Data Privacy, Collection and Use

This page builds upon our Privacy Policy and is intended to help you understand the data we collect, how we store and use that data.

Definition of terms:

Throughout this page, we will refer to “Users”, “Clients” and “Service(s)”.

“Users” are clinicians, therapists, coaches etc. Those who use the Rehab Guru Web and Mobile apps to prescribe exercises to “Clients”.  

Clients” are patients, athletes or those receiving care from a Rehab Guru “User”.  

“Service(s)” is the collective web, mobile, infrastructure and third parties that encompass the Rehab Guru platform.  

This page will cover the following:

  • The information we collect about Users and Clients
  • How we use the information we collect
  • How we store and secure the information we collect

THE INFORMATION WE COLLECT ABOUT USERS AND CLIENTS

We collect and store information which Users and Clients input into to deliver our Services. This information includes:

Information you provide us

User account and profile information: We collect and store account information when you register and complete your user profile. For example, we collect your name and email address and marketing preferences when you register to use Rehab Guru.  

Input Data: All information you wish to be ‘saved’ within our Service will be stored. Examples of this include the creation of treatment notes, saved client information, created exercises, saved templates, uploaded information.  

Client Information: We collect and store the data that is input by Users on Clients. For example, to create a client on our Service the User inputs a Client name and email address. (Note: permission for the storing and processing of this information should be obtained by the User as they are the Data controller of their Clients information – see GDPR Rehab Guru as a Data Processor). We also store data that Clients create. For example, as a Client follows their exercise programme using the Client App they will input data such as pain and wellness scores, notes, activity data etc.

The content you provide through other services

Imported Data: Connecting an integration such as an Electronic Health Record system could provide our Service with data you wish to remain persisted (saved).

Fitness and Activity Data: Connecting the Rehab Guru Client App and approving its access to your smart devices' activity data means it will in-turn provide this content to our Service for persistence (note: Clients remain in complete control over the data they share via their device settings).  

Information you provide through support and help channels

Our Services provides several support Channels, including help tickets, live chat and email. The information you provide in support correspondence is stored. A summary of the information we store in the opening of a help ticket includes, name, email address, a summary of the issue and contact details.  

Payment Information

When you subscribe to a paid plan some payment information will be taken from you. Our Service does not store any payment information these are collected and stored directly in a secure payment processing service (see Sub-Processors Braintree and Chargebee).  

Information automatically collected

Usage Data: Analytical data is collected while you use our Services. This information includes the elements you interact with (click / tap on), the volume of data created, usage amount (for example, the number of programmes sent, clients created, PDFs download, templates created).  

Device and Connection Information: We collect information on the devices used to interact with our Service. Including the country of origin, device type, browser information, crash data, referring pages to provide a better experience through understanding our users.  

How we use the information we collect

The primary use of the information we collect is to deliver and improve our Service. Our mantra is to collect as little data as possible to deliver a gold standard service. We offer transparency on all the uses for your data below.

To enable users to deliver a service for Clients: Users are the Data Controller of Client data, our Service provides Users with the means to collect and store the Client data required to deliver a complete exercise prescription solution. This fits the GDPR model described on the GDPR page, whereby Users are the Data Controllers and the Rehab Guru Service is the Data Processor. Rehab Guru respects the difference between Client data and User data (Clients didn’t sign up, their Physiotherapist did), therefore we do not perform any communication or marketing directly to Clients. One example of an occasion when we would communicate directly with clients is if they write into support for assistance.  

To provide our services and tailor your experience: We use the information about you to securely authenticate you, provide support, operate, maintain and improve our service. Based on your usage and interactions with our service we may highlight things which you may find helpful. For example, if you have never visited the customisation page, we may highlight that you’re missing out on customised client emails and client portals.

For Service improvement, research and development: We are always looking for ways to make our Service, faster, secure, intuitive and feature-rich. Usage data, trends and analytics assist in creating our feature roadmap, identify issues and squash bugs. For example, if an app crashes while it is being used it will report this crash to our bug tracking software. We can use the information in automated bug reports to improve our Apps and if required notify users of issues and rectification steps.

Customer support: We use user information to resolve help tickets that are submitted to our support team. Technical issues often require our team to check the settings on your account to resolve the issue. Anonymised support issues are retained for service improvement and prioritisation of engineering tasks.

Security: User information is used for the verification of users, for example, we may ask for an email sent “From” the registered account for us to check your identity when requesting a change on an account. To check this information, we need to access the account username. User data is also used in the detection, prevention and response to possible security incidents, fraudulent requests and illegal activity.

How we store and secure the information we collect

Data is stored in a central encrypted database, external to the Users and Clients devices. Some data remains cached in the devices for performance reasons; however, this does not persist longer than the user's session.  

All data is transmitted and stored in an encrypted state (see Data Security), industry-standard measures are employed for the transmissions and storage of user data.  

Our Security page demonstrates that our Service is at the cutting edge of what can be offered from an Information Security perspective. Rehab Guru make every effort to protect your information, however no security system is impenetrable (no organisation can guarantee this). We cannot offer a 100% guarantee that transmission and storage is 100% safe from intrusion.