Privacy Policy

1. Introduction

PhysioSense ("we", "our"), operated by Milena Orlandić, sole trader, Vladimira Rolovića 2a, Bar, Montenegro, operates the website physiosense.net. This policy describes how we collect, use, and protect your personal data in accordance with the GDPR, the Montenegrin Law on Personal Data Protection, and applicable data protection laws.

PhysioSense is intended for users aged 16 and older. If you are under 16, you may only use PhysioSense with the consent of a parent or legal guardian.

2. Data We Collect

Account data:

• Email address (for authentication)
• Name (for profile display)
• Role (e.g., physiotherapist, student)
• Professional license number (optional)
• Subscription tier selection
• Payment data (processed by Paddle — we do not store card details)

Health data (GDPR Article 9 — special category):

• Health assessment data (diagnosis, recovery phase, symptom duration, pain level, functional status, patient age, sex, comorbidities, equipment, goals, treatment setting)
• Patient-reported outcomes (pain scores, functional scores, clinical progress, adherence data)
• Generated reports (personalized evidence-based educational content, PDF documents)

Health assessment data refers to clinical scenario parameters entered by the user to generate evidence-based reports. This data describes a clinical scenario and may or may not correspond to an actual patient. PhysioSense does not collect direct patient identifiers (name, date of birth, address, or national ID number).

Clinician users (physiotherapists, physicians, etc.) may optionally enter a patient's email address and phone number during intake. In this case PhysioSense acts as a data processor on behalf of the clinician, who is responsible for obtaining the patient's consent. This contact data is stored alongside the clinical record and deleted with it.

3. How We Use Your Data

• To provide and personalize the platform — Contract, Art. 6(1)(b); Explicit consent for health data, Art. 9(2)(a)
• To process subscriptions and payments — Contract, Art. 6(1)(b)
• To send transactional emails (account confirmation, password reset) — Contract, Art. 6(1)(b)
• For platform security and error tracking — Legitimate interest, Art. 6(1)(f)
• To improve the platform based on aggregated usage (with consent) — Consent, Art. 6(1)(a)
• To generate pseudonymized, aggregate insights from outcome data for research and platform improvement. Applied only to pseudonymized data without direct identifiers. Users can opt out via Settings > Consent Management — Legitimate interest, Art. 6(1)(f)

4. Data Storage & Security

• Database and authentication: Supabase (EU — Ireland). Row-Level Security (RLS) on all tables.
• Application hosting: Vercel (EU — Paris, cdg1). HTTPS/TLS encryption, HSTS with 2-year duration.
• Passwords: hashed via bcrypt (Supabase Auth). We never store passwords in plain text.
• Security headers: Content-Security-Policy, X-Frame-Options (DENY for API, SAMEORIGIN for pages), X-Content-Type-Options: nosniff, CSRF protection on all mutations.
• Outcome backups: encrypted and stored in Supabase Storage (daily backup).

5. Sub-Processors

We use the following sub-processors to process your data:

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data Processing Agreements (DPAs) are in place with all sub-processors.

5b. Cookies

For information about cookies we use, see our Cookie Policy.

5c. International Data Transfers

Your data is stored in the EU: database in Ireland (Supabase), hosting in Paris (Vercel). The only transfer outside the EU is your email address sent to Resend (US) for transactional email delivery, protected under Standard Contractual Clauses (SCCs) pursuant to GDPR Article 46(2)(c). No health data is transferred outside the EU.

6. Your Rights (GDPR)

• Access (Art. 15) — view your data in Settings
• Rectification (Art. 16) — update your data in Settings
• Erasure (Art. 17) — request account deletion in Settings > Profile
• Data Portability (Art. 20) — download all your data in JSON format via Settings > Export Data
• Restriction (Art. 18) — contact privacy@physiosense.net
• Withdraw Consent (Art. 7(3)) — withdraw your consent to health data processing at any time via Settings > Consent Management. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
• Objection (Art. 21) — contact privacy@physiosense.net
• Complaint (Art. 77) — you have the right to lodge a complaint with a supervisory authority. For Montenegro: AZLP, www.azlp.me. For EU residents: your local DPA.

7. Automated Decision-Making

PhysioSense does not make automated decisions about you. Report generation filters published evidence based on your input but does not constitute automated decision-making or profiling under GDPR Article 22. All decisions remain with the clinician.

8. Data Retention

• Account data: while account is active. Deletion on request via Settings.
• Health data: while consent exists. Withdrawing consent triggers deletion.
• Generated reports: removed from user view upon deletion. Pseudonymized data (without direct patient identifiers) may be retained for quality assurance and aggregate research. Email address and certain account data remain linked to the account and are deleted with it. Upon account deletion, all personally identifiable data is permanently deleted within 30 days.
• Payment records: 7 years (legal obligation).
• Error logs: 90 days (Sentry automatic deletion).

9. Policy Changes

If we make material changes to this policy, we will notify you via email at least 14 days before they take effect.

10. Contact

For privacy inquiries, contact us at: privacy@physiosense.net

We have not appointed a Data Protection Officer (DPO) as our processing does not meet the thresholds under GDPR Article 37.

We respond within 30 days in accordance with GDPR requirements.

PhysioSense — Milena Orlandić, sole trader, Vladimira Rolovića 2a, Bar, Montenegro