AppMed® APPLICATION PRIVACY POLICY

Last updated June 16th, 2025

APPMED® APPLICATION PRIVACY NOTICE

AppMed Inc. (“AppMed,” “we,” “our,” or “us”) operates a cloud‑based platform that delivers model‑informed precision dosing, remote therapeutic drug monitoring, physiological data capture from connected devices, validated digital questionnaires, and secure communication tools for patients, caregivers, and healthcare professionals (collectively, the “Services”). Because these Services involve highly sensitive health information, this Notice explains what data we collect, why we collect it, how we use it, and what rights you have.

Contact us: info@appmed.ca | 2025 rue Michelin, Laval (QC) H7L 5B7, Canada

At-a-Glance

  
What we collect• Identifiers (name, e-mail, Date of Birth)
• Health & device data (lab values, vitals, dosing history)
• Technical data (IP, device type)
Why• Deliver our precision-dosing & monitoring services
• Meet legal & safety duties
• Improve product security & performance
With whom• Healthcare-team members you authorize
• Canadian hosting & messaging providers under strict contracts
• Regulators or courts when required by law
Your main controls• Accept / refuse non-essential cookies
• View, correct, download, or delete your data
• Withdraw consent at any time
• Ask us to stop disseminating or de-index data online (Quebec Law 25)

We recommend that you print a copy of this notice for your records.

Table of Contents

  1. Scope of this Notice
  2. Key Definitions
  3. Information We Collect
  4. Legal Bases & Consent
  5. Accuracy & Data Quality
  6. How We Use Personal Information
  7. Sharing & Disclosure
  8. Transfers Outside an Individual’s Province of Residence
  9. Cookies & Similar Technologies
  10. Retention of Information
  11. Security Measures
  12. Your Rights and How to Exercise Them
  13. Automated Decision‑Making & Clinical Recommendations
  14. Minors
  15. Sub‑Processor Register
  16. Privacy Impact Assessments (PIAs)
  17. Breach Notification
  18. Changes to this Notice
  19. Contact Information

1. Scope of this Notice

This Notice applies when you:

  • use AppMed’s patient, healthcare-professional, collaborator, or admin portals;
  • interact via AppMed firmware, APIs, or mobile apps; or
  • communicate with us by e-mail, support ticket, or events.

When we act as an “organization” under PIPEDA or an “enterprise” under Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25), these practices govern. Where a separate contract (e.g., Data-Processing Addendum, Business Associate Agreement) exists, that contract prevails.

2. Key Definitions

Personal Information: Information about an identifiable individual.

Sensitive Personal Information: Health data, biometric identifiers, precise geolocation, or any data classified “special category” by law.

Processing: Any operation of personal information (collection, use, storage, disclosure, deletion, etc.).

Sub-Processor: A third party that processes personal information for AppMed.

3. Information We Collect

We collect only the information necessary for the purposes described in this Notice:

  • Direct identifiers: name, address, email, phone number, date of birth, login credentials.
  • Health & device data: prescriptions, life events, files that you uploaded to be shared with your healthcare professional, lab results, dosing-adherence timestamps, physiological signals from connected devices, answers & scores from validated questionnaires.
  • Technical data: IP address, device & browser type, API telemetry, access logs.
  • Cookies / preference data: essential session tokens; optional analytics cookies (no cross-site tracking).

We do not buy data from brokers, nor do we use ad-tech trackers.

4. Legal Bases & Consent

We process data under one or more of the following grounds:

  • Express or implied consent (PIPEDA §4.3; Law 25 s 14).
  • Performance of a service contract with you or your healthcare institution.
  • Legal obligations (e.g., record-keeping, medical-device regulations, public-health reporting).
  • Legitimate interests that are balanced against your rights (e.g., security, fraud prevention).
  • Provincial health-privacy statutes—when acting as an “agent” or “information manager” under laws such as Ontario’s PHIPA, Alberta’s HIA, or BC’s FIPPA/HIPA, we comply with those additional requirements.

You may withdraw consent at any time (see Section 12).

5. Accuracy & Data Quality

We keep personal information as accurate, complete, and up to date as necessary to fulfil the purposes stated here. You may request corrections (Section 12).

6. How We Use Personal Information

  • Operate and improve the AppMed platform.
  • Generate precision-dosing simulations, graphical aggregated physiological data, therapeutic drug monitoring (biomarkers), scores from digital questionnaires, and adherence dashboards.
  • Provide customer support and training.
  • Conduct security monitoring, fraud detection, and product analytics (in de-identified or aggregated form for research / benchmarking).
  • Meet legal, regulatory, and audit requirements.

Any new purpose not compatible with the above will require fresh consent.

7. Sharing & Disclosure

We never sell or rent personal information. Disclosures occur only:

  • to authorized healthcare professionals in your care team;
  • to sub-processors listed in Section 15, bound by written contracts with equal or stronger safeguards;
  • to regulators, courts, or law-enforcement when we are legally compelled;
  • during a business transaction (merger, acquisition), provided the recipient continues to honor this Notice.

8. Transfers Outside an Individual’s Province of Residence

Before any inter-provincial or international transfer, we:

  • Conduct a Privacy Impact Assessment evaluating legal regime, security, and contractual safeguards.
  • Sign data-transfer agreements (e.g., Standard Contractual Clauses or equivalent) that:
    • restrict use to defined purposes;
    • impose security controls at least equivalent to ours;
    • require prompt breach or lawful-access notification.
  • Offer transparency on request about where data is stored or accessed.
  • Perform ongoing oversight (audits or attestations) of each recipient.

Data stored elsewhere may be subject to the open-court or lawful-access rules of that jurisdiction.

9. Cookies & Similar Technologies

Essential cookies support login and session continuity. Optional internal analytics cookies help us improve performance without cross-site tracking. Browser settings let you refuse non-essential cookies.

10. Retention of Information

CategoryDefault retentionRationale
Clinical records10 years after last clinical encounter (or longer if provincial law requires)Professional & medico-legal obligations
Access / audit logs7 yearsISO 27001 & SOC 2 evidence
De-identified / aggregated dataIndefiniteResearch & product safety analytics

11. Security Measures

AppMed® takes the protection of your personal and health information seriously. We implement a combination of technical, administrative, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Data encryption in transit and at rest
  • Role-based access controls and authentication
  • Secure cloud infrastructure with redundancy and monitoring
  • Regular security audits, vulnerability assessments, and patch management

While no system can be guaranteed 100% secure, we continuously assess and improve our practices in accordance with industry standards and applicable laws, including PIPEDA and Québec’s Law 25.

12. Your Rights and How to Exercise Them

RightHow to exerciseResponse time
Access, correction, portability, deletion, consent withdrawal/Email: info@appmed.ca30 days
Cessation of dissemination / de-indexing (Quebec art. 28.1)Email: info@appmed.ca30 days
File a complaint1) Contact our Privacy Officer (below);
2) If unresolved, contact Office of the Privacy Commissioner of Canada (opcc-cipc.gc.ca; 1-800-282-1376) or, in Quebec, the Commission d’accès à l’information (cai.gouv.qc.ca)		n/a

We may need to verify your identity before actioning on your request.

13. Automated Decision‑Making & Clinical Recommendations

AppMed’s algorithms generate decision-support suggestions only. A licensed healthcare professional must review all outputs before any clinical action is taken. No automated decision is made that produces legal or similarly significant effects without human oversight.

14. Minors

Pediatric use is permitted solely through a clinician-managed account with documented consent from a parent or legal guardian, in accordance with applicable provincial requirements.

15. Sub‑Processor Register

The up‑to‑date list of sub‑processors, their role, location, and contractual safeguards is available upon request at info@appmed.ca

16. Privacy Impact Assessments (PIAs)

We conduct a PIA for any new feature that processes sensitive health data or introduces significant profiling. Summaries can be provided to regulators or enterprise customers under the NDA.

17. Breach Notification

If an incident creates a real risk of significant harm, we will notify affected individuals and the appropriate privacy commissioner(s) as soon as feasible (Law 25) and, in any event, in accordance with PIPEDA and applicable provincial statutes.

18. Changes to this Notice

We may revise this Notice to stay compliant with evolving laws or practices. Material changes will be announced in the portal and, where appropriate, by e-mail 30 days before they take effect.

19. Contact Information

Martin Noël, CEO
AppMed Inc.
2025 Michelin Street, Laval QC H7L 5B7 Canada
Email: martin.noel@appmed.ca | Tel: +1 514-758-2884

If unresolved, you may also contact:

  • Office of the Privacy Commissioner of Canada – opcc-cipc.gc.ca | 1-800-282-1376
  • Commission d’accès à l’information du Québec – cai.gouv.qc.ca | 1-888-528-7741