Privacy Policy
Last updated April 25, 2026
1. Introduction
myHEP.io (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our home exercise program management platform. We understand the sensitive nature of healthcare data and implement strict security measures to protect all information.
2. Information We Collect
Account information
- Professional credentials and licensing information
- Contact information (name, email, phone number)
- Clinic or practice information
- Authentication data (encrypted passwords)
Patient program data
- Patient name, email, and phone number (for HEP delivery only)
- Exercise programs and prescriptions you create
- Program sharing and access logs via secure share codes
- Custom exercise content and media you upload
Usage information
- Platform usage analytics and performance data
- Feature usage patterns to improve our service
- Error logs and technical diagnostics
3. How We Use Your Information
Service delivery
We use your information to provide and maintain the platform, enable creation and sharing of exercise programs, authenticate users, and generate patient portal links without requiring patient registration.
Communication
We send service-related notifications, provide customer support, share security or policy updates, and respond to your inquiries.
Improvement
We analyze usage patterns to improve functionality, develop new features, monitor performance, and ensure platform security.
4. Data Collection Scope
myHEP.io is designed as a platform for exercise program delivery. We only collect basic patient contact information (name, email, and phone number) necessary to deliver HEPs. No protected health information (PHI) or sensitive medical data is collected or stored.
5. Data Security
Encryption
All data is encrypted in transit using TLS. Sensitive data is encrypted at rest using AES-256. Database connections use encrypted channels.
Access controls
Secure authentication for healthcare providers, role-based access controls and permissions, and regular security audits.
Infrastructure
Hosted on secure cloud infrastructure with automated backups, disaster recovery, and intrusion detection systems.
7. Data Retention
We retain your information only as long as necessary:
- Account data: active period + 7 years after closure
- Exercise programs: per your preferences and legal requirements
- Usage analytics: aggregated data retained indefinitely
- Security logs: up to 2 years
8. Your Rights and Choices
Access and control
- View, update, or delete account information
- Export exercise programs and patient data
- Control sharing settings and notifications
- Revoke patient portal access codes
Data portability
- Request data in portable formats
- Transfer exercise library to other platforms
9. International Users
myHEP.io primarily serves healthcare providers in regions with appropriate data protection laws. By accessing our service from other regions, you consent to data transfer and processing according to this Privacy Policy.
10. Children's Privacy
myHEP.io is designed for healthcare professionals and not intended for direct use by children under 13. We do not knowingly collect personal information from children. Exercise programs for pediatric patients are created through the healthcare provider's account.
11. Policy Changes
We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. Continued use of the service after changes constitutes acceptance.
12. Contact
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Or use the contact form on our contact page.