Legal

Privacy Policy

How we collect, use, and protect your data.

Last updated: March 2026

1. Data Controller

The data controller for your personal data is:

Bandcizer ApS

Tjærebyvej 61

DK-4000 Roskilde, Denmark

CVR: 38870157

info@bandcizer.io

+45 4362 6243

2. What Data We Collect

Website Visitors

When you visit bandcizer.io, we may collect:

  • Technical data: IP address, browser type, device type, operating system
  • Usage data: pages visited, time on site, referral source
  • Contact form submissions: name, email, clinic name, and your message

Clinic Administrators (PT Dashboard)

When you use the Bandcizer PT Dashboard, we collect:

  • Account information: name, email, clinic name, role
  • Professional information: clinic address, practitioner details
  • Usage data: login times, features used, dashboard activity

Patients (via the Bandcizer App)

When patients use the Bandcizer app with a sensor, we collect:

  • Account information: name (as entered by the prescribing PT)
  • Exercise data: force output (Newtons), time under tension, repetitions, sets, quality scores, session timestamps
  • Sensor data: raw capacitive measurements captured at 20Hz during exercise sessions
  • Device data: app version, phone model, BLE connection logs

Patient data is always scoped to the prescribing clinic. Patients are enrolled by their physiotherapist — they do not create accounts independently.

3. How We Use Your Data

We use personal data for the following purposes:

Service deliveryProviding the Bandcizer sensor platform, PT dashboard, and patient app
Clinical reportingGenerating exercise adherence reports, quality scores, and force progression data for the prescribing physiotherapist
CommunicationResponding to contact form enquiries, sending service updates
Platform improvementAnalysing aggregated, anonymised usage patterns to improve the product
Legal complianceMeeting regulatory obligations

4. Legal Basis for Processing

We process personal data under the following legal bases (GDPR Article 6):

Contract performance (Art. 6(1)(b))

Processing necessary to deliver the Bandcizer service to clinics and their patients

Legitimate interest (Art. 6(1)(f))

Website analytics, product improvement, and fraud prevention

Consent (Art. 6(1)(a))

Marketing communications (where applicable)

Legal obligation (Art. 6(1)(c))

Tax, accounting, and regulatory requirements

Health Data

Exercise performance data (force, repetitions, adherence scores) may constitute health-related data under GDPR Article 9. This data is processed on the basis of:

  • Explicit consent — obtained by the prescribing clinic as part of the patient enrolment process
  • Healthcare provision (Art. 9(2)(h)) — processing necessary for the provision of health care under the responsibility of a healthcare professional

5. Data Sharing

We do not sell personal data. We share data only with:

The prescribing clinic

Patient exercise data is visible to the clinical team at the organisation that enrolled the patient.

Infrastructure providers

Hosting (EU-based), email delivery, and analytics services — all bound by data processing agreements.

Legal authorities

When required by Danish or EU law.

Patient data is never shared across clinics. Each organisation's data is fully isolated.

6. Data Storage and Security

All data stored on servers within the European Union
Encrypted in transit (TLS) and at rest
Access restricted to authorised clinic staff
Regular security reviews and access logs

7. Data Retention

Active accountsData retained for the duration of the clinic’s subscription
After subscription endsClinical data retained for 30 days, then permanently deleted unless the clinic requests earlier deletion or extended retention for clinical records
Contact form enquiriesRetained for 12 months
Website analyticsAggregated and anonymised after 26 months

8. Your Rights

Under GDPR, you have the right to:

Access

Request a copy of your personal data

Rectification

Correct inaccurate data

Erasure

Request deletion ("right to be forgotten")

Restriction

Limit how we process your data

Portability

Receive data in a machine-readable format

Objection

Object to processing based on legitimate interest

To exercise any of these rights, contact us at info@bandcizer.io.

For patients

Your exercise data is managed by your prescribing clinic. Contact your physiotherapist or clinic directly for data access requests. We will assist clinics in fulfilling these requests.

9. Cookies

We use cookies and similar technologies on this website. For full details, see our Cookie Policy.

10. Children's Privacy

Bandcizer is a clinical tool prescribed by healthcare professionals. Patient enrolment is performed by the treating physiotherapist, not by the patient. Where a patient is under 16, the prescribing clinic is responsible for obtaining appropriate parental consent.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via the PT dashboard or email to registered clinic accounts. The "last updated" date at the top reflects the most recent revision.

12. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Danish Data Protection Agency:

Datatilsynet

Carl Jacobsens Vej 35

DK-2500 Valby, Denmark

www.datatilsynet.dk

13. Contact

For any privacy-related questions, contact:

Bandcizer ApS

Tjærebyvej 61

DK-4000 Roskilde, Denmark

info@bandcizer.io

+45 4362 6243

Ready to upgrade your clinic?

Join physiotherapists across the Nordics using objective data to drive better patient outcomes.

Request a Demo