Privacy & Data Protection Policy

We collect what is needed to provide and improve the service, including:

• Account information: name, mobile number, email, encrypted password, and date of birth when provided.
• Health & rehabilitation data: primary complaint, programs, exercises, adherence logs, pain and fatigue levels, and clinical notes.
• Usage data: pages and interactions, IP address, device and browser type, and performance and error logs to improve the service and its security.
• Payment data: processed through secure, trusted payment gateways; the Platform does not store card numbers or CVV codes.

Your data is processed on one of the legal bases applicable in the Kingdom: your explicit consent, performance of a contract between you and the Platform, compliance with a legal requirement, protection of a vital interest, or the Platform’s legitimate interest in a manner not conflicting with your rights.

• Operating the Platform and providing exercise follow-up services.
• Personalizing your experience and showing the program and content suited to your case.
• Sending essential notifications about your account, program, or subscription.
• Strengthening security, resolving issues, and preventing fraud and unlawful use.

We do not sell your personal or health data to anyone under any circumstances. We may share only the necessary minimum with trusted service providers (hosting, analytics, payment gateways, notifications) under agreements binding them to the same protection obligations. We may disclose it to competent authorities under a judicial or regulatory order.

We handle health data with the utmost sensitivity and care. It is never used for advertising or shared for marketing purposes under any circumstances; it is used only to support your exercise program, show your progress, and enable your physiotherapist or affiliated clinic to follow up.

We retain your personal data for as long as your account is active or as needed to provide the service. Upon your account deletion request, we delete or anonymize your personal data within thirty (30) days, retaining what is legally required for audit and review purposes.

The applicable laws in the Kingdom guarantee you the following rights, which you may exercise free of charge by contacting us:

• Right to know: be informed about the data collected and the purposes of processing.
• Right to access: obtain a copy of your data in a readable format.
• Right to rectification: correct any inaccurate or incomplete data.
• Right to erasure: request destruction of your data within legal limits.
• Right to restrict processing: halt processing of your data in specific cases.
• Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

We apply appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS) and at rest (AES-256), access controls, continuous monitoring, and regular security reviews aligned with recognized best practices.

We use necessary cookies for login, session management, and performance, alongside analytical cookies to understand and improve Platform usage. You can manage their settings from your browser; disabling some may affect how the Platform works.

The Platform is not directed at individuals under 18, and we do not knowingly collect their data. If a minor needs the service for rehabilitation purposes, it must be done through a guardian or licensed therapist account.

We may update this policy from time to time to reflect new developments, and the updated version is published on this page. For material changes, we notify you via email or in-platform notice before they take effect.