Privacy Policy
Effective Date: February 1st 2026
Introduction
We are committed to protecting the privacy and security of your personal information (PI) and personal health information (PHI). Information collected and stored by us is only used to provide you with the Services as defined in the Terms of Service of the Careplicity website (“Service” or “Services”). Your PI and PHI may also be used for statistical purposes, aggregated health reporting and anonymous research. Any information used for those purposes is compiled and de-identified, and it can not be reasonably used to identify an individual. We do not sell, rent, or trade your PI or PHI for any purpose.
We operate as a technology service provider and do not provide medical advice, diagnosis, or treatment. Where PHI is processed on behalf of healthcare providers, we act as an information manager or service provider, as defined under applicable law.
Types of Information We Collect
We collect two main types of information:
Personal Information (PI)
Information that directly identifies you, such as your name, email address, and account login credentials.
Personal Health Information (PHI):
Information concerning your physical or mental health, including health history, test & examination results, lifestyle, treatment, and care plan information that you choose to upload or that is generated through your use of the Services.
Consent for Communications
One of the Services is the ability to receive notifications or information regarding a health issue you may have or a topic you are interested in. These communications may include informational, educational, or promotional content from government or private health organizations, health information providers, suppliers of medical devices, pharmaceutical providers, and other health-related product and service organizations (collectively, “Providers”).
Such communications will only be delivered where you have provided explicit, informed consent, which may be withdrawn at any time through your notification settings within the app. Consent to receive such communications is separate from consent to use the Services and is not required to access core Careplicity functionality.
With your consent, we may use your PHI solely for the purpose of determining which communications may be relevant to you (for example, communications related to a specific health condition). We do not disclose your PI or PHI to Providers.
Providers do not receive information about which individuals receive their communications and cannot identify users based on participation in any campaign. All communications are delivered through Careplicity.
We do not provide Providers with user email addresses, phone numbers, or other direct contact details unless you choose to share them. We do not permit Providers to target communications based on combinations of health data that may infer the identity of any individual user.
You acknowledge that If you choose to engage with a Provider, any subsequent interaction or disclosure of PI that occurs directly between you and that third party is outside of our control.
Sharing Your Information
When available, you can choose to share your personal and health information with your healthcare providers by setting up specific sharing rules as may be available within Careplicity. You control whether and how your personal and health information is shared through Careplicity and you are responsible for the sharing choices you make. If you are at all uncertain, you should not share information through Careplicity.
Data Storage and Security
Records are stored electronically. All PHI is stored exclusively on servers located in the appropriate jurisdiction on industry-proven infrastructure. These records are protected using industry-standard administrative, technical, and physical safeguards appropriate for the protection of PHI, including encryption of data both at rest and in transit , as well as role-based access controls and row-level security to prevent unauthorized access, disclosure, or misuse.
Our authorized personnel may access systems remotely for support, maintenance, or security purposes, subject to strict access controls, authentication requirements (including multi-factor authentication where applicable), and confidentiality obligations. Physical security of the underlying infrastructure is managed by its provider in accordance with recognized security standards and certifications.
In the event of a privacy breach involving your PI or PHI that poses a real risk of significant harm, we will notify affected individuals and relevant regulatory authorities in accordance with applicable law.
Service Providers
We may use third-party service providers to support the operation of the Services (for example, cloud hosting, security monitoring, or customer support). Such providers are permitted to access PI or PHI only as necessary to perform services for us and are contractually required to protect it and use it only for authorized purposes.
Your Privacy Rights (Access and Correction)
In accordance with privacy laws, you have the right to:
Access
Request access to your PI and PHI held by us.
Correction
Request correction of your PI and PHI if you believe it is inaccurate or incomplete.
To exercise these rights, please contact our Privacy Officer, Boaz Y. Saffer, PhD, at privacy@careplicity.com. We may require reasonable verification of your identity before fulfilling such requests.
Data Retention and Destruction
We retain your PI and PHI only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. If you cancel the Services, we will immediately securely destroy or de-identify your PHI in a manner consistent with industry best practices and legal requirements.
Children and Minors
We do not knowingly collect PI from individuals under the age of majority without appropriate consent from a parent, legal guardian, or authorized substitute decision-maker, as required by law. The age of majority in Canada is 18 or 19 years, depending on the province of residency. Once a person reaches the age of 19 years, their PHI cannot be accessed by another Careplicity user without expressed consent.
Changes to this Policy
By using the Services, you are consenting to the collection and use of PI and PHI as set out in this policy. Any changes to the policy will be immediately communicated through the Careplicity website and/or through the notification function. Your use of the services is subject to the Terms of Service of the Careplicity website, including the Disclaimers and Limitations of Liability contained herein.
If you require more information or clarification on our privacy policy, do not hesitate to contact us at privacy@careplicity.com. We also encourage you to review the full Terms of Service for additional details regarding the operation of the Services.
If you are not satisfied with our response, you may have the right to file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy regulator.
Jurisdictions
Our management of your information is designed to comply with the federal laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable provincial health and privacy standards, such as the Personal Information Protection Act (PIPA) in British Columbia, the Health Information Act (HIA) in Alberta, and the Personal Health Information Privacy Act (PHIPA) in Ontario. Any dispute arising from this Policy remains subject to the Choice of Law and Venue provisions in the Terms of Service.