Privacy policy
Last updated:
Introduction
This Privacy Policy explains how Regex Development (legal entity UAB Regeksas, company code 304506934, registered in Lithuania) collects, uses, and protects personal information through its Remote Patient Monitoring (RPM) system and related digital health services.
Our platform enables healthcare providers within the European Union to remotely monitor patients’ health metrics and activity data collected from connected devices and health-data platforms.
Each participating patient signs a separate participation agreement with their healthcare provider, defining the scope of monitoring and data sharing. Regex Development acts as a technical service provider (data processor), processing data on behalf of these healthcare institutions (data controllers) in accordance with their instructions and applicable data-protection laws.
We are fully committed to compliance with the General Data Protection Regulation (GDPR) and to safeguarding personal information at all stages of processing.
Information we collect
Our system may process the following types of information:
- Health and activity data such as steps, heart rate, sleep patterns, blood pressure, SpO₂, and similar measurements received from connected health devices.
- Device and service identifiers (e.g. device ID, platform user ID).
- Basic patient information entered by healthcare staff (name, contact details, care program data).
- Usage and technical data such as connection timestamps, authentication tokens, and access logs for security and audit purposes.
How data is collected
Health and activity data are collected only after explicit user consent through a secure authorization process offered by the chosen device platform. Once the user connects their device, our system periodically retrieves the latest data through encrypted API connections. Users may revoke access at any time through their device-platform account or by contacting their healthcare provider.
Purpose of data use
We process data solely to:
- Provide remote monitoring and care coordination for enrolled patients.
- Display and analyze data for authorized healthcare professionals.
- Generate reports that support medical follow-up and quality of care.
- Improve system performance and reliability using anonymized or aggregated statistics.
We do not use health data for advertising, marketing, or resale purposes.
Data sharing and access
Access to identifiable data is strictly limited to:
- The patient’s authorized healthcare team.
- Our service administrators maintaining system operations.
- Cloud infrastructure providers (e.g. Azure EU Region) acting as secure data processors.
We do not share personal data with unrelated third parties. Data may be disclosed only if legally required by competent authorities.
Data storage and security
All personal data are stored and processed within the European Union. Data are encrypted in transit and at rest. We apply strict access controls, multi-factor authentication, and continuous monitoring to prevent unauthorized access.
Retention
Personal data are retained for the duration of the patient’s monitoring program or as required by healthcare regulations applicable to the respective clinic. When data are no longer needed, they are securely deleted or anonymized.
User rights and consent
Users have the right to:
- Withdraw their consent and disconnect their device integration at any time.
- Request a copy of their personal data.
- Request correction or deletion where legally permitted.
Such requests should be submitted through the user’s healthcare provider (data controller) or directly to Regex Development via the contact details below.
Legal basis for processing
Processing is based on explicit consent provided by the patient and on the legitimate interest of healthcare providers in delivering healthcare services under Article 9(2)(h) GDPR.
International transfers
We do not transfer personal data outside the European Union.
Changes to this policy
We may update this Privacy Policy periodically. Any updates will be published on this page with a revised “Last updated” date. Continued use of the service indicates acceptance of the updated terms.