Privacy Policy

1. Introduction

Fine Point Rehab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our rehabilitation exercises.

We respect your privacy and are committed to protecting it through our compliance with this policy. Please read this policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website. By accessing or using our website, you agree to this privacy policy.

Privacy-First Design: Our platform is designed with privacy as a fundamental principle. Most of your data never leaves your device, giving you complete control over your rehabilitation journey.

2. Our Data Principles

We believe in transparent, user-controlled data practices:

• Local-First Storage: Your exercise data, progress, and preferences are stored locally on your device, not on our servers.
• Data Minimization: We collect only the minimum information necessary to provide our services.
• User Control: You have complete control over your data and can export, delete, or modify it at any time.
• Transparency: We clearly explain what data we collect, how we use it, and who we share it with.
• No Tracking: We do not track you across other websites or build advertising profiles.
• Optional Enhancement: Any data sharing for service improvement is optional and clearly disclosed.

3. Information We Collect

We collect very limited information from users of our website, adhering to data minimization principles:

Information Stored Locally on Your Device:

• Exercise Progress: Scores, completion times, difficulty levels, and performance metrics
• User Preferences: Theme settings, audio preferences, exercise configurations
• Achievement Data: Unlocked achievements, streak counters, point totals
• Session History: Exercise completion records and practice statistics

This data is stored using browser localStorage technology and never transmitted to our servers.

Information We May Collect:

• Contact Information: When you voluntarily contact us, we may collect your name, email address, and message content.
• Technical Information: Basic server logs including IP addresses (anonymized), browser type, and access times for security and performance monitoring.
• Analytics Data: Anonymized usage statistics through Google Analytics (with IP anonymization enabled) to understand how users interact with our website.

What We Don't Collect:

• Health information or medical data
• Personal identifying information without your explicit consent
• Location data beyond general geographic region
• Social media profiles or external account information
• Detailed behavioral tracking or advertising profiles

4. Local Storage & Data Control

Our platform uses browser localStorage technology to provide you with complete control over your rehabilitation data:

How Local Storage Works:

• Device-Only Storage: All your exercise data remains on your device and is never transmitted to our servers
• No Account Required: You can use all features without creating an account or providing personal information
• Persistent Data: Your progress persists between sessions until you choose to clear it
• Browser-Specific: Data is tied to your specific browser and device combination

Your Data Control Options:

• Export Your Data: Download all your progress data in JSON format for backup or transfer
• Import Data: Restore your progress from a previously exported file
• Clear Specific Data: Reset individual exercises, achievements, or preferences
• Complete Reset: Clear all stored data and start fresh
• Browser Controls: Use your browser's privacy settings to manage or delete localStorage

Data Portability:

You can export your data at any time in a machine-readable format (JSON). This exported data includes:

• All exercise scores and completion data
• Achievement unlocks and progress metrics
• User preferences and settings
• Session history and statistics

Data Retention:

Since data is stored locally on your device:

• Data persists until you actively delete it
• Clearing browser data will remove your progress
• We recommend periodic data exports for backup
• No automatic data expiration or deletion by us

5. How We Use Your Information

We use the limited information we collect for legitimate business purposes only:

Server-Side Information:

• To provide and maintain our website and exercises
• To respond to your inquiries if you contact us
• To protect our website from unauthorized access or malicious activities
• To understand overall usage patterns and improve our services
• To comply with legal obligations

Local Device Information:

• To save your exercise progress and preferences
• To provide personalized difficulty adjustments
• To track achievements and motivation features
• To enable data export and import functionality

Legal Basis (GDPR): We process your information based on:

• Legitimate Interest: Website operation, security, and improvement
• Consent: Contact form submissions and analytics (where required)
• Contract Performance: Providing the rehabilitation services you request

6. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to outside parties. Limited sharing occurs only in these specific circumstances:

Service Providers:

• Website Hosting: Our hosting provider processes basic server logs
• Google Analytics: Anonymized usage statistics for service improvement
• Email Service: If you contact us, your message is processed through our email provider

Legal Requirements:

• We may disclose information if required by law
• To respond to valid legal requests by public authorities
• To protect our rights, property, or safety
• To protect the rights, property, or safety of our users

Your Exercise Data: Since your exercise data and preferences are stored locally on your device, we do not have access to this information and therefore cannot share it with third parties under any circumstances.

7. Your Rights and Choices

You have comprehensive control over your information and significant rights regarding your data:

Rights Regarding Local Data:

• Access: View all your stored data through browser developer tools or our export feature
• Rectification: Modify any stored preferences or data directly in the application
• Erasure: Delete specific data points or completely reset all stored information
• Portability: Export your data in JSON format for transfer to other devices or services
• Restriction: Disable specific features or data collection through application settings

Rights Regarding Server Data:

• Access: Request a copy of any personal information we hold about you
• Rectification: Correct any inaccurate personal information
• Erasure: Request deletion of your personal information (right to be forgotten)
• Object: Object to processing of your personal information
• Withdraw Consent: Withdraw consent for analytics or communications at any time

How to Exercise Your Rights:

• Local Data: Use the application's data management features or browser settings
• Server Data: Contact us at info@finepointrehab.com with your request
• Analytics Consent: Grant or withdraw consent for Google Analytics tracking
• Analytics Opt-out: Install Google Analytics opt-out browser add-on
• Browser Controls: Adjust privacy settings, clear cookies, or block tracking

Response Time: We will respond to rights requests within 30 days (as required by GDPR) and provide clear information about any actions taken.

8. Data Security

We implement comprehensive security measures to protect your information:

Technical Measures:

• HTTPS Encryption: All data transmission is encrypted using TLS/SSL
• Secure Headers: Implementation of security headers to prevent common attacks
• Regular Updates: Timely security patches and software updates
• Access Controls: Limited access to any server-side data

Organizational Measures:

• Privacy by Design: Security considerations built into all development processes
• Data Minimization: Collecting only necessary information
• Regular Assessments: Periodic security and privacy reviews
• Incident Response: Procedures for handling any security incidents

Local Data Security:

Since most of your data is stored locally on your device:

• Data security depends on your device's security measures
• Use device lock screens and security features
• Regular data exports provide backup protection
• No risk of server-side data breaches for your exercise data

Breach Notification: In the unlikely event of a data breach affecting any server-side information, we will notify affected users and relevant authorities within 72 hours as required by law.

9. Future Features

We may introduce optional account-based features in the future. These will be designed with the same privacy-first principles:

Potential Future Features:

• Optional Cloud Sync: Backup your progress across devices (with explicit consent)
• Therapist Dashboard: Share progress with healthcare providers (with your permission)
• Community Features: Connect with other users (with privacy controls)
• Advanced Analytics: Enhanced progress tracking (with opt-in consent)

Privacy Commitments for Future Features:

• Always Optional: Account creation and cloud features will remain optional
• Local-First: Local storage will continue to be the primary option
• Explicit Consent: Clear opt-in consent for any new data collection
• Data Portability: Easy export and deletion of any cloud-stored data
• Granular Controls: Fine-grained privacy settings for sharing and sync

Any future features will be introduced with updated privacy notices and clear user choice. Your current local-only experience will always remain available.

10. GDPR Compliance

We are committed to compliance with the General Data Protection Regulation (GDPR) and similar privacy laws:

Lawful Basis for Processing:

• Legitimate Interest: Website operation, security monitoring, and service improvement
• Consent: Contact forms, newsletter subscriptions, and optional analytics
• Contract: Providing the rehabilitation services you request

Data Protection Principles:

• Lawfulness, Fairness, Transparency: Clear communication about data practices
• Purpose Limitation: Data used only for stated purposes
• Data Minimisation: Collecting only necessary information
• Accuracy: Keeping data accurate and up to date
• Storage Limitation: Retaining data only as long as necessary
• Security: Appropriate technical and organizational measures
• Accountability: Demonstrating compliance with data protection principles

International Data Transfers:

If you access our website from outside the United States:

• Your local exercise data never leaves your device
• Any server communication is encrypted and minimal
• Google Analytics may transfer anonymized data internationally
• We rely on Google's adequate safeguards for international transfers

Supervisory Authority:

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates GDPR.

11. Children's Privacy

We take children's privacy seriously and comply with applicable children's privacy laws:

Age Restrictions:

• Our website and exercises are not directed to children under the age of 16
• We do not knowingly collect personal information from children under 16
• If you are under 16, please obtain parental consent before using our services

Parental Rights:

If you are a parent or guardian and believe your child has provided us with personal information:

• Contact us immediately at info@finepointrehab.com
• We will investigate and delete any such information promptly
• You can request access to any information we may hold about your child
• Local device data can be managed through browser settings

Safe Design:

• No social features or communication capabilities
• No collection of location or contact information
• Local storage ensures no data sharing
• Educational and therapeutic focus without entertainment tracking

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors:

How We Handle Changes:

• Material Changes: We will provide prominent notice for significant changes that affect your rights
• Notice Period: We will provide at least 30 days' notice for material changes
• Continued Use: Continued use of our services after changes constitutes acceptance
• Version Control: We maintain version history and clearly mark update dates

Notification Methods:

• Updated "Last Updated" date on this page
• Prominent notice on our website for material changes
• Email notification if you have provided contact information
• In-application notification for significant policy changes

Your Options: If you disagree with any changes, you may stop using our services and delete any locally stored data. For material changes that expand data collection, we may seek additional consent.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, we encourage you to contact us:

Contact Information:

• Email: info@finepointrehab.com
• Subject Line: Include "Privacy Policy" for faster response
• Response Time: We aim to respond within 48 hours for general inquiries
• Rights Requests: GDPR and privacy rights requests will be handled within 30 days

What to Include in Your Message:

• Clear description of your question or request
• Specific section of this policy you're asking about
• Your preferred method and timeline for response
• Any relevant details that help us assist you

Data Protection Officer:

For complex privacy matters or formal complaints, you may request to speak with our data protection officer by including "DPO Request" in your email subject line.