Hello! We are Aifred Health Inc. (“Aifred”, “we”, “us”, “our”).
This Privacy Policy contains information in order for you to understand how we process your personal data your rights regarding said personal data. Our mission is to improve health and wellness, and we believe privacy is an essential component.
If you have any questions about this Privacy Policy or our privacy practices, do not hesitate to reach out to us! You can email us at privacy@aifredhealth.com, or reach us by mail at the following address:
304-1600 RUE NOTRE-DAME O
MONTRÉAL QC H3J 1M1
Canada
1. Which information is subject to this Privacy Policy?
This Privacy Policy applies to “personal data”. We define personal data as any data that, alone or with others, allow us to identify you directly or indirectly, including “cookies” and other electronic data. Some data may not be personal on their own but may become personal when associated with other data.
A “cookie” is an information that a website puts on a computer’s hard disk so that a website or web application can remember something about individuals at a later time. In this Privacy Policy, when we refer to “cookies” we also include other technologies with similar purposes, such as pixels, tags and beacons. For more information on cookies, you can refer to websites such as http://www.cookiecentral.com/ and https://www.allaboutcookies.org/.
This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as personal data may not be protected as “personal data” or “personal data” under applicable laws.
2. When does this Privacy Policy apply?
This Privacy Policy applies to:
· Your use of our web-application or mobile application available to patients, clinicians and administrators in relation to the treatment of depression (the “Aifred Health App”)
· Your use of our website aifredhealth.com, social media, and other interactions with us.
(together, these are our “Services”)
You may be accessing the Aifred Health App as part of a clinical study or research trial which includes the use of predictive algorithms known as artificial intelligence (a “Clinical Study”), if you consented expressly to it.
You can use Aifred Health App as a clinician (a doctor, a therapist, social worker or other professional), as an administrator for a health institution, or as a patient.
Our Services may contain links towards external services which are not part of the Services, such as links to online websites which provide you with more explanations on certain health conditions. These external services are not covered by this Privacy Policy. This means that your use of these external services is subject to their respective privacy policies.
3. What types of personal data do you collect, and why?
The Aifred Health App collects personal health and wellness data that helps inform your clinician about your current mental health. Clinicians use such health and wellness data to evaluate and optimize your treatment.
Our Services collect personal data about you, including health and wellness data, which we aggregate and anonymize to train predictive algorithms known as artificial intelligence (“AI”). This means that we do not use your personal data to train any algorithms or to improve our Services. We only use de-identified and non-personal data for this purpose. If you are curious and would like to learn more about how we use non-personal data and AI, please consult our FAQ.
At the moment, AI capabilities for the Aifred Health App are only available for patients who participate in a Clinical Study, and which have consented expressly to the use of AI as part of their relationship with a clinician. In a Clinical Study, the health and wellness data points provided by patients are leveraged by AI algorithms to model possible treatments options for depression. The options are reviewed and analyzed by the clinicians as part of their clinical assessment. The AI algorithms do not replace professional and medical advice, and may only be used by a professional clinician. The AI capabilities are intended to inform the clinicians’ professional advice. You can modify your personal data in the Aifred Health App at any time or reach out to us by email at privacy@aifredhealth.com should you need help doing so. Click here to jump to the section of this Privacy Policy which discusses your rights.
Our Services also collect other types of personal data which are required by or related to the provision of these Services to you, such as electronic data automatically generated by your use of the Services. Our use of cookies and similar technologies is described in another section, click here to jump to this section.
More specifically, we collect the following types of personal data within our Services. We’ve indicated the purposes of collection for each type and provided you with more information such as examples. If it’s still not clear, you can reach out to us by email at privacy@aifredhealth.com or by phone at 1-855-339-6888.
· Account Data (Examples include email address, name, date of birth, gender, passwords and credentials).
Patients are invited to use the Aifred Health App by email address, at their clinicians’ request. Patients can decide to enable multi-factor authentication. We recommend that you do so by providing a number capable of receiving SMS messages. This number will not be visible to any user including clinicians and administrators. Our supplier, Auth0 collects email addresses and cellphone numbers to authorize multi-factor authentication and allow Twilio, our supplier, to provide SMS services for multi-factor authentication. It is optional to provide us with your phone number, but it will be required to activate this security feature. Your number used for multi-factor authentication will never be shared with external parties and will strictly be used for account authentication purposes. Message and data rates may apply if you decide to enable multi-factor authentication. We only share your email address with SendGrid for notification purposes.
When health institutions and clinicians invite patients to use the Aifred Health App, they include your first and last name, email address and date of birth. Patients are also asked to provide their gender, sex and, if they decide to, their phone numbers. Only your assigned clinician has access to your date of birth, email address and phone number. You may also add other facultative information from time to time, such as occupation.
You will need a password, and your email to login. If you provide us with your phone number, we will activate multifactor authentication and use your phone number to send you an SMS to confirm your identity. Once you confirm your identity, we will also provide you with a unique recovery code for your account. Keep this code safe and confidential – this is how you will be able to retrieve your personal data if you can’t access the services, such as if you make a typo in your phone number.
Gender and sex information is important to help your clinician and clinic identify you and tailor their services. If you are participating in a Clinical Study, personal data such as gender and sex may be leveraged as part of predictive algorithms that supports clinicians formulate a professional opinion on the appropriate treatment.
· Health and Wellness Data (Examples include answers to clinical surveys, score and results, date and time of completion, which clinician assigned the medical survey, current treatments, past treatments, dosage, frequency, route, name of doctor, start date, prescriptions)
The Aifred Health App allows patients to complete clinical surveys which have been selected by clinicians, or which are otherwise available in your secured account. Any clinical survey that you complete, along with the full responses, will be visible to your clinicians which they will use to create appropriate treatment plans for you. Speaking about treatment plans, patients can consult their current and past treatment plans through their accounts. Patients and clinicians can also add treatments from the drop-down menu. Aifred Health App also collects information as to the doctor who prescribed the prescription, as well as the start and end date of the prescription. All of this information is available to the clinician and can be considered in the evaluation and establishment of various treatment plans. We may also collect your hospital or healthcare number if the health institution who provides you with access to the Services chooses to use these identifiers.
If you are participating in a Clinical Study, such personal health data may be leveraged by our predictive algorithms to provide modelling on potential treatments to the clinicians.
· Circle of Care Data (Examples include: Name of clinician, one-on-one messages with clinicians)
The Aifred Health App contains a one-on-one messaging functionality that allows patient and clinicians to communicate. This feature is not monitored, and it is only provided for convenience. Clinicians may not receive notification of messages and you should not use this for emergencies. If you are feeling unwell, please call your clinicians or present to or contact emergency services.
· Support (Examples include bugs and error data, support tickets by email, features visited by the user, browser configurations, etc.)
We process this information to respond and address technical support requests which are submitted by users. At the moment, we use emails as a means of responding to such requests.
· Electronic and Usage Data (Examples include: IP address, mobile identifier, device type, operating system and Internet browser type, pages visited, links clicked, language preferences, etc.)
This information is collected automatically by our Services to function effectively, to fix bugs, or to improve the security of our Services. We also use Usage Data to improve our Services and standards of care. We may collect this information through analytical cookies, by way of example.
· Website and Social Media
If you communicate with us by email, through forms available on our Website, on social media, by subscribing to our services-related news communications on our Website, or by any other means, we collect the personal data that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information.
4. Do you use any cookies as part of the services? Can I opt-out from this?
We only use cookies as necessary to provide the functionalities within our services, to conduct analytics and to provide you with the services. Our Services do not contain any marketing cookies and we do not conduct interest-based advertising.
|
Type of cookie |
Description |
|
Essential |
Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies. |
|
Functional |
Functional cookies are used to provide you with some functionalities, such as in-app messaging, and to remember preferences, consents and configurations. |
|
Analytics |
Analytics cookies are used to generate aggregated statistical data about traffic and behaviour of users when using our services. |
You can manage your cookie preferences through your browser using the instructions provided below by clicking on the browser that you are using. However, by blocking essential and functional cookies, parts of the Services may not be available. Depending on the browser that you are using, different instructions are applicable. Click on your browser below for more information:
· Firefox
· Safari
· Edge
· Opera
· Brave
From your mobile device, you can also manage tracking technologies using your settings and preferences. Click here to learn how to manage tracking technologies on iOS.
5. Do you use Google Analytics?
We don’t use Google Analytics as part of Aifred Health App.
However, our public website uses Google Analytics to obtain analytics and performance information on how our website is used by visitors. With Google Analytics we obtain information such as the number of visitors, from which websites our visitors are coming and the pages that they visit. Google only provides us with access to aggregate and traffic information, and we can’t see what each user does on our website in an individual manner. Google Analytics can provide us with this information because of cookies installed in your browser which reports information to Google Analytics.
You can opt-out of Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
6. How do you share my personal data?
We don’t sell your personal data, and we don’t use your health data except as needed to provide you with the services. We don’t share your health data with marketing partners.
We share your personal data with service providers, or if we are required to comply with the law, to comply with your instructions or as part of corporate transactions. The personal data that you share on the Aifred App will be shared with healthcare professionals involved in your care.
|
Category of recipients |
Examples and explanations |
|
Clinicians |
If you are a patient, your personal data will be shared with your clinicians. We do not control what clinicians do with your personal data. You should inquire directly with your clinicians as to how they process your personal data.
|
|
Aifred Health App Service Providers |
· We store your personal data on Microsoft Azure. Click here to read their Privacy Policy. · We use Twilio to send SMS to authenticate you. Click here to read their Privacy Policy. · We use SendGrid to allow you to send messages. Click here to read their Privacy Policy. · We use Auth0 for security purposes. Click here to read their Privacy Policy. |
|
Analytics Service Providers and Website Service Providers |
We use third parties to obtain analytics based on how users are leveraging our services. |
We may also be required to share personal data with law enforcement if we are legally compelled to do so. We will take all commercially reasonable measures to notify you prior to doing so, unless we are prevented to do so by law.
If we go through a restructuration, a merger and acquisition or a sale of parts of all our assets, personal data may also be transferred in such context, subject to any limitations under applicable laws.
7. How long do you retain my personal data?
We may retain your personal data for (i) as long as your account is active; or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which we have initially collected it, unless otherwise required by law or regulatory authority, to defend ourselves in the case of a litigation (including for the purpose of complying with regulatory audits from time to time). When health institutions terminate their relationships with us, we permanently delete your personal data within a reasonable timeline, or we de-identify such information so that it is no longer associated with you.
8. Where do you store my personal data?
We host personal data on Microsoft Azure cloud. Our data centers are in Canada. We use suppliers located in the United States. Twilio, SendGrid and Auth0 do not have access to patients’ health information. Each jurisdiction has different laws applicable to the protection of personal data, and when your personal data are processed in another jurisdiction, they may be subject to different laws with varying degrees of protection. We ensure that our vendors have appropriate measures to handle your personal data, such as by requesting appropriate contractual provisions.
9. How do you protect my personal data?
We understand that your privacy is important to you. We performed a privacy impact assessment in our services, and we collect your health data through a secure transport layer between devices and a backend API hosted in Microsoft Azure with encryption at rest using AES 256-bit, meeting current FIPS 140 compliance. The API requires that users be securely logged into the application using OAuth2 standards through a third-party service called Auth0. To access your data, clinicians must be identified through multifactor authentication. The API uses role-based access to ensure only your assigned clinicians can view health and wellness data.
To protect your privacy, it is important that you also take steps to ensure that your credentials and devices use adequate passwords, that you don’t share your passwords and that you use secure Internet connections when sharing sensitive information over the Internet.
10. Do I have rights on my personal data?
Yes, you have rights over your personal data.
Different laws provide for different rights.
In general, you have the right to access and modify your personal data, such as if your personal data are inaccurate. We may have to inform your clinicians of your request to access or modify personal data, depending on our obligations, and we may need to ask for additional personal data to identify you. Some of the information that we have about patients, such as date of birth and hospital ID, are controlled by clinicians and health institutions with whom we work. To modify this information, to delete your accounts or for any matters affecting the processing of your personal data by your clinicians, please reach out to the clinicians directly.
If you need to reach out to us to exercise your rights, you can do so by email at privacy@aifredhealth.com or by mail, at the address indicated above. We will respond to your request within 30 days, or sooner if we are required to do so. If we can’t accept your request, we will provide you with explanations. If you don’t agree with how we responded to your request, you can make a complaint to the local authority. If you are in Canada, you can contact the Office of the Privacy Commissioner of Canada for more information. You can lodge an online complaint here. If you are located in Québec, you can reach out to the Commission d’accès à l’information.
Office of the Privacy Commissioner of Canada’s Information Center:
Telephone - 9:00 a.m. to 4:00 p.m. EST
Toll-free: 1-800-282-1376
Mailing address
Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec
K1A 1H3
If you are located in the United States, you can reach out to the United States Department of Health & Human Services, Office of Civil Rights Complaint Portal, located at: https://ocrportal.hhs.gov/ocr/cp/complaint_frontpage.jsf
11. Can this Privacy Policy be modified?
We can modify this Privacy Policy from time to time. For instance, we may amend this Privacy Policy to reflect new functionalities in our services. See the latest update above. We will notify you either within the Aifred Health App or by email of material or adverse changes.