What types of data does Physitrack process?
Physitrack is a platform designed from the ground up around privacy and security of both your own and your patient's data. All policies and engineering standards follow this principle. Further, Physitrack is not in the business of sharing data with third parties. Our revenue comes from subscriptions and enterprise features, plain and simple.
- Physitrack runs its applications and databases on Amazon Web Services (AWS). AWS operates perhaps the most secure data centers in the world.
- Data is stored in a database that is hosted in the same data center ("availability zone") as the server on which you use Physitrack. For example, if you use us.physitrack.com, both the application and the database are in the US, and if you use nl.physitrack.com, both the application and the database are in the EU.
- The database is encrypted "at rest" (AES-256) as well as "in flight" (when being transferred between your browser/device and our application).
- Physitrack makes two types of database backups: a real-time backup and a backup that is made every 24 hours. These backups are stored in a different data center from the online database to avoid data loss in case of a catastrophe.
- Backups are encrypted.
Note that Physitrack does not store any credit card information on its systems. Payments are processed by Stripe, our payment processor.
Data processing details
| Subject matter, nature and purpose of processing | The provision of the services to the customer |
| Duration | The duration of the agreement |
| Categories of personal data | Name, gender, year of birth, telephone number (optional for patients), email address (optional for patients), government ID number (only for Swedish customers), NHS ID (only for UK customers), access code & exercise program, outcome measures, adherence data and messages feedback, IP address and timestamp of various user actions, video call log, video call audio, diagnosis code, custom exercise videos and images, app preferences (e.g. preferred language) |
| Categories of data subjects | Customer’s patients who are end users of the platform |
| Data exporter | Physitrack PLC |
| Data importer | You |
Third-party vendors (subprocessors) that process data on behalf of Physitrack
List of subprocessors for Physitrack can be found here
Note: healthcare practitioners may choose to automatically share adherence details and exercise program information from Physitrack to their patient management system. This is done at the discretion and under the control of the clinic or healthcare practitioner.