Is xStep FDA approved?

xStep is recognized by the US FDA as a Breakthrough Device and is CDSCO approved in India. Full FDA approval is in progress.

Who can benefit from xStep?

Patients with spinal cord injuries, cerebral palsy, stroke, or other neurological conditions may benefit. Consult our clinical partners for eligibility.

Yes. Clinical studies show xStep is safe, well-tolerated, and non-invasive, with no major side effects reported.

How can I access treatment?

Submit the form above, and we’ll connect you with the nearest clinic using xStep.

How is training provided?

Certified clinicians receive onboarding and protocols to ensure safe and effective use.

Privacy Policy

Last updated: Jan 15, 2026

1 – Introduction

Welcome to xstep.co (“Xstep,” “we,” “us,” or “our”).
We are committed to protecting the privacy, confidentiality, and security of personal and health-related information collected through our website, medical devices, software applications, and related services (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, store, and protect your information in compliance with applicable laws in India and the United States.

2 – Scope of This Policy

This Privacy Policy applies to:

Users of xstep.co
Users of Xstep medical devices and associated software
Healthcare professionals, providers, and organizations
Patients and end users whose data may be processed through our devices or systems

3 – Information We Collect

a – Personal Information

We may collect:

Full name
Email address
Phone number
Organization or healthcare provider details
Account login credentials
Device identifiers

b – Health and Medical Information

Depending on the product or service, we may collect health-related or medical data, including:

Physiological measurements collected by medical devices
Diagnostic or monitoring data
Device usage data related to patient care
Health identifiers linked to device operation

This data may qualify as:

Protected Health Information (PHI) under HIPAA (USA)
Sensitive Personal Data / Personal Data under Indian law

c – Automatically Collected Data

We may automatically collect:

IP address
Device type and operating system
Browser information
Log files and timestamps
Software performance and error logs

d – Cookies and Tracking Technologies

We use cookies and similar technologies to:

Ensure platform functionality
Improve system performance
Analyze usage trends

You may manage cookies through your browser settings.

4 – Legal Basis for Processing

India (DPDP Act, 2023)

We process personal data based on:

Your consent
Legitimate use for medical, safety, or device performance purposes
Compliance with legal obligations

United States

We process data as necessary to:

Provide medical device functionality
Fulfill contractual obligations
Comply with HIPAA and other federal or state laws

5 – How We Use Your Information

We use information to:

Operate and support medical devices
Monitor device performance and safety
Provide technical and customer support
Improve product quality and compliance
Communicate with users and healthcare providers
Meet regulatory, legal, and reporting requirements

6 – HIPAA Compliance (United States)

Where applicable, Xstep acts as:

A Business Associate to healthcare providers, or
A service provider processing PHI on behalf of covered entities

We:

Use PHI only as permitted by law or agreement
Implement administrative, physical, and technical safeguards
Support breach notification obligations

7 – Sharing and Disclosure of Information

We do not sell personal or health data.

We may share data with:

Healthcare providers and authorized organizations
Cloud hosting and infrastructure providers
Analytics and device monitoring vendors
Regulatory authorities (FDA, CDSCO, etc.)
Legal authorities when required by law
Successors in mergers, acquisitions, or restructuring

All partners are contractually required to protect data.

8 – Data Retention

We retain personal and health data:

Only for as long as necessary to fulfill medical, regulatory, or contractual purposes
As required by applicable healthcare and device regulations
Securely delete or anonymize data when no longer required

9 – Data Security

We implement industry-standard safeguards, including:

Encryption in transit and at rest
Role-based access controls
Secure authentication
Regular security audits and monitoring

Despite our efforts, no system can be guaranteed to be 100% secure.

10 – International Data Transfers

Your information may be transferred to and processed in countries outside your place of residence, including the United States or India. We ensure appropriate safeguards are in place for such transfers.

11 – Your Rights

India

You may have the right to:

Access your personal data
Correct or update inaccurate data
Withdraw consent
Request deletion, subject to legal obligations

United States

Depending on applicable law, you may have rights to:

Access and receive a copy of your data
Request corrections
Request restrictions on use or disclosure

To exercise your rights, contact us at privacy@xstep.co.

12 – Children’s Privacy

Our Services are not intended for children under 13 unless explicitly designed for pediatric medical use under healthcare provider supervision.

13 – Medical Disclaimer

Xstep devices and software are intended to support medical and healthcare functions under professional supervision.
They do not replace professional medical judgment, diagnosis, or treatment.

14 – Third-Party Links

Our Services may link to third-party platforms. We are not responsible for their privacy practices.

15 – Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a revised “Last updated” date.

16 – Contact Information

Xstep
Website: https://xstep.co
Email: info@xstep.co