Privacy Policy
RehabMetrics IQ (“we”, “our”, “us”) is committed to protecting the privacy of our users. This policy explains what information we collect, how we use it, and your rights in relation to it.
1. Information We Collect
When you use RehabMetrics IQ, we collect the following information:
- Account information: Your email address and encrypted password when you register, or your Google account details if you sign in with Google.
- Patient data you enter: Patient initials (no full names), optional patient email address, date of birth, diagnosis category, and clinical outcome measure scores and inputs.
- Payment information: When you subscribe, payments are processed by Stripe, Inc. We do not store your full payment card details. Stripe may collect card details, billing address, and transaction history. See Stripe's privacy policy for how they handle this data.
- Usage data: Basic information about how you interact with the service, such as feature usage and error reports, to help us improve the product.
2. How We Use Your Information
We use your information solely to provide and improve the RehabMetrics IQ service:
- To authenticate your account and maintain your session.
- To store and display the clinical data you enter.
- To send secure patient-reported questionnaire links when you choose to email a follow-up.
- To manage your subscription and trial period.
- To respond to support requests.
We do not sell your data. We do not share your data with third parties except as required to operate the service or as required by law.
3. Data Storage and Sub-Processors
Your account and clinical data is stored using Supabase, a managed cloud database platform built on Amazon Web Services. Our primary database is hosted in Tokyo, Japan (AWS Asia Pacific — Tokyo region).
Because this is outside Australia, your data is subject to a cross-border disclosure under Australian Privacy Principle 8 (APP 8) of the Privacy Act 1988 (Cth). By creating an account and entering patient data, you consent to that disclosure. Supabase and AWS operate under recognised international security standards, including SOC 2 Type II and ISO 27001. Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). Access to your data is restricted to your authenticated account and the small number of Supabase and AWS engineers required to maintain the underlying platform.
We do not transfer your data to any other country, and we will publish notice on this page at least 30 days before changing data location.
If your professional indemnity insurer, employer, or governing body (for example a public health service or large NDIS provider) requires Australian-only data residency, RehabMetrics IQ in its current form may not meet that requirement. Please contact us at Support@RehabMetricsIQ.com before subscribing.
Subscription payments are processed by Stripe, Inc. Stripe operates under its own privacy policy and security certifications. We do not store payment card numbers on our servers.
Patient questionnaire emails are sent through Resend when you choose to email a secure follow-up link. Email content is limited to the secure link, questionnaire name, expiry date, and safety disclaimer. We do not include diagnosis, date of birth, scores, or other clinical details in the email body.
4. Intended Users and Clinical Disclaimer
RehabMetrics IQ is designed for use by licensed clinicians and healthcare professionals. This service is not intended for use by individuals under the age of 17 or by patients directly.
RehabMetrics IQ is a documentation and scoring tool for qualified clinicians. It is not a medical device and does not provide clinical diagnoses or treatment recommendations. All clinical decisions remain the sole responsibility of the treating clinician.
We recommend that you do not enter patient full names, Medicare numbers, or other personally identifiable health information beyond what is needed for your clinical workflow.
Patient-reported questionnaire links are not monitored for emergencies. Patients should be directed to contact emergency services or their treating clinician directly for urgent symptoms or new medical concerns.
5. Data Retention
Your account data and patient records are retained for as long as your account is active. If you close your account or request deletion, your data will be permanently removed within 30 days. See our Data Deletion page for instructions.
6. Your Rights
You have the right to:
- Access the data we hold about you.
- Correct inaccurate data.
- Request deletion of your data.
- Export your data in a portable format — contact us to request this.
7. Sessions and Cookies
On our web platform, we use a secure cookie to maintain your login session. This cookie expires after 30 days of inactivity.
On our mobile app, we use a secure authentication token stored on your device. We do not use cookies in the mobile app.
We do not use tracking cookies or third-party advertising cookies on any platform.
8. Contact
For privacy-related questions or to exercise your rights, contact us at Support@RehabMetricsIQ.com.