PhysidexPhysidex

Privacy Policy

Effective Date: March 23, 2026

This Privacy Policy explains how Physidex collects, uses, stores, and protects data when physiotherapists use our application.

1. Introduction

Physidex is a practice management application for physiotherapists. We are committed to protecting personal and health-related information processed through the platform.

2. We Collect the Following Information

2.1 Account Data (Signup/Login Information)

We collect and store physiotherapist account fields including name, age, sex, phone number, email, encrypted password, address, account role, subscription plan, account status, last login time, and account timestamps.

2.2 Physiotherapist Data

We collect profile and operational data linked to each physiotherapist account so the app can provide patient management, attendance tracking, and billing workflows.

2.3 Patient Data (Including Health Information)

Physiotherapists may store patient identity and contact details, assessment details, clinical notes, attendance records, visit notes, visit dates, session amount details, payment status, and payment dates.

2.4 Payment Data

Physidex stores in-app payment tracking fields such as session amount, paid status, and paid date for record-keeping. As of now, we do not integrate third-party payment gateways and do not store card or bank credentials.

2.5 Technical and Usage Data

We may log operational metadata such as account activity state and login timestamps required for account security, auditability, and system reliability.

3. How We Use the Information

We use collected data to:

  • Provide core app functionality for practice management.
  • Maintain user authentication and account security.
  • Store and display patient treatment and attendance records.
  • Support billing and payment status tracking.
  • Maintain backups, logs, and platform reliability.

4. Data Sharing and Disclosure

Physidex does not sell, rent, or share data with external services for marketing or analytics purposes. As of now, we do not use third-party services for analytics, hosting-level data sharing, or payment data processing beyond the app database.

5. Data Storage and Security

Data is stored securely and protected using encryption in the database. We use access controls and security practices designed to prevent unauthorized access, alteration, disclosure, or loss of data.

6. Data Retention

We retain data for as long as the account remains active or as needed to provide the service and meet legal obligations. Certain records may be retained in soft-deleted form for continuity, compliance, and audit needs.

7. User Rights (Access, Update, Delete)

We allow users to request:

  • Access their account and stored data.
  • Update inaccurate or incomplete information.
  • Delete account data, subject to legal and operational retention requirements.

8. Patient Data Responsibility

Physiotherapists are responsible for ensuring they have a valid legal basis and required patient consent before entering patient personal or health data into Physidex.

9. Role of Physidex

Physidex acts as a data processor/service provider for data entered by physiotherapists. The physiotherapist remains the primary data controller/owner of patient records they input and manage.

10. Sensitive Health Data Handling

Patient assessments, notes, and treatment-related records are treated as sensitive data and handled with elevated security and confidentiality controls.

11. Cookies and Tracking

Physidex currently does not use advertising cookies or third-party tracking technologies. Only essential, minimal technical mechanisms needed for application functionality and session management may be used.

12. Third-Party Services

As of this effective date, Physidex does not use third-party services for payments, analytics, or external data sharing.

13. Legal Basis and Compliance

We process data in line with applicable privacy requirements, including the Digital Personal Data Protection Act, 2023 (India), and may align with GDPR principles where relevant to user location or use context.

14. Children's Privacy

Physidex is not intended for direct use by children. Where patient records involve minors, the physiotherapist is responsible for obtaining legally valid guardian/parent consent where required.

15. Data Deletion Process (On Account Deletion)

Upon account deletion request, we process deletion or deactivation of account-linked data in accordance with legal obligations, security logs, and required retention periods.

16. International Data Transfers

Currently, Physidex is intended for domestic operations. If cross-border processing is introduced in the future, appropriate safeguards and lawful transfer mechanisms will be applied.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated effective date on this page.

18. Contact Information

For privacy-related questions or requests, contact us at info@physidex.in or phone +91-859 2 859 654.