De Novo Orthopedics

Privacy Policy

Last Updated: 2026-02-11

De Novo Orthopedics Inc. ("Company") values your privacy. This policy explains how we collect, use, store, and protect your personal data.

Data Collection

We collect the following types of data:

  • Account information: email, company name, contact name
  • Usage data: login records, feature usage statistics
  • Device information: device type, OS version
  • Business data: inventory records, site information, equipment lists you enter

Data Storage

Your data security is our top priority:

  • Cloud data is stored on Cloudflare's global edge network
  • All transfers use TLS encryption, data at rest uses AES-256 encryption
  • Offline data is cached locally on your device and uploaded to cloud after sync

Data Usage

We only use your data for the following purposes:

  • Providing and maintaining service functionality
  • Improving product experience and performance
  • Responding to your support requests
  • Complying with legal obligations

We never sell your personal data to third parties.

Your Rights

You have the following rights regarding your data:

Data Export

Export all your data to CSV or Excel format anytime

Data Deletion

Request deletion of your account and all related data

Data Access

View the personal data we hold about you

Data Portability

Transfer your data to other services

iRehab Medical Data

Medical data processed by the iRehab system receives additional protection:

  • Wound photos: stored in Google Drive, accessible only by your physician and authorized PT
  • Pain reports (VAS) and exercise logs: stored in Firestore, linked to your CareEpisode
  • PROM questionnaire results: stored in Firestore, used only for clinical assessment
  • Lifestyle photos on progress cards: processed entirely on your device, never uploaded to any server
  • Access control: only your attending physician and their authorized physical therapist can view your rehabilitation records. Other physicians cannot access your data. The De Novo team accesses data only for technical support, never for clinical use
  • All data can be exported anytime in JSON format, export is always free
  • AI tool access: your physician may use AI tools to analyze rehab data. AI can only read data already authorized to the physician; PII (ID, phone) is stripped before reaching AI; AI output is advisory only
  • API Tokens: physicians can generate API tokens for AI tools. Tokens stored as SHA-256 hash only, never plaintext. Revocable anytime
  • Push notifications: uses W3C Web Push API standard, no third-party services. Only sends rehab reminders, no ads. You can disable anytime
  • After you stop using the service, you can request permanent deletion of all data. No contracts, no cancellation fees

Data Retention

We retain your data while your account is active. After account cancellation, data is kept for 30 days for export, then permanently deleted.

Cookies

We use essential cookies to maintain your login state and preferences. We do not use tracking cookies or third-party advertising cookies.

Contact Us

For any privacy-related questions, please contact:

service@denovortho.com

Lifeboat Promise

We believe great products keep users through value, not lock-in. Your data is always yours — one-click export, leave whenever you want. This isn't just policy, it's our promise.

Back to Home