Privacy Policy

Effective date: October 12, 2025.

This Privacy Policy describes how SkyFlight d.o.o. collects, uses, and protects your information when you use our AI physiotherapy platform.

Information We Collect

Account Information

When registering, we collect your name, email address, phone number, company name (for professionals), and billing information.

Health Data and Exercise Data

We collect data related to your exercises, rehabilitation progress, AI movement analysis results, and therapy plans prescribed by physiotherapists/physiatrists.

Device and Usage Data

We automatically collect device information, IP address, browser type, application usage statistics, and interaction data.

Biometric Data

With your consent, we collect biometric data from connected smartwatches (heart rate, activity levels).

How We Use Your Information

We use your information to:

  • Provide personalized physiotherapy and rehabilitation services
  • Analyze movement patterns using AI for exercise feedback
  • Enable physiotherapists to monitor patient progress
  • Send notifications about exercise schedules and progress
  • Improve our AI algorithms and platform functionality
  • Comply with legal and regulatory requirements
  • Communicate with you about service updates and support

Data Sharing

We share your data only in the following cases:

  • With your assigned healthcare or fitness professional(s) for therapeutic and training purposes
  • With trusted service providers (cloud hosting, payment processing) under strict confidentiality agreements
  • When required by law or legal process
  • With your explicit consent for research purposes (anonymized data only)

Note: We never sell your personal or health data to third parties.

Data Controller and Processor Roles

FiTepAI operates as a data processor providing a platform for healthcare and fitness professionals (physiotherapists, kinesiologists, personal trainers, gyms, sports centers, clinics). The professional organizations using our platform are the data controllers responsible for the personal data they collect and enter into the system.

  • Platform data (automatically collected): Email addresses of professionals, AI movement analysis, device/usage data, QR code connections between users and professionals. FiTepAI is the data controller for this data.
  • Client/patient data (entered by professionals): Names, health information, treatment details, and any other personal data entered by professionals. The professional organization is the data controller and responsible for this data.
  • Data deletion requests: Users may request deletion of their data by emailing us from their registered email address. The request will be processed in coordination with the professional organization that entered the data.
  • Free users: All exercise data is stored locally on your device only. FiTepAI does not collect or store any data from free users.

Cookies and Tracking

We use cookies and similar technologies for authentication, settings, analytics, and service improvement. You can control cookies through your browser settings. See our Cookie Policy for details.

Data Security

We implement industry-standard security measures including encryption, secure servers, regular security audits, and access controls. However, no method of transmission over the internet is 100% secure.

Data Retention

We retain platform data (data we control) for the following periods. Professional organizations are responsible for retention policies of client/patient data they enter:

  • Professional account information: Retained for as long as the professional account is active. Upon account deletion, data is permanently removed within 30 days.
  • AI movement analysis data (skeletal coordinates): Retained for the duration of active treatment. No video or images are stored — only position data.
  • Device and usage data: Retained for up to 24 months for analytics and service improvement, then anonymized or deleted.
  • QR code connections: Retained while the professional-client relationship is active.
  • Billing information: Retained as required by tax and accounting regulations (minimum 5 years under Croatian law).
  • Client/patient data entered by professionals: Retention period is determined by the professional organization (data controller). Minimum retention may be required by healthcare regulations (typically 10 years for medical records in Croatia).
  • Free user exercise data: Stored locally on device only. No data transmitted to our servers.

Note: Users may request deletion by emailing from their registered address. Requests are processed within 30 days in coordination with the relevant professional organization, except where retention is legally required.

Your Privacy Rights

You can request access to, correction, or deletion of your personal data by contacting us. You can also unsubscribe from promotional communications at any time.

Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification. Continued use after changes constitutes acceptance.

Contact Us

For privacy-related questions or concerns, contact us via contact form or +385 98 598 302

GDPR

Learn about our GDPR compliance

Cookies

How we use cookies

Terms

Read our terms of use