top of page

Privacy Policy RehabTrack

Effective Date: 17-04-2026

Introduction

This Privacy Policy explains how RehabTrack, developed by NeuroRehab Technologies OÜ, collects, uses, stores, and protects personal information. We comply with the General Data Protection Regulation (GDPR) and are committed to transparency and user control. RehabTrack is not a medical device and is not covered by HIPAA or other medical data regulations.

Information We Collect

We collect the following information directly from users:

- Email address: used for account registration, authentication, and communication about app updates or service information.

- Demographic information: gender, birth month, and year.

- Pain and health data: self-reported responses to questionnaires and pain tracking entries.

We do not automatically collect personal data such as device identifiers, GPS location, or usage analytics. Only minimal technical logs may be processed for maintenance and security.

How We Use Information

Collected data are used to:

- Provide, operate, and maintain the user account.

- Communicate updates and necessary service notifications.

- Improve app functionality and design.

- Use anonymized data for research, statistical analysis, and product improvement.

We do not sell or share personal data with third parties

Data Storage and Retention

User data are stored both on the user’s device and on Amazon Web Services (AWS) servers.

- Identifiable data (email) are retained only while the user maintains an account.

- Upon deletion request, the user’s account and associated email will be permanently removed.

- Anonymized demographic and pain data may be retained indefinitely for research and statistical purposes, as they cannot be linked back to individual users.

Data Sharing

We do not share data for advertising, marketing, or external analytics. AWS acts solely as a data processor, hosting encrypted data under a Data Processing Agreement (DPA) with NeuroRehab Technologies OÜ.

Security

We take appropriate technical and organizational measures to protect data, including:

- Encryption at rest on AWS servers.

- Password-protected accounts.

Data are not encrypted during transmission, and users should be aware of potential security risks when transferring personal data over the internet. Users are advised not to share login credentials and to use strong passwords.

User Rights (GDPR)

Users located in the European Economic Area (EEA) have the following rights:

- Access: obtain a copy of personal data.

- Correction: request updates to inaccurate data.

- Deletion: request removal of account and identifiable information.

- Withdrawal of consent: stop further data processing.

- Portability: request export of personal data.

 

Anonymized data cannot be re-linked and therefore are excluded from deletion requests.

 

Deletion or access requests can be submitted via email to the address below. Requests will be processed within 30 days.

Children's Privacy

RehabTrack is intended for individuals 16 years of age or older. We do not knowingly collect data from anyone under 16. If we learn that data from a minor have been collected, we will delete them immediately.

Changes to this Policy

We may update this Privacy Policy periodically. Updates will be published within the app or on our website. Continued use of RehabTrack after changes take effect constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or to exercise your rights, contact:

 

NeuroRehab Technologies OÜ

Website: www.neurorehabtech.com

Email: info@neurorehabtech.com

bottom of page