Privacy Policy – Rehbox Physio

Company: Rehbox Limited

Registered Address: 81 Wollaton Road, Ferndown, Dorset, BH22 8QS

Last updated: 1st September 2025

1. Who We Are

Rehbox Limited (“we”, “our”, “us”) provides the Rehbox Physio application, an AI-assisted physiotherapy platform that delivers movement analysis, rehabilitation coaching, and progress tracking. We are the data controller responsible for your personal information.

2. What Data We Collect

  • Personal details: name, age, gender, and contact information.
  • Health data (special category): injury details, rehabilitation progress, and exercise compliance.
  • Movement data: joint angles, posture, and movement metrics captured in real time from your device camera or sensors.
  • Technical data: IP address, device type, and usage analytics.

⚠️ We do not record, save, or transmit any raw video or images. Instead, we extract anonymised data points (e.g., joint angles) which are stored securely to support your physiotherapy.

3. How We Process Your Data

  • Real-time analysis is performed locally on your device (edge computing).
  • No internet is required for the app to function.
  • When an internet connection is available, anonymised movement data is securely transmitted to your physiotherapist.
  • Data is encrypted in transit and at rest.

4. Why We Collect Your Data (Legal Basis)

  • Healthcare delivery: to provide physiotherapy assessment and progress tracking. (GDPR Article 6(1)(b); Article 9(2)(h))
  • Consent: for optional services, such as research participation or marketing.

5. Data Sharing

We only share your data with:

  • Your chosen physiotherapist or healthcare professional (with your consent).
  • Third-party service providers (e.g., secure cloud hosting, analytics) under GDPR-compliant contracts.
  • Regulators or authorities where legally required.
  • We do not sell your data.

6. Data Retention

  • Health and rehabilitation data: 7 years (to align with NHS clinical records standards).
  • Technical/log data: 2 years.
  • Consent-based data: until consent is withdrawn.

7. Your Rights

You have the right to:

  • Access, correct, or delete your data.
  • Restrict or object to processing.
  • Request portability of your data.
  • Withdraw consent at any time.
  • File a complaint with the ICO (www.ico.org.uk).

8. Security

We apply industry best practices, including:

  • AES-256 encryption, TLS 1.2+ secure transmission.
  • Access controls and regular audits.
  • Local device data auto-cleared once synchronised.

9. Contact Us

For privacy enquiries:

📧 [Insert DPO email]

📮 Rehbox Limited, 81 Wollaton Road, Ferndown, Dorset, BH22 8QS

Quick Contact Form

    Ask directly your questions to theme author.