Privacy Policy
Last updated: 4/21/2026

Your privacy and the security of healthcare data is our highest priority

1. Introduction

myHEP.io ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our home exercise program management platform. We understand the sensitive nature of healthcare data and implement strict security measures to protect all information.

2. Information We Collect

Account
Account Information

  • • Professional credentials and licensing information
  • • Contact information (name, email, phone number)
  • • Clinic or practice information
  • • Authentication data (encrypted passwords)

Patient Data
Patient Program Data

  • • Patient name, email, and phone number (for HEP delivery only)
  • • Exercise programs and prescriptions you create
  • • Program sharing and access logs via secure share codes
  • • Custom exercise content and media you upload
  • • HEP templates you create and save

Analytics
Usage Information

  • • Platform usage analytics and performance data
  • • Feature usage patterns to improve our service
  • • Error logs and technical diagnostics
  • • Session duration and frequency of use
3. How We Use Your Information

Service Delivery

  • • Provide and maintain the myHEP.io platform
  • • Enable creation and sharing of exercise programs via secure share codes
  • • Authenticate users and maintain account security
  • • Process and store your exercise library and templates
  • • Generate patient portal links without requiring patient registration

Communication

  • • Send service-related notifications and updates
  • • Provide customer support and technical assistance
  • • Share important security or policy updates
  • • Respond to your inquiries and feedback

Improvement and Analytics

  • • Analyze usage patterns to improve platform functionality
  • • Develop new features based on user needs
  • • Monitor system performance and reliability
  • • Ensure platform security and prevent abuse
Important
4. Data Collection Scope

myHEP.io is designed as a non-HIPAA compliant platform for exercise program delivery. We only collect basic patient contact information (name, email, and phone number) necessary to deliver Home Exercise Programs. No protected health information (PHI) or sensitive medical data is collected or stored.

Healthcare Provider Responsibility

Healthcare providers are responsible for ensuring their use of the platform complies with their professional requirements and applicable regulations. Providers should not input any protected health information or sensitive medical data into the platform.

5. Data Security

🔒
Encryption

  • • All data encrypted in transit using TLS
  • • Sensitive data encrypted at rest using AES-256
  • • Database connections use encrypted channels

🛡️
Access Controls

  • • Secure authentication for healthcare providers
  • • Role-based access controls and permissions
  • • Regular security audits and penetration testing
  • • Secure user session management

🏗️
Infrastructure Security

  • • Hosted on secure, compliant cloud infrastructure
  • • Regular security updates and patches
  • • Intrusion detection and monitoring systems
  • • Automated backup and disaster recovery
6. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

Patient Access

  • • Patients access programs through secure share codes
  • • No patient login or registration required
  • • Share codes can be time-limited or revoked
  • • Mobile-optimized portal access

Service Providers

  • • Trusted third-party services (Supabase, Vercel)
  • • Cloud hosting and database providers
  • • All bound by confidentiality agreements

Legal Requirements

  • • When required by law or legal process
  • • To protect the rights, property, or safety of myHEP.io or others
  • • In connection with business transfers
7. Data Retention

We retain your information only as long as necessary:

  • • Account data: Active period + 7 years after closure
  • • Exercise programs: Per your preferences and legal requirements
  • • Usage analytics: Aggregated data indefinitely
  • • Security logs: Up to 2 years for monitoring
8. Your Rights and Choices

Access and Control

  • • View, update, or delete account information
  • • Export exercise programs and patient data
  • • Control sharing settings and notifications
  • • Revoke patient portal access codes

Data Portability

  • • Request data in portable formats
  • • Transfer exercise library to other platforms
  • • Download patient program summaries
9. International Users

myHEP.io primarily serves healthcare providers in regions with appropriate data protection laws. By accessing our service from other regions, you consent to data transfer and processing according to this Privacy Policy.

10. Children's Privacy

myHEP.io is designed for healthcare professionals and not intended for direct use by children under 13. We do not knowingly collect personal information from children. Exercise programs for pediatric patients are created through the healthcare provider's account.

11. Policy Changes

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. We encourage regular review to stay informed about how we protect your information.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email
privacy@myhep.io
Support
support@myhep.io
Legal
legal@myhep.io

We take privacy concerns seriously and will respond to your inquiries promptly and thoroughly.

myHEP