REHAND APP PRIVACY POLICY (EN)
Controller/Provider (to be completed):
[Company name], [entity type], registered address: [street, city, ZIP, country].
Privacy contact: [privacy@…] | Support: [support@…]
Data Protection Officer (if appointed): [name / e‑mail]
Effective date: [Month DD, YYYY]
1. Scope & Who We Are
This Policy explains how we process personal data in the ReHand mobile application and related services (the “App”). The App is a wellness/fitness product aimed at general activity, mobility, and wellbeing. It is not a medical device, does not provide medical advice, and is not for diagnosis or treatment.
2. Data We Process
2.1. Account data – email, name/alias, password (hashed), account settings.
2.2. Wellness/activity data – self‑reported fitness level, training preferences, activity logs, progress statistics, technique cues and assessments generated by algorithms.
2.3. Camera & sensors – if you enable motion analysis, image processing occurs locally on your device in real time; we do not store raw video/photos or transmit them to our servers. We may store analysis results (motion metrics) to display statistics.
2.4. Technical data – device/app identifiers, OS version, diagnostics (crash logs), anonymized usage analytics (if enabled).
2.5. Contact/communications – support tickets, survey/feedback responses.
2.6. Third‑party sources (optional) – only if you connect external accounts/services (e.g., Apple/Google sign‑in). We do not integrate medical sources (e.g., HealthKit/Google Fit) unless you explicitly enable a dedicated integration with separate consent.
Note: We do not collect precise geolocation, biometrics, or medical data beyond the “wellness/activity” scope described. If we add such features in the future, we will request separate consent.
3. Purposes & Legal Bases (GDPR)
3.1. Provide the App (account, features, security) – Art. 6(1)(b) GDPR (contract).
3.2. Wellness/activity data (personalization, stats, cues) – your explicit consent to process information relating to health/wellness in a general sense – Art. 9(2)(a) GDPR. You can withdraw consent in settings (this may disable certain features).
3.3. Analytics/improvements, fraud prevention – Art. 6(1)(f) GDPR (legitimate interests – quality and safety). You may object.
3.4. Communications (support, service notices) – Art. 6(1)(b/c/f) GDPR.
3.5. Direct marketing (optional) – email/push only with your consent; you can opt out anytime.
4. Retention
We keep data for as long as your account is active. After deletion, we erase or anonymize data within [30/60] days, except for backups that expire per rotation cycles. Billing records (if any) are kept per legal requirements. Diagnostics logs are typically kept for up to 180 days.
5. Sharing & Processors
We do not sell your data. We share it only with:
- Processors acting on our behalf (hosting/cloud, analytics, support) under data processing agreements;
- Public authorities where required by law;
- Recipients you choose (e.g., a coach/therapist via a “share progress” feature). You can revoke access at any time.
Key vendors (to be completed): [cloud provider, region], [analytics tools].
6. International Transfers
Where data is transferred outside the EEA/UK (e.g., to the U.S.), we implement appropriate safeguards, notably Standard Contractual Clauses (SCCs) and additional technical/organizational measures. We can provide details upon request.
7. Security
We implement safeguards appropriate to the risk: encrypted transport (TLS), encryption at rest with our providers, access controls, environment segregation, and security testing. Camera analysis runs on‑device to minimize transmitted data.
8. Your Rights (EU/EEA/UK)
You have the rights to access, rectify, erase, restrict, port, object to processing based on legitimate interests, and withdraw consent (without affecting past processing). You can lodge a complaint with your data protection authority. Use the App tools or contact us at [privacy@…].
9. Children
The App is intended for adults; users 13+ may use it with parental consent and supervision. We do not knowingly collect data from children under 13.
10. HIPAA & U.S. Notices
In the consumer context, we are not a HIPAA covered entity or business associate. Do not submit PHI unless a separate agreement is in place. We follow high privacy and security standards. For U.S. users, in case of a breach involving health information, we will comply with applicable laws, including the FTC Health Breach Notification Rule.
11. U.S. State Privacy Rights (CCPA/CPRA & others)
If you are a California resident (and similarly under other state laws), you may request information about categories of data collected, sources, purposes, and disclosures; request access, deletion, and correction; and you have the right to non‑discrimination. We do not “sell” or “share” personal information as defined by CCPA/CPRA and do not engage in cross‑context behavioral advertising. Submit requests via [privacy@…].
12. Automated Decisions & AI
We use algorithms/AI to generate movement cues and statistics. This does not produce legal effects nor similarly significantly affect you. You can disable certain features in settings.
13. Changes to This Policy
We may update this Policy for legitimate reasons (law, security, new features). We will notify you of material changes in‑App and/or by email, indicating the effective date.
14. Contact
Privacy inquiries/requests: [privacy@…]
Security incident reports: [security@…]
Postal address: [company address]
OPTIONAL ADDENDA (remove if not applicable)
- HealthKit/Google Fit integrations: if enabled in the future, data from these sources will be used solely for wellness features in the App, not for advertising/marketing, and will not be shared with third parties without your explicit consent; we comply with Apple/Google guidelines.
- Processing on behalf of organizations (B2B/HIPAA): requires a separate agreement (DPA/BAA).
- Processing locations: if we use data centers in [EU/US], specify regions and cloud providers.