Hello! We are Aifred Health Inc. (“Aifred”, “we”, “us”, “our”).
304-1600 RUE NOTRE-DAME O
MONTRÉAL QC H3J 1M1
· Your use of our web-application or mobile application available to patients, clinicians and administrators in relation to the treatment of depression (the “Aifred Health App”)
· Your use of our website aifredhealth.com, social media, and other interactions with us.
(together, these are our “Services”)
You may be accessing the Aifred Health App as part of a clinical study or research trial which includes the use of predictive algorithms known as artificial intelligence (a “Clinical Study”), if you consented expressly to it.
You can use Aifred Health App as a clinician (a doctor, a therapist, social worker or other professional), as an administrator for a health institution, or as a patient.
3. What types of personal data do you collect, and why?
The Aifred Health App collects personal health and wellness data that helps inform your clinician about your current mental health. Clinicians use such health and wellness data to evaluate and optimize your treatment.
Our Services collect personal data about you, including health and wellness data, which we aggregate and anonymize to train predictive algorithms known as artificial intelligence (“AI”). This means that we do not use your personal data to train any algorithms or to improve our Services. We only use de-identified and non-personal data for this purpose. If you are curious and would like to learn more about how we use non-personal data and AI, please consult our FAQ.
More specifically, we collect the following types of personal data within our Services. We’ve indicated the purposes of collection for each type and provided you with more information such as examples. If it’s still not clear, you can reach out to us by email at firstname.lastname@example.org or by phone at 1-855-339-6888.
· Account Data (Examples include email address, name, date of birth, gender, passwords and credentials).
Patients are invited to use the Aifred Health App by email address, at their clinicians’ request. Patients can decide to enable multi-factor authentication. We recommend that you do so by providing a number capable of receiving SMS messages. This number will not be visible to any user including clinicians and administrators. Our supplier, Auth0 collects email addresses and cellphone numbers to authorize multi-factor authentication and allow Twilio, our supplier, to provide SMS services for multi-factor authentication. It is optional to provide us with your phone number, but it will be required to activate this security feature. Your number used for multi-factor authentication will never be shared with external parties and will strictly be used for account authentication purposes. Message and data rates may apply if you decide to enable multi-factor authentication. We only share your email address with SendGrid for notification purposes.
When health institutions and clinicians invite patients to use the Aifred Health App, they include your first and last name, email address and date of birth. Patients are also asked to provide their gender, sex and, if they decide to, their phone numbers. Only your assigned clinician has access to your date of birth, email address and phone number. You may also add other facultative information from time to time, such as occupation.
You will need a password, and your email to login. If you provide us with your phone number, we will activate multifactor authentication and use your phone number to send you an SMS to confirm your identity. Once you confirm your identity, we will also provide you with a unique recovery code for your account. Keep this code safe and confidential – this is how you will be able to retrieve your personal data if you can’t access the services, such as if you make a typo in your phone number.
Gender and sex information is important to help your clinician and clinic identify you and tailor their services. If you are participating in a Clinical Study, personal data such as gender and sex may be leveraged as part of predictive algorithms that supports clinicians formulate a professional opinion on the appropriate treatment.
· Health and Wellness Data (Examples include answers to clinical surveys, score and results, date and time of completion, which clinician assigned the medical survey, current treatments, past treatments, dosage, frequency, route, name of doctor, start date, prescriptions)
The Aifred Health App allows patients to complete clinical surveys which have been selected by clinicians, or which are otherwise available in your secured account. Any clinical survey that you complete, along with the full responses, will be visible to your clinicians which they will use to create appropriate treatment plans for you. Speaking about treatment plans, patients can consult their current and past treatment plans through their accounts. Patients and clinicians can also add treatments from the drop-down menu. Aifred Health App also collects information as to the doctor who prescribed the prescription, as well as the start and end date of the prescription. All of this information is available to the clinician and can be considered in the evaluation and establishment of various treatment plans. We may also collect your hospital or healthcare number if the health institution who provides you with access to the Services chooses to use these identifiers.
If you are participating in a Clinical Study, such personal health data may be leveraged by our predictive algorithms to provide modelling on potential treatments to the clinicians.
· Circle of Care Data (Examples include: Name of clinician, one-on-one messages with clinicians)
The Aifred Health App contains a one-on-one messaging functionality that allows patient and clinicians to communicate. This feature is not monitored, and it is only provided for convenience. Clinicians may not receive notification of messages and you should not use this for emergencies. If you are feeling unwell, please call your clinicians or present to or contact emergency services.
· Support (Examples include bugs and error data, support tickets by email, features visited by the user, browser configurations, etc.)
We process this information to respond and address technical support requests which are submitted by users. At the moment, we use emails as a means of responding to such requests.
· Electronic and Usage Data (Examples include: IP address, mobile identifier, device type, operating system and Internet browser type, pages visited, links clicked, language preferences, etc.)
This information is collected automatically by our Services to function effectively, to fix bugs, or to improve the security of our Services. We also use Usage Data to improve our Services and standards of care. We may collect this information through analytical cookies, by way of example.
· Website and Social Media
If you communicate with us by email, through forms available on our Website, on social media, by subscribing to our services-related news communications on our Website, or by any other means, we collect the personal data that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information.
4. Do you use any cookies as part of the services? Can I opt-out from this?
Type of cookie
Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies.
Functional cookies are used to provide you with some functionalities, such as in-app messaging, and to remember preferences, consents and configurations.
Analytics cookies are used to generate aggregated statistical data about traffic and behaviour of users when using our services.
You can manage your cookie preferences through your browser using the instructions provided below by clicking on the browser that you are using. However, by blocking essential and functional cookies, parts of the Services may not be available. Depending on the browser that you are using, different instructions are applicable. Click on your browser below for more information:
From your mobile device, you can also manage tracking technologies using your settings and preferences. Click here to learn how to manage tracking technologies on iOS.
5. Do you use Google Analytics?
We don’t use Google Analytics as part of Aifred Health App.
6. How do you share my personal data?
We don’t sell your personal data, and we don’t use your health data except as needed to provide you with the services. We don’t share your health data with marketing partners.
We share your personal data with service providers, or if we are required to comply with the law, to comply with your instructions or as part of corporate transactions. The personal data that you share on the Aifred App will be shared with healthcare professionals involved in your care.
Category of recipients
Examples and explanations
If you are a patient, your personal data will be shared with your clinicians. We do not control what clinicians do with your personal data. You should inquire directly with your clinicians as to how they process your personal data.
Aifred Health App Service Providers
Analytics Service Providers and Website Service Providers
We use third parties to obtain analytics based on how users are leveraging our services.
We may also be required to share personal data with law enforcement if we are legally compelled to do so. We will take all commercially reasonable measures to notify you prior to doing so, unless we are prevented to do so by law.
If we go through a restructuration, a merger and acquisition or a sale of parts of all our assets, personal data may also be transferred in such context, subject to any limitations under applicable laws.
7. How long do you retain my personal data?
We may retain your personal data for (i) as long as your account is active; or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which we have initially collected it, unless otherwise required by law or regulatory authority, to defend ourselves in the case of a litigation (including for the purpose of complying with regulatory audits from time to time). When health institutions terminate their relationships with us, we permanently delete your personal data within a reasonable timeline, or we de-identify such information so that it is no longer associated with you.
8. Where do you store my personal data?
We host personal data on Microsoft Azure cloud. Our data centers are in Canada. We use suppliers located in the United States. Twilio, SendGrid and Auth0 do not have access to patients’ health information. Each jurisdiction has different laws applicable to the protection of personal data, and when your personal data are processed in another jurisdiction, they may be subject to different laws with varying degrees of protection. We ensure that our vendors have appropriate measures to handle your personal data, such as by requesting appropriate contractual provisions.
9. How do you protect my personal data?
We understand that your privacy is important to you. We performed a privacy impact assessment in our services, and we collect your health data through a secure transport layer between devices and a backend API hosted in Microsoft Azure with encryption at rest using AES 256-bit, meeting current FIPS 140 compliance. The API requires that users be securely logged into the application using OAuth2 standards through a third-party service called Auth0. To access your data, clinicians must be identified through multifactor authentication. The API uses role-based access to ensure only your assigned clinicians can view health and wellness data.
To protect your privacy, it is important that you also take steps to ensure that your credentials and devices use adequate passwords, that you don’t share your passwords and that you use secure Internet connections when sharing sensitive information over the Internet.
10. Do I have rights on my personal data?
Yes, you have rights over your personal data.
Different laws provide for different rights.
In general, you have the right to access and modify your personal data, such as if your personal data are inaccurate. We may have to inform your clinicians of your request to access or modify personal data, depending on our obligations, and we may need to ask for additional personal data to identify you. Some of the information that we have about patients, such as date of birth and hospital ID, are controlled by clinicians and health institutions with whom we work. To modify this information, to delete your accounts or for any matters affecting the processing of your personal data by your clinicians, please reach out to the clinicians directly.
If you need to reach out to us to exercise your rights, you can do so by email at email@example.com or by mail, at the address indicated above. We will respond to your request within 30 days, or sooner if we are required to do so. If we can’t accept your request, we will provide you with explanations. If you don’t agree with how we responded to your request, you can make a complaint to the local authority. If you are in Canada, you can contact the Office of the Privacy Commissioner of Canada for more information. You can lodge an online complaint here. If you are located in Québec, you can reach out to the Commission d’accès à l’information.
Office of the Privacy Commissioner of Canada’s Information Center:
Telephone - 9:00 a.m. to 4:00 p.m. EST
Office of the Privacy Commissioner
30 Victoria Street
If you are located in the United States, you can reach out to the United States Department of Health & Human Services, Office of Civil Rights Complaint Portal, located at: https://ocrportal.hhs.gov/ocr/cp/complaint_frontpage.jsf