Privacy Policy — Lugha Physio & Fitness

1. Who we are

Lugha Physio & Fitness ("we", "us", "our") provides virtual physiotherapy and rehabilitation services. You can reach us at hello@lughaphysio.com.

2. What we collect

Account data — name, email, password hash, role.
Booking data — appointments, physiotherapist, time slot, status.
Health information — intake notes and consultation notes you or your physio enter.
Payment data — handled by our payment processor; we store only references and status.
Technical data — IP, browser, error logs, used to keep the service reliable.

3. How we use it

To deliver care, schedule sessions, communicate with you, process payments, comply with the law, and improve the platform. We do not sell your data.

4. Legal bases

Performance of the care contract; your consent for health data; legitimate interest in operating and securing the service; legal obligation for tax and record-keeping.

5. Sharing

With your assigned physiotherapist, with infrastructure providers (hosting, database, email, video meeting, payments) under data-processing terms, and with authorities when legally required.

6. Retention

Clinical records are kept as long as required by the regulations applicable to your physio's jurisdiction (typically 7 years). Account data is kept while your account exists and for a short period after closure.

7. Your rights

You can request access, correction, deletion, export, or restriction of your data. Email hello@lughaphysio.com. We respond within 30 days.

8. Security

Data is encrypted in transit, access is restricted by row-level security, and consultation notes are visible only to you, your assigned physiotherapist, and administrators acting on your behalf.

9. International transfers

Our infrastructure is global. By using the service you accept that your data may be processed in jurisdictions outside your own, under appropriate safeguards.

10. Changes

We will post material changes to this page and, where appropriate, notify you by email.