Privacy Policy

Effective Date: 1st October 2025 / Last Updated: 14th October 2025

1. Introduction

MetaMotion (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, disclose and protect personal information when you interact with our websites, clinics, applications, devices, analytics platforms, APIs or other services (“Services”).

We comply with the Saudi Personal Data Protection Law (PDPL) and other relevant regulations across the Kingdom of Saudi Arabia and the Middle East.

This Policy applies to:

Users and visitors of www.metamotion.sa
and its subdomains (e.g., clinic.metamotion.sa).

Clients, patients, employees, partners and developers using MetaMotion products and services.

Anyone whose data is processed by MetaMotion as part of clinical, research or corporate programmes.

2. Information we collect

We collect and process different categories of personal information depending on your relationship with us.

2.1 Personal identifiers

Name, contact details (email, phone number, address), national ID or medical record numbers, and other identification data provided when creating an account or booking services.

2.2 Health and motion data

Movement metrics, gait analysis data, video and IMU recordings, physiological signals, exercise adherence data and related analytics captured through MetaMotion Clinic, Sense wearables, or Digital Twin integrations.

2.3 Device and technical data

Device identifiers, browser information, IP addresses, application usage logs, operating system type, and access timestamps collected through cookies or analytics tools.

2.4 Transactional data

Payment history, invoices, subscription details, and appointment records.

2.5 Communication data

Feedback, support requests, messages or recordings of communications with our clinical or technical support teams.

2.6 Research or clinical trial data

When you participate in studies, we may collect additional motion capture, biometric or health metrics under explicit consent for research purposes.

3. How we collect data

• Directly from you: When you create an account, book a clinic service, complete forms, or contact us.
• Automatically: Through cookies, connected devices, wearables or APIs integrated into MetaMotion™ applications.
• From authorised professionals: Clinicians, therapists, or research investigators who collect or upload your motion or health data.
• From enterprise partners: Employers or institutions participating in Vitalytics or research programmes, subject to contractual data protection terms.

4. Purpose of data collection

We collect and process your data only for legitimate, specific and clear purposes including:

• Delivering and personalising our Services.
• Conducting gait analysis, biomechanics assessments and rehabilitation tracking.
• Managing clinic appointments, billing, and medical reports.
• Creating and updating your Digital Twin profile for longitudinal insight and analytics.
• Supporting telehealth and remote rehabilitation.
• Providing Vitalytics wellness dashboards and rewards.
• Improving algorithms, analytics models and device performance.
• Conducting research, validation and scientific studies (with consent).
• Complying with healthcare, financial, and data protection laws.

We do not sell personal data under any circumstances.

5. Legal basis for processing

Under the Saudi PDPL, we process data on one or more of the following legal bases:

• Your explicit consent, especially for health, biometric or sensitive data.
• Performance of a contract, such as providing clinical or enterprise services.
• Compliance with legal obligations, such as healthcare recordkeeping.
• Legitimate interest, including service improvement and fraud prevention, balanced against your rights.

6. Use of sensitive and health data

Sensitive personal data (e.g., medical, motion, biometric or rehabilitation data) is processed strictly under consent and handled with higher safeguards, encryption, and access control.
This information is used only by authorised healthcare professionals and approved staff for the purpose agreed upon at collection.

7. Data sharing and disclosure

We may share personal data in the following limited cases:

1. With healthcare professionals directly involved in your care or rehabilitation.
2. With your employer or insurer, only when participating in a programme (e.g., Vitalytics) and with your consent or under a lawful contract.
3. With service providers (hosting, IT, analytics, lab partners, hardware manufacturers) who act as processors under strict confidentiality and security obligations.
4. With research collaborators, where data is anonymised or pseudonymised and shared under ethics-approved agreements.
5. With regulators or authorities where legally required (e.g., Ministry of Health, Saudi Data & AI Authority (SDAIA)).

We do not disclose personal data for marketing purposes to third parties without your explicit consent.

8. Data storage and international transfers

All personal data is primarily stored and processed within the Kingdom of Saudi Arabia.
If data must be transferred outside the Kingdom, MetaMotion ensures appropriate safeguards, contractual clauses and authorisations under PDPL Article 29 and related executive regulations.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Clinical data: In line with healthcare record-keeping laws (usually five years or as otherwise required).
• Research data: As defined in ethics-approved study protocols.
• Enterprise or app data: Until account deletion or contract termination, unless retention is required by law.

When data is no longer needed, it is securely deleted, anonymised or archived following PDPL-compliant procedures.

10. Your rights under PDPL

You have the following rights regarding your personal data:

• Right of access — to know whether we hold your data and to request a copy.
• Right to rectification — to correct incomplete or inaccurate data.
• Right to deletion — to request deletion where data is no longer needed or consent is withdrawn.
• Right to withdraw consent — at any time, without affecting prior lawful processing.
• Right to data portability — to receive your data in a structured format (when technically feasible).
• Right to complaint — to submit a complaint to the Saudi Data & AI Authority (SDAIA) if you believe PDPL has been breached.

Requests can be made by contacting info@metamotion.sa
. We may require identity verification before fulfilling your request.

11. Data security

We maintain robust administrative, physical and technical safeguards to protect personal data, including:

• Encryption of data at rest and in transit.
• Role-based access control and audit logging.
• Secure data hosting in healthcare-compliant environments.
• Incident response procedures and breach notification protocols under PDPL Articles 20–21.

Despite these measures, no online system is entirely secure, and you acknowledge this inherent risk when transmitting information electronically.

12. Cookies and analytics

We use cookies, session storage and analytics tools to improve functionality, measure engagement and enhance user experience.
You can adjust cookie preferences through your browser settings.
We do not use cookies for unauthorised advertising or cross-site tracking.

13. Children’s data

Our Services are intended for adults and authorised healthcare professionals. For paediatric assessments or rehabilitation, personal data of minors is collected only with the verified consent of a parent or legal guardian, in accordance with PDPL and local health regulations.

14. Research and anonymised data

Anonymised and aggregated data may be used for statistical analysis, model improvement or scientific publication.
No individual will be identifiable from such outputs. For research requiring identifiable data, explicit consent and ethics approval are obtained prior to participation.

15. Third-party links and integrations

Our websites or dashboards may contain links or integrations to third-party services (e.g., lab systems, EMRs, banking partners). We are not responsible for their privacy practices. Please review their privacy policies before sharing data through those services.

16. Developer APIs and integrations

• When you use MetaMotion APIs or SDKs, you must ensure that end-user data is processed lawfully, transparently and securely.
• Developers are required to implement appropriate safeguards, anonymisation and consent workflows consistent with this Privacy Policy and PDPL requirements.

17. Updates to this Policy

MetaMotion may update this Privacy Policy to reflect changes in regulations, technology or our operations. Updates will be posted with a revised “Effective Date”. Continued use of our Services after an update constitutes acceptance of the revised Policy.

18. Contact us

If you have questions, concerns or requests regarding your data or this Policy, please contact:

MetaMotion
Phone: +966 55 8944412
Email: info@metamotion.sa

Address: 7220 Souwaid Ibn Harithah, Riyadh, Hittin, Saudi Arabia