01 Introduction
Welcome to Attend 2, a stroke rehabilitation assistant application developed by the Department of Physical Medicine & Rehabilitation, Christian Medical College (CMC), Ludhiana, Punjab, India.
This Privacy Policy explains how we collect, use, store, and protect your personal and health-related information when you use the Attend 2 mobile application ("App"). By using the App, you consent to the practices described in this policy.
We are committed to safeguarding the privacy of our patients, doctors, and caregivers who use this application as part of their stroke rehabilitation journey.
02 Information We Collect
Personal Information
| Data Type | Details |
|---|---|
| Identity | Full name, date of birth, gender |
| Contact | Email address, mobile number, residence number, postal address |
| Account | Profile photo, user role (patient / doctor / admin) |
| Emergency contacts | Alternate contact name and phone number |
Health & Clinical Data
| Data Type | Details |
|---|---|
| Stroke information | Onset date, stroke type (ischemic / hemorrhagic), classification, side affected |
| Clinical assessments | FMA scores, ARAT scores, and progress tracking |
| Conditions | Shoulder subluxation, pain level, CRPS, cognition status, perceptual issues, pressure sores, spasticity, seizures, aphasia |
| Rehabilitation data | Exercise completion logs, weekly plans, assigned exercises |
Usage & Device Data
- App usage logs and activity timestamps
- Device information (for push notifications via FCM tokens)
- Preferred language settings
- Video call metadata (call duration, timestamps)
Media
- Profile photographs captured or uploaded by you
- Audio recordings submitted through patient support queries
- Educational material PDFs and exercise videos (provided by clinicians)
03 How We Use Your Information
Your information is used exclusively for the following purposes:
- Clinical care: Facilitating stroke rehabilitation by connecting patients with their assigned doctors and therapists
- Personalized exercise plans: Creating and tracking weekly rehabilitation exercise programs
- Video consultations: Enabling real-time video calls between patients and clinicians
- Progress monitoring: Recording clinical scores (FMA, ARAT) and exercise completion to track recovery
- Notifications: Sending appointment reminders, exercise reminders, and important clinical updates
- Patient queries: Allowing patients to submit questions (text and audio) to their care team
- App improvement: Understanding usage patterns to improve the rehabilitation experience
04 Data Storage & Security
We take the security of your data seriously and employ the following measures:
- Cloud infrastructure: Data is stored on Google Firebase (Cloud Firestore, Firebase Storage) with encryption at rest and in transit
- Authentication: Access is protected through Firebase Authentication with email/password and phone OTP verification
- App integrity: Firebase App Check (Play Integrity on Android, App Attest on iOS) ensures that only authentic app instances can access backend services
- Role-based access: Data access is restricted based on user roles — patients can only view their own data, while doctors can access data of patients assigned to them
- Local storage: Minimal session data is stored locally on your device for app functionality
05 App Permissions
The App requests the following device permissions, each used for a specific purpose:
| Permission | Purpose |
|---|---|
| Camera | Video consultations with doctors; capturing profile photos |
| Microphone | Video consultations; recording audio for patient support queries |
| Storage | Accessing and saving exercise videos, PDFs, and images |
| Notifications | Receiving appointment reminders, exercise notifications, and clinical updates |
| SMS | Auto-reading OTP codes during phone number verification |
| Internet | Connecting to cloud services for data sync, video calls, and notifications |
You can manage these permissions at any time through your device settings. Revoking certain permissions may limit app functionality.
06 Third-Party Services
The App integrates with the following third-party services:
| Service | Provider | Purpose |
|---|---|---|
| Firebase | Google LLC | Authentication, database, file storage, push notifications, and app security |
| Agora RTC | Agora.io | Real-time video and audio calls between patients and doctors |
| Google Fonts | Google LLC | Typography and font rendering |
Each third-party service operates under its own privacy policy. We encourage you to review:
07 Data Sharing & Disclosure
We do not sell, trade, or rent your personal or health data to any third party.
Your data may be shared only in the following circumstances:
- Within your care team: Your assigned doctors and therapists at CMC Ludhiana can access your rehabilitation data to provide clinical care
- With your consent: If you explicitly authorize sharing with other healthcare providers
- Legal obligations: When required by applicable Indian law, court order, or regulatory authority
- Anonymized research: De-identified, aggregated data may be used for medical research and stroke rehabilitation studies at CMC Ludhiana, with appropriate ethical approvals
08 Data Retention
Your personal and clinical data is retained for as long as your account is active and as required for ongoing clinical care. Specifically:
- Clinical records are retained in accordance with the Indian Medical Council regulations and institutional policies of CMC Ludhiana
- Exercise logs and progress data are retained for the duration of your rehabilitation program
- You may request deletion of your account and associated data by contacting us (see section 12)
- Upon account deletion, your personal data will be removed within 90 days, except where retention is required by law or clinical necessity
09 Your Rights
Under applicable data protection regulations, you have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate or incomplete data
- Deletion — Request deletion of your personal data, subject to legal and clinical retention requirements
- Withdraw consent — Withdraw your consent for data processing at any time
- Data portability — Request your data in a structured, commonly used format
- Restrict processing — Request restriction of processing in certain circumstances
To exercise any of these rights, please contact us using the details in section 12 below.
10 Children's Privacy
Attend 2 is designed for adult stroke rehabilitation patients, their caregivers, and healthcare professionals. We do not knowingly collect personal information from children under 18 years of age. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you through the App or by other appropriate means.
We encourage you to review this page periodically. The "Effective Date" at the top of this page indicates when this policy was last updated.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
| Institution | Christian Medical College (CMC), Ludhiana |
| Department | Physical Medicine & Rehabilitation |
| Address | Brown Road, Ludhiana, Punjab 141008, India |
| attend2.cmc@gmail.com |