HEALTHX CANADA INC.
PRIVACY POLICY
Effective Date: February 17th, 2026
HealthX Canada Inc. (“HealthX”, “we”, “us”, or “our”) is committed to protecting personal information and maintaining strong privacy and security standards.
This Privacy Policy describes how we collect, use, disclose, safeguard, retain, and process personal information when you use our website, services, and platform (collectively, the “Platform”).
1. Applicable Privacy Laws
HealthX operates in accordance with:
-
Personal Information Protection and Electronic Documents Act (PIPEDA)
-
Applicable provincial privacy laws including Ontario PHIPA where applicable
-
Canadian anti-spam legislation where applicable
2. Our Role
HealthX is a marketing, referral, and patient engagement platform connecting individuals with independent dental providers.
HealthX:
-
Is not a healthcare provider
-
Does not provide clinical services
-
Does not maintain clinical patient records
-
Does not store dental charts or diagnostic imaging
HealthX is not a Health Information Custodian.
Dental providers maintain clinical records and are responsible for healthcare privacy compliance.
3. Privacy Governance and Accountability
HealthX maintains privacy governance including:
-
Internal privacy policies
-
Staff training
-
Access control systems
-
Vendor risk assessments
-
Incident response procedures
4. Categories of Personal Information Collected
| Category | Examples |
|---|---|
| Identity | Name, email, phone |
| Service | Booking requests, referral eligibility |
| Verification | Proof of visit documentation (non-clinical) |
| Technical | IP address, device data, website interaction |
5. Information We Do Not Intentionally Collect
HealthX does not request or require:
-
Clinical treatment notes
-
X-rays or imaging
-
Diagnostic findings
-
Treatment plans
-
Insurance clinical breakdowns
If submitted, we take reasonable steps to delete it.
6. Purposes for Collection and Use
We use personal information to:
-
Provide referral services
-
Verify promotional eligibility
-
Prevent fraud
-
Communicate with users
-
Improve services
-
Meet legal obligations
7. Manual Verification Review
Verification submissions may be manually reviewed by authorized staff.
Safeguards include:
-
Role-based access
-
Privacy training
-
Minimal data review principles
8. Third-Party Service Providers
We use service providers including:
| Vendor Type | Example |
|---|---|
| Form Processing | Jotform |
| Analytics | Website analytics providers |
| Advertising | Meta advertising tools |
Providers must maintain confidentiality and security.
9. Cross-Border Data Processing
Some vendors may process data outside Canada.
We require contractual safeguards where applicable.
10. Advertising and Tracking Technologies
HealthX may use advertising and analytics tools.
HealthX does not share:
-
Clinical information
-
Treatment details
-
Diagnostic data
-
Appointment reasons
11. Cookies and Similar Technologies
We use cookies for:
-
Site functionality
-
Analytics
-
Marketing performance measurement
Users can control cookies via browser settings.
12. Data Minimization
HealthX limits collection to information necessary to operate services.
We do not operate as a clinical record repository.
13. Data Retention Schedule
| Data Type | Typical Retention |
|---|---|
| Account Data | While account active + legal period |
| Verification Uploads | Until verification complete + reasonable fraud window |
| Technical Logs | Short-term security and performance monitoring |
14. Security Safeguards
We use:
-
Access controls
-
Secure data storage
-
Staff training
-
Vendor security review
No system is completely secure.
15. Breach Response
If a breach occurs, we will:
-
Investigate promptly
-
Contain risks
-
Notify individuals and regulators if required
16. Disclosure of Personal Information
We may disclose information to:
-
Dental providers (referral coordination)
-
Third-party processors
-
Legal authorities if required
We do not sell personal information.
17. Data Subject Rights
You may request:
-
Access to personal information
-
Correction of inaccurate data
-
Deletion where permitted
Requests can be sent to our contact email.
18. Data Subject Request Process
Requests may require identity verification.
We respond within legally required timeframes.
19. Children’s Privacy
Services are not intended for children without parental or guardian consent.
20. Third-Party Links
We are not responsible for third-party privacy practices.
21. Policy Updates
We may update this policy periodically.
22. Privacy Officer and Contact for Privacy Matters
HealthX has designated a Privacy Officer responsible for overseeing privacy compliance, security governance, and personal information handling practices.
The Privacy Officer is responsible for:
• Monitoring compliance with applicable privacy laws
• Managing privacy complaints and requests
• Overseeing breach response and reporting
• Reviewing vendor privacy safeguards
• Maintaining internal privacy policies and procedures
Privacy Officer Contact:
Email: [PRIVACY EMAIL OR SAME AS SUPPORT]
Mailing Address: [INSERT ADDRESS]
23. Privacy Impact and Risk Assessment Practices
HealthX maintains privacy risk management practices including periodic reviews of:
• Data collection practices
• Vendor data processing risks
• New technology deployments
• Advertising and analytics configurations
• Security safeguards
HealthX may conduct internal or external privacy and security assessments when introducing new services or technologies that may affect personal information.
24. Data Protection and Security Framework
HealthX maintains administrative, technical, and organizational safeguards aligned with generally accepted industry security practices.
Security practices may include:
• Access control and authentication management
• Vendor security screening and contractual privacy obligations
• Staff privacy and security training
• Logging and monitoring for suspicious activity
• Incident response procedures
25. Subprocessors and Third-Party Service Providers
HealthX may engage third-party service providers (“Subprocessors”) to support Platform functionality.
Typical Categories of Subprocessors
| Category | Purpose |
|---|---|
| Form Processing | Secure form submission and storage |
| Cloud Infrastructure | Data hosting and storage |
| Analytics Providers | Website performance monitoring |
| Advertising Platforms | Marketing performance measurement |
| Communication Tools | Email and notification delivery |
HealthX requires subprocessors to maintain reasonable privacy and security safeguards and contractual confidentiality obligations.
26. International and Cross-Border Data Transfers
Personal information may be processed or stored in jurisdictions outside Canada by third-party service providers.
Where this occurs, HealthX requires vendors to implement appropriate security and confidentiality safeguards consistent with applicable privacy laws.
27. Detailed Cookie and Tracking Disclosure
HealthX may use cookies and similar technologies including:
| Cookie Type | Purpose | Example Use |
|---|---|---|
| Essential Cookies | Platform functionality | Session security |
| Performance Cookies | Site analytics | Usage measurement |
| Advertising Cookies | Marketing performance | Ad campaign measurement |
HealthX configures tracking technologies to avoid collecting clinical or treatment-specific information.
Users can control cookies via browser settings.
28. Advertising Platform Data Separation Safeguards
HealthX implements safeguards to prevent transmission of sensitive health-related information to advertising and analytics providers.
Advertising and analytics tools are configured to collect general website usage data only.
HealthX does not intentionally share:
• Clinical treatment information
• Diagnostic findings
• Appointment reasons
• Medical record data
29. Privacy Complaint Handling Process
If you have concerns about privacy practices, you may contact HealthX’s Privacy Officer.
HealthX will:
• Investigate complaints promptly
• Respond within reasonable timelines
• Take corrective action where required
Users may also contact applicable privacy regulators if concerns remain unresolved.
30. Data Subject Request and Identity Verification
HealthX may require identity verification before fulfilling access, correction, or deletion requests.
Requests will be processed within timeframes required by applicable privacy laws.
31. Privacy Policy Review and Updates
HealthX reviews privacy practices periodically and updates policies as required to reflect:
• Regulatory changes
• Technology changes
• Service updates
• Risk assessment findings
32. Contact Information
HEALTHX CANADA INC.
Email: INFO@HEALTHXCANADA.COM
Address: TORONTO, ON CANADA
