StemFit — Privacy Policy

StemFit, powered by the CPAH classification · educational / research decision-support tool

Effective date: 12 July 2026 · Last updated: 12 July 2026

Summary. StemFit is a professional educational and research tool for orthopaedic surgeons. We collect the account details you provide, your consent choices, the measurements and stem recommendations you generate, and — only if you explicitly consent — the de-identified radiographs you choose to save. We also record technical metadata (IP address, timezone, timestamp, browser). We do not sell your data or use it for advertising. StemFit is not a medical device and must not be used with patient-identifying information.

1. Who we are

StemFit is operated by the CPAH study group (the “operator”, “we”, “us”). The data controller for accounts and submissions is the study administrator. Contact: tmseyler@gmail.com. (Update this to your organisation’s legal name and a support address before publishing.)

2. What we collect

CategoryDataWhen
AccountFull name, email, institution, role, country, and a securely hashed password. Your choice to express interest in research collaboration.When you register
Consent recordsYour acceptance of the de-identification, AI-training, calibration and Terms/Disclaimer consents, with the consent version and timestamp.At registration
Clinical inputs & outputsMeasurements you enter or generate (neck-shaft angle, cortical index, offset, offset ratio), the computed CPAH morphotype, bone-quality and fixation guidance, and the stem recommendations produced. Any notes you add. Your saved site “formularies”.When you use and save a case
Radiographs (images)Hip radiograph image files — only when you choose to save a case AND consent to AI-training use. If you do not consent, images are not uploaded or stored.Only on your explicit action
Technical metadataIP address, timezone, timestamp, and browser/user-agent string, recorded with your account and each submission for security, audit and research.At registration and each submission

We do not intentionally collect special-category health data about you, precise GPS location, contacts, or device identifiers beyond the technical metadata listed above.

3. How we use your data

Legal bases (where GDPR applies): your consent (radiograph/AI-training use, collaboration interest), contract (operating your account), and our legitimate interests (security, audit, service improvement). You may withdraw consent at any time (Section 8).

4. Radiographs and patient data — your responsibility

StemFit is for de-identified, research/educational use. You must not upload any patient-identifying information (name, MRN, date of birth, accession number, or other identifiers). You are solely responsible for de-identifying images and for complying with all applicable laws and your institution’s policies (including HIPAA and GDPR). We do not act as a HIPAA Business Associate and no Business Associate Agreement is in place. Do not use StemFit to process protected health information.

5. Sharing and disclosure

6. International transfers

Our servers and providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers of personal data.

7. Data retention & security

We retain account and case data for as long as your account is active or as needed to operate the study, then delete or anonymise it. Passwords are stored only as salted hashes; the service is served over HTTPS and the dashboard is access-controlled. No method of transmission or storage is 100% secure.

8. Your rights and choices

To exercise any right, email tmseyler@gmail.com. We will respond within the timeframe required by applicable law. California residents: we do not “sell” or “share” personal information as defined by the CPRA.

9. Children

StemFit is a professional tool intended for healthcare professionals and is not directed to children. We do not knowingly collect data from anyone under 18.

10. Not a medical device

StemFit is an educational and research decision-support tool. It is not a medical device, is not FDA/CE cleared, and does not provide diagnosis or treatment decisions. All output must be independently verified by the operating surgeon, who remains solely responsible for clinical decisions.

11. Changes to this policy

We may update this policy; we will change the “Last updated” date above and, for material changes, provide a notice in the app. Continued use after changes means you accept the updated policy.

12. Contact

Questions or requests: tmseyler@gmail.com.