
• Request deletion of your data (subject to legal requirements)
• Export your data in a portable format
• Opt-out of marketing communications

9.2 Cookie Preferences

You can manage your cookie preferences through your browser settings or our cookie preference center. Note that disabling certain cookies may affect the functionality of our platform.