Privacy Policy

Last updated: January 27, 2025

1. Introduction

SuloMotion ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, mobile application, website, and related services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any modifications constitutes your acceptance of the updated Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use the Service, we may collect the following personal information:

  • Name — Your full name as provided during registration.
  • Date of Birth — Used to verify eligibility and, where applicable, to provide age-appropriate experiences.
  • Age — Derived from your date of birth or provided directly.
  • Diagnosis Information — Medical or therapeutic diagnosis information you choose to provide to help therapists and caregivers coordinate care through the Service.
  • Email Address — For account registration, communication, and waitlist participation.
  • Contact Information — Any additional contact details you voluntarily provide.

2.2 Video and Movement Data

When you use our AI-powered movement analysis features, we collect:

  • Analysis Videos — Video recordings of physical therapy exercises that you voluntarily record and upload through the Service. You retain full control over these videos, including the ability to delete them at any time.
  • Skeleton/Joint-Point Data — De-identified skeletal pose data generated by our AI from your video recordings. This data represents abstract joint positions and angles without any personally identifiable visual information (no facial features, skin, clothing, body appearance, or background imagery).

Your Video Control Options: You may choose to retain only the skeleton-based analysis results and not store the original video footage. When you select this option, only the de-identified skeleton data is retained, and the original video is not stored on our servers. You have full control over your video data and may delete any stored videos at any time through the Service.

2.3 Usage and Exercise Data

We collect data related to your use of the Service, including:

  • Exercise logs and workout history
  • Progress tracking data and streaks
  • Journal entries and caregiver observations
  • Communication between users and therapists within the platform

2.4 Automatically Collected Information

When you access the Service, we may automatically collect:

  • Device information (device type, operating system, unique device identifiers)
  • Log data (access times, pages viewed, IP address, referring URL)
  • Analytics data collected through privacy-friendly analytics tools (we use Plausible Analytics, which does not use cookies and does not collect personal data)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • To create and manage your account
  • To provide AI-powered movement analysis and progress tracking
  • To facilitate communication between caregivers, families, and therapists
  • To assign and track exercises
  • To display progress dashboards and reports

3.2 Research and Improvement

  • Skeleton Data for Training: We use de-identified skeleton/joint-point data to train and improve our AI and machine learning models. This skeleton data contains no personally identifiable visual information — it consists solely of abstract joint coordinates and angles.
  • We do NOT use your personal video footage (containing your face, body, clothing, or surroundings) for AI training, research, or any purpose beyond providing the Service to you.
  • Aggregated, anonymized usage statistics to improve the Service

3.3 Communication

  • To send you service-related notices and updates
  • To respond to your inquiries and support requests
  • To send promotional communications (with your consent, and you may opt out at any time)

3.4 Legal and Safety

  • To comply with applicable laws and regulations
  • To enforce our Terms of Service
  • To protect the safety, rights, and property of SuloMotion, our users, and the public

4. Health Information Disclaimer

The diagnosis information and health-related data you provide through the Service is used solely to facilitate therapy tracking and caregiver-therapist communication. SuloMotion is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and does not claim to be HIPAA-compliant. The Service is not intended to store, transmit, or process Protected Health Information (PHI) as defined under HIPAA.

By providing diagnosis information or other health-related data, you acknowledge that you do so voluntarily and at your own discretion. You should not provide information through the Service that you would not want stored on a cloud-based platform. If you require HIPAA-compliant storage or communication for your health records, please consult with your healthcare provider about appropriate alternatives.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Your Consent: We share information between connected accounts (e.g., between a caregiver and a therapist) as directed by you through the Service's communication and sharing features.
  • Service Providers: We may share information with third-party service providers who perform services on our behalf (e.g., cloud hosting, data analytics, email delivery). These providers are contractually obligated to protect your information and may only use it for the purposes we specify.
  • Legal Requirements: We may disclose your information if required to do so by law, in response to valid legal process (e.g., subpoena, court order), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • De-identified Data: We may share aggregated or de-identified data (including skeleton/joint-point data) that cannot reasonably be used to identify you, for research, academic, or industry purposes.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may delete your account and request deletion of your personal data at any time by contacting us.

Upon account deletion:

  • Your personal information (name, date of birth, diagnosis, contact details) will be deleted within 30 days.
  • Your stored analysis videos will be permanently deleted.
  • De-identified skeleton/joint-point data that has already been incorporated into our research and AI training datasets may be retained, as it cannot be used to identify you.
  • We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution) for a period not to exceed what is legally required.

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. You acknowledge and accept this inherent risk when providing information through the Service.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-Out: Opt out of promotional communications at any time.
  • Video Control: Choose to retain only skeleton analysis data and delete original video footage at any time. You may also choose to receive only skeleton-based results for future analyses.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

To exercise any of these rights, please contact us at younus@sulomotion.com. We will respond to your request within 30 days.

9. Children's Privacy

The Service may be used by parents, guardians, and caregivers to track therapy progress for minors. We do not knowingly collect personal information directly from children under the age of 13 without verifiable parental consent. All accounts must be created by individuals who are at least 18 years old.

When a parent, guardian, or caregiver enters information about a minor (including name, date of birth, age, and diagnosis), the parent or guardian is responsible for ensuring they have the legal authority to provide such information and consent to its processing.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13 without proper consent, please contact us immediately.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale or sharing of your personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.
  • The right to limit use and disclosure of sensitive personal information.

To exercise your California privacy rights, contact us at younus@sulomotion.com.

11. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to access, rectify, erase, restrict processing, and port your data.
  • The right to object to processing based on legitimate interests.
  • The right to lodge a complaint with your local data protection authority.

Our legal bases for processing your personal information include: (a) your consent; (b) performance of a contract (providing the Service); (c) compliance with legal obligations; and (d) our legitimate interests in operating and improving the Service, provided they are not overridden by your data protection rights.

If your data is transferred outside the EEA, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses or other approved mechanisms.

12. Cookies and Tracking Technologies

Our website uses Plausible Analytics, a privacy-friendly analytics service that does not use cookies and does not collect personal data. We do not use advertising cookies or third-party tracking cookies on our website.

The Service (mobile application) may use essential cookies or local storage mechanisms strictly necessary for the functioning of the Service, such as maintaining your login session. These are not used for tracking or advertising purposes.

13. Third-Party Links and Services

The Service may contain links to or integrate with third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

14. Data Breach Notification

In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and in accordance with applicable data breach notification laws. We will also notify relevant regulatory authorities as required by law.

15. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, we do not currently respond to DNT signals. However, our use of privacy-friendly analytics (Plausible) means we do not engage in cross-site tracking regardless of DNT settings.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SuloMotion
Email: younus@sulomotion.com

For GDPR-related inquiries, you may also contact your local data protection authority.