Logo
Get Started

Privacy Policy

Effective Date: 03.04.2026

1. Introduction

This Privacy Policy explains how ProposeTech Limited ("Propose", "we", "us") collects and processes personal data through its product Propose Professional.

We comply with applicable data protection laws, including UK GDPR and the Data Protection Act 2018.

2. Who Uses the Service

Our platform is used by patients, physiotherapists, and clinic administrators. Users must be 16 years or older.

3. Data We Collect

We collect information necessary to provide and improve the Service.

  • Account data: name, email address, password, and age.
  • Health and movement data: pain scores, recovery feedback, range of motion (ROM), joint angles, pose estimation data, and asymmetry metrics.
  • Technical data: device type, operating system, usage analytics, and crash logs.

We do not store raw video recordings. Movement analysis is performed without storing identifiable video data.

4. How We Use Data

We use personal data to operate and improve the Service. This includes delivering real-time feedback, tracking rehabilitation progress, enabling physiotherapists to monitor patients, and supporting adherence to prescribed exercises.

We also use data to improve product performance, analyze usage, and maintain system reliability.

Where users have given consent, we may send updates or communications about the Service.

5. Health Data and Consent

We process health and movement data only where necessary to provide our services and in accordance with applicable data protection laws, including UK GDPR.

Before using features that involve health-related data, users are required to provide explicit consent:

"I explicitly consent to the processing of my health and movement data by ProposeTech Limited for physiotherapy support, progress tracking, and clinician monitoring. I understand that my data will be shared with my assigned physiotherapist and processed securely. I understand that I may withdraw my consent at any time by contacting us at hello@proposetech.com."

Users may withdraw their consent at any time by contacting us at hello@proposetech.com. Withdrawal of consent may limit or prevent the use of certain features of the Service.

6. Use of Aggregated and Anonymized Data

We may use data in an aggregated and anonymized form for research, analytics, product development, statistical reporting, and potential partnerships. This data does not identify any individual user and cannot reasonably be re-identified.

Anonymized data is not considered personal data under applicable data protection laws.

7. Legal Basis for Processing

  • Contractual necessity to provide the service
  • Explicit consent for processing health-related data
  • Legitimate interests for analytics, product improvement, and fraud prevention
  • Consent for marketing communications

8. Data Sharing

We share personal data only where necessary to provide the Service.

  • Physiotherapists may access data of patients assigned to them.
  • Clinic administrators may access aggregated clinic-level statistics and users within their clinic.
  • We use Amazon Web Services (AWS) for hosting, database, and storage.

We do not sell personal data or share it with third parties for marketing purposes.

9. Data Storage and Infrastructure

  • Cloud provider: Amazon Web Services (AWS)
  • Region: EU West (London, United Kingdom)
  • Application hosting: AWS EC2
  • Database: AWS RDS (PostgreSQL)

We store and process personal data within the United Kingdom and the European Economic Area.

10. Data Retention

We retain personal data only as long as necessary. Active accounts are retained for the duration of use. Inactive accounts are retained for up to 2 years, after which data is deleted or anonymized.

11. Data Security

We implement appropriate technical and organizational security measures including encryption in transit (HTTPS), encryption at rest, and role-based access control. Movement analysis is performed on-device where possible.

12. Data Access Model

  • Patients can access only their own data.
  • Physiotherapists can access data of patients assigned to them.
  • Clinic administrators can access aggregated clinic-level statistics and users within their clinic.
  • Super administrators may access platform-wide data strictly for system management.

13. International Transfers

We store and process personal data within the United Kingdom and the European Economic Area where possible. Where transfers outside these regions occur, we implement appropriate safeguards including the UK IDTA and Standard Contractual Clauses (SCCs).

14. Your Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Request data portability

To exercise these rights, contact hello@proposetech.com.

15. Data Protection Contact

We have not appointed a Data Protection Officer. For all privacy-related matters, contact: hello@proposetech.com

16. Updates

We may update this Privacy Policy from time to time. Where required by law, we will seek additional consent before implementing changes. Updates will be communicated via the app or website.