Privacy Policy
Last updated: 27 June 2026
This Privacy Policy explains what personal data we collect, why, how we protect it, and the rights you have — including under the EU/UK GDPR, the California CCPA/CPRA, and India’s DPDP Act, 2023.
1. Who is responsible for your data
The data controller is [Operating entity name], [registered address] (“we”). For privacy questions, contact our privacy team at privacy@atrehabcare.com. [If you are in the EU/UK and we are required to appoint a representative or Data Protection Officer, their details go here.]
2. The data we collect
- Account data — name, email, password (stored only as a secure hash), and account type.
- Assessment data — answers you give in the AT Needs Assessment, an optional subject name, and the AI-generated guidance saved to your dashboard.
- Content you create — reviews, ratings and community posts.
- Usage and search data — search queries (used in aggregate to improve the service) and basic technical logs.
- Analytics data — we use Google Analytics (GA4), which sets cookies and collects pseudonymous identifiers, device/browser information and the pages you visit, to understand usage in aggregate (see our Cookie Policy).
- Local storage — your sign-in session and accessibility preferences are stored in your browser (see our Cookie Policy).
Some information you choose to enter (for example, in an assessment) may relate to health or disability. Where it does, we treat it as a special category / sensitive personal data and apply additional protection.
3. How we use your data and our legal bases (GDPR Article 6/9)
- To provide the service (accounts, assessments, saving results) — performance of a contract.
- To moderate content and keep the community safe — legitimate interests.
- To send service notifications and emails you’ve opted into — contract / consent.
- To improve the service (e.g. aggregate, de-identified search trends) — legitimate interests.
- To process health-related/sensitive information you submit — your explicit consent, which you may withdraw at any time.
- To meet legal obligations — compliance with law.
4. Sharing and processors
We do not sell your personal data. We share it only with service providers (“processors”) who help us run the platform — for example hosting, database, email delivery and analytics (Google Analytics) — under contracts that require them to protect it and use it only on our instructions. We may disclose data where required by law or to protect rights and safety.
5. International transfers
Your data may be processed in countries other than your own. Where we transfer personal data out of the EU/UK or other restricted regions, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) or an adequacy decision.
6. Retention
We keep personal data only as long as needed for the purposes above or as required by law. You can delete saved assessment results at any time, and you can ask us to delete your account.
7. Security
We use technical and organisational measures including encryption in transit, hashed passwords, role-based access control and least-privilege access. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of breaches where the law requires.
8. Your rights — EU / UK (GDPR)
If you are in the EU, EEA or UK, you have the right to:
- access a copy of your personal data;
- rectify inaccurate data and complete incomplete data;
- erase your data (“right to be forgotten”);
- restrict or object to certain processing, including processing based on legitimate interests;
- data portability (receive your data in a portable format);
- withdraw consent at any time, without affecting prior processing; and
- lodge a complaint with your supervisory authority.
9. Your rights — California (CCPA/CPRA)
If you are a California resident, you have the right to:
- know what personal information we collect, use and disclose;
- access and delete your personal information;
- correct inaccurate personal information;
- opt out of the “sale” or “sharing” of personal information; and
- limit the use of sensitive personal information.
We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not use it for cross-context behavioural advertising. We will not discriminate against you for exercising your rights. You may use an authorised agent, and we honour browser Global Privacy Control (GPC) signals as opt-out requests where applicable.
10. Your rights — India (DPDP Act, 2023)
If you are in India, you have the right to access, correct, update and erase your personal data, to grievance redressal, and to nominate another person to exercise your rights. You may withdraw consent at any time. Contact our Grievance Officer at grievance@atrehabcare.com. [Insert Grievance Officer name and address as required.]
11. How to exercise your rights
Email privacy@atrehabcare.com. We will verify your identity and respond within the timeframes required by applicable law (generally within 30–45 days). These rights are free to exercise, subject to legal limits on excessive or repetitive requests.
12. Children
The Service is intended for adults, and for carers, parents, educators and professionals acting on behalf of a person with a disability. We do not knowingly collect data directly from children without appropriate consent.
13. Changes
We may update this policy; material changes will be posted here with a new “last updated” date.
14. Contact
Privacy enquiries: privacy@atrehabcare.com.