Privacy Policy

Northern Health Innovations Inc. ("NORHI", "we", "us", or "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our websites, applications, and services. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Ontario's Personal Health Information Protection Act (PHIPA), and other applicable laws.

By using our services or providing us with your personal information, you consent to the practices described in this Privacy Policy. You may withdraw your consent at any time as described below.

We collect only the information needed to provide our services and meet our legal obligations. This may include:

• Contact Information — such as your name, email address, mailing address, and phone number.
• Account and Professional Details — including login credentials, job title, or healthcare organization affiliation.
• Usage Data — such as device type, browser, IP address, and pages visited, collected automatically through cookies or analytics tools.
• Health-Related Information — if you are a healthcare provider using our platform, we may process patient information on your behalf in compliance with PHIPA.
• Communications — any information you send us when contacting our support team or completing a form.
• Other Information — that you provide voluntarily, with your consent.

We do not sell personal information and do not collect more data than necessary to provide our services.

We use personal information to:

• Provide and maintain our products and services.
• Create and manage your account.
• Communicate with you about service updates, inquiries, and technical support.
• Improve the quality, safety, and functionality of our platform.
• Meet our legal, regulatory, and contractual obligations.
• Conduct internal research, testing, and analytics to enhance user experience.
• Send you marketing communications only with your consent (you may opt out at any time).

We will not use personal information for purposes other than those identified above without your consent or as required by law.

We obtain consent before collecting, using, or disclosing your personal information, unless the law allows otherwise. Consent may be express (you clearly agree, such as checking a box or signing a form) or implied (when it's reasonably understood from your actions). You may withdraw your consent at any time by contacting us. Please note that doing so may limit our ability to provide certain services.

We share personal information only in limited circumstances:

• Service Providers: We use trusted third parties to provide hosting, analytics, communications, and technical support. These providers are bound by confidentiality and security requirements.
• Healthcare Organizations: When our platform is used by healthcare providers, information may be shared with authorized personnel within that organization under their privacy policies.
• Legal and Regulatory Requirements: We may disclose information if required to comply with law, court order, or government request.
• Business Transactions: In the event of a merger, acquisition, or reorganization, information may be transferred under appropriate safeguards.
• With Your Consent: We will share information with others only if you have authorized us to do so.

We store and process data primarily in Canada. If data is ever transferred outside Canada, it will be protected under comparable safeguards.

We protect your personal information using a combination of technical, administrative, and physical security measures, including:

• Encrypted data storage and secure transmission (TLS 1.3).
• Role-based access controls and multi-factor authentication.
• Regular system monitoring, audits, and vulnerability testing.
• Mandatory employee privacy and security training.

While no system is completely secure, NORHI continuously evaluates and strengthens its security measures. In the event of a privacy breach that poses a real risk of harm, we will notify affected individuals and authorities as required by law.

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. When information is no longer needed, it is securely deleted, anonymized, or destroyed using certified disposal methods.

Examples:

• Account information — retained while active and for a short period after closure.
• Healthcare data — retained in accordance with PHIPA and partner agreements.
• Transaction and log data — retained for audit and compliance purposes.

We strive to keep personal information accurate and up to date. You have the right to:

• Access the personal information we hold about you.
• Request corrections to any inaccurate or incomplete information.
• Receive an explanation of how your data has been used or disclosed.

Requests can be made by contacting our Privacy Officer (see "Contact Us"). We will verify your identity and respond within 30 days unless an extension is permitted.

Our website uses cookies and analytics tools to improve performance and understand user behavior. Cookies are small files stored on your device that remember preferences or usage patterns. You can disable cookies through your browser settings, though some features may not function properly. Analytics tools we use collect anonymous, aggregated data and do not identify you personally.

You may contact our Privacy Officer to:

• Withdraw consent.
• Request access or correction.
• Ask questions about our privacy practices.
• File a privacy complaint.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy regulator.

We may update this Privacy Policy periodically to reflect legal or operational changes. When we make significant updates, we will post a notice on our website and update the "Last Updated" date above. Your continued use of our services after such updates indicates acceptance of the revised policy.