Privacy and Security Policy

Introduction

PhysednHealth (“we”, “us”, “our”) is committed to protecting the privacy and security of all our users, with special emphasis on safeguarding children’s privacy rights. This policy describes our practices for collecting, using, protecting, and sharing information.

1. Regulatory Compliance

Global Compliance Framework

We maintain compliance with major privacy regulations worldwide:

  • Family Educational Rights and Privacy Act (FERPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Digital Personal Data Protection Act (DPDP)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Section 508 Accessibility Standards

State-Specific Compliance

We comply with state-specific privacy requirements including:

  • New York SHIELD Act
  • Illinois School Student Records Act (ISSRA)
  • Illinois Student Online Personal Protection Act (SOPPA)
  • Illinois Identity Protection Act (IPA)
  • Illinois Personal Information Protection Act (PIPA)

2. Information Collection and Processing

Types of Information We Collect

  • Registration Information: Name, date of birth, email address, postal address
  • Account Credentials: Username and password
  • Demographic Information: Gender, preferred language
  • Contact Information: Phone numbers, email addresses
  • Health and Fitness Data: Height, weight, physical condition
  • Technical Data: Device information, IP address, cookies
  • Usage Data: Activity logs, preferences, interaction data

Legal Basis for Processing

Under GDPR and similar regulations, we process personal data based on:

  • Explicit consent
  • Contractual necessity
  • Legal obligations
  • Legitimate interests
  • Public interest
  • Vital interests of the data subject

Automated Decision Making

We employ automated processing for:

  • Exercise program customization
  • Performance analytics
  • Health recommendations

You have the right to:

  • Obtain human intervention
  • Express your point of view
  • Contest automated decisions

3. Data Protection Measures

Technical Safeguards

  • Bank-level encryption (AES-256) for data at rest and in transit
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Continuous monitoring and threat detection
  • Regular backup and disaster recovery procedures

Administrative Controls

  • Role-based access control
  • Regular employee privacy training
  • Background checks for employees
  • Confidentiality agreements
  • Incident response procedures

Physical Security

  • Secured data centers
  • Access control systems
  • Environmental controls
  • Surveillance systems
  • Asset management

4. Cookie Policy

Cookie Categories

  1. Essential Cookies
    • Required for basic site functionality
    • Cannot be disabled
  2. Functional Cookies
    • Remember preferences
    • Improve user experience
    • Can be disabled but may limit functionality
  3. Analytics Cookies
    • Track site usage
    • Help improve performance
    • Can be disabled
  4. Marketing Cookies
    • Support personalized content
    • Track across websites
    • Can be disabled

Cookie Management

  • Browser settings can be adjusted to manage cookies
  • Cookie consent can be modified at any time
  • “Do Not Track” signals are respected

5. Student Data Privacy Protection

Educational Institution Data Access

  • We receive student data exclusively through authorized educational institutions
  • All data collection and processing is governed by our agreements with educational institutions
  • We act as a School Official with legitimate educational interest as defined by FERPA
  • We do not collect student personal information directly from students or parents

Compliance Framework for Student Data

  • All data handling complies with FERPA requirements
  • Processing adheres to state-specific student privacy laws including ISSRA and SOPPA
  • Special protections applied for students under 13 (COPPA compliance)
  • Educational institution agreements specify authorized data uses

Data Use Limitations

  • Student data used solely for authorized educational purposes
  • No commercial use of student personal information
  • No creation of student profiles except for educational purposes
  • No sale or unauthorized sharing of student information

Parent and Student Rights

  • Parents retain FERPA rights through their educational institutions
  • Access and correction requests should be directed to the relevant school
  • Schools maintain control over student data sharing and deletion
  • We assist educational institutions in fulfilling parent/student privacy requests

6. User Rights

Access Rights

  • Right to access personal data
  • Right to data portability
  • Right to correct inaccurate data
  • Right to delete personal data

Control Rights

  • Right to withdraw consent
  • Right to restrict processing
  • Right to object to processing
  • Right to opt-out of data sales

Response Timeframes

  • Initial response within 48 hours
  • Complete response within 30 days
  • Extension possible up to 60 days with notice

7. Data Sharing and International Transfers

Third-Party Sharing

  • Limited to necessary service providers
  • Subject to strict data processing agreements
  • No sale of personal information
  • Regular audit of third-party compliance

International Transfers

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs)
  • Privacy Shield Framework principles
  • Regular transfer impact assessments

8. Data Security Incident Management

Breach Notification

  • Affected users notified within 72 hours
  • Regulatory authorities notified as required
  • Detailed incident reports maintained
  • Regular testing of response procedures

9. Accountability and Governance

Privacy Leadership

  • Designated Data Protection Officer (DPO)
  • Privacy steering committee
  • Regular privacy impact assessments
  • Annual policy reviews

Documentation and Records

  • Processing activities register
  • Consent records
  • Impact assessments
  • Audit trails

10. Contact Information

Privacy Inquiries

Email: awesome@physednhealth.com Phone: 202-579-9172 Mail: Privacy Officer, PhysednHealth 7722 Fishing Creek Way, Clinton, MD 20735

Regulatory Contacts

For unresolved privacy concerns:

  • EU: European Data Protection Board
  • US: Federal Trade Commission
  • California: Attorney General’s Office

Changes to This Policy

We reserve the right to update this policy at any time. Material changes will be notified to users via email or site notification. Continued use of our services after changes constitutes acceptance of the updated policy.

Effective Date

This policy is effective as of January 17, 2025, and supersedes all previous versions.

Ignite Passion for Movement. Foster Inclusivity. Build Healthy Habits

Physedn Health Footer Logo

Feel free to call us anytime, 24/7. Our team is always happy to assist with your queries

Subscribe To Newsletter

Mailclimp Form