CLINEXA PRIVACY POLICY

1. SCOPE AND APPLICATION

This Privacy Policy applies to:

• Healthcare Providers ("Subscribers"): Organizations and practitioners who subscribe to Clinexa
• Patients: Individuals whose information is collected through Subscriber forms
• Website Visitors: Individuals who visit clinexa.co

2. OUR ROLE IN DATA PROCESSING

Clinexa operates as a technology service provider to healthcare organizations:

• We provide the platform infrastructure
• Subscribers act as data controllers who determine what information to collect and how to use it
• We process data only on Subscribers' instructions
• We do not make decisions about patient data collection or use

3. INFORMATION WE COLLECT

3.1 From Subscribers

• Account registration information (name, email, organization details)
• Billing contact information (we do not process payments directly)
• Form configurations and templates created by Subscribers
• Usage data for platform administration

3.2 From Patients

We collect only what Subscribers configure:

• Information submitted through intake forms as determined by your healthcare provider
• We do not independently collect patient information
• We do not use cookies or tracking technologies on patient-facing forms

3.3 We Do NOT Collect

• Payment card information
• Cookies or tracking data from patients
• Information for AI training purposes
• Data for advertising or marketing to patients

4. HOW INFORMATION IS USED

4.1 Platform Operation

• Provide intake form functionality
• Process form submissions as directed by Subscribers
• Send communications via Azure Communication Services (only as instructed by Subscribers)
• Maintain platform security and performance

4.2 AI Services

• AI features process data solely for individual patient care
• No patient data is used to train AI models
• Subscribers create and control all AI algorithms, formulas, and logic
• Subscribers are solely responsible for AI-generated content and decisions

4.3 What We DON'T Do

• Make automated decisions about patients
• Use patient data for our own purposes
• Share patient data with third parties (except as directed by Subscribers)
• Aggregate or analyze patient data across Subscribers

5. DATA STORAGE AND SECURITY

5.1 Location

• All data is stored in Canadian data centers
• Microsoft Azure Canada (primary infrastructure)
• AWS Canada S3 (backup and storage)
• No data leaves Canada unless specifically requested by Subscribers

5.2 Security Measures

• Encryption at rest and in transit
• Azure platform security standards
• Access controls and authentication
• Regular security assessments
• Compliance with PIPEDA and PHIPPA requirements

6. DATA RETENTION

• Retention periods comply with PIPEDA and PHIPPA requirements
• Subscribers control retention policies for patient data
• Upon account termination, Subscribers have 60 days to export data
• We delete data 90 days after account termination unless legally required to retain

7. THIRD-PARTY SERVICES

We use limited third-party services:

• Microsoft Azure: Infrastructure and data storage
• AWS Canada: Backup storage
• Azure Communication Services: Email and SMS delivery (only as directed by Subscribers)

These services operate under strict data processing agreements and Canadian data residency requirements.

8. PATIENT RIGHTS

8.1 Your Rights

Under PIPEDA and PHIPPA, patients have rights to:

• Access their personal health information
• Request corrections to their information
• Understand how their information is used
• Withdraw consent (subject to legal requirements)

8.2 Exercising Your Rights

• Contact your healthcare provider directly for all patient data requests
• Providers control access to and management of patient information
• Providers may override patient requests where permitted by law
• We support Subscribers in fulfilling patient requests but cannot act independently

9. DATA PORTABILITY

• Clinexa does not offer direct data portability features to patients
• Subscribers are responsible for providing data in portable formats if required
• Export functionality is available to Subscribers for their data management needs

10. MINORS

• Age restrictions and parental consent requirements are determined by Subscribers
• Subscribers are responsible for obtaining appropriate consents for minors
• We do not independently verify ages or parental consent
• Subscribers must comply with applicable laws regarding minor's information

11. INTERNATIONAL OPERATIONS

11.1 Canadian Operations

• Clinexa currently operates exclusively in Canada
• All data remains in Canadian jurisdiction
• We comply with federal and provincial privacy laws

11.2 Future US Operations

• US expansion will be through licensing model
• US licensees will be responsible for HIPAA compliance
• We will provide Business Associate Agreements (BAA) where required
• Azure BAA documentation will be available for US licensees

12. SUBSCRIBER RESPONSIBILITIES

Healthcare providers using Clinexa are responsible for:

• Obtaining patient consents
• Determining what information to collect
• Managing patient access requests
• Ensuring compliance with applicable health privacy laws
• Configuring age restrictions and consent requirements
• All clinical decisions and AI-generated content use

13. WHITE-LABEL AND EMBEDDING

• Subscribers may white-label Clinexa tools
• Embedding and redirection permitted per subscription terms
• Subscribers remain responsible for privacy compliance on their websites
• Patient consent must cover use of Clinexa as service provider

14. INCIDENT RESPONSE

In the event of a privacy incident:

• We will notify affected Subscribers within 72 hours
• Subscribers are responsible for patient notifications
• We will cooperate with investigations and remediation
• Incident reports will be provided as required by law

15. NO SALE OF INFORMATION

We do not:

• Sell personal or health information
• Use patient data for marketing
• Share data with advertisers
• Monetize patient information in any way

16. CHANGES TO THIS POLICY

• We may update this Privacy Policy with 30 days notice
• Material changes will be communicated to Subscribers
• Continued use after changes constitutes acceptance
• Previous versions available upon request

17. CONTACT INFORMATION

For Subscribers and General Inquiries:

741512 NB Inc. d/b/a Clinexa

Saint John, New Brunswick, Canada

Email: kaival@neopric.com

Website: https://clinexa.co

For Patients:

Please contact your healthcare provider directly for all privacy-related inquiries about your health information.

18. COMPLAINTS

If you have privacy concerns:

• First, contact your healthcare provider (for patients)
• Contact us at privacy@clinexa.co (for platform issues)
• You may file a complaint with the Privacy Commissioner of Canada
• Provincial privacy commissioners also accept health information complaints

19. LEGAL BASIS FOR PROCESSING

We process information based on:

• Contractual necessity (providing services to Subscribers)
• Legal obligations (compliance with PIPEDA, PHIPPA)
• Legitimate interests (platform security and improvement)
• Consent (as obtained by Subscribers from patients)

20. ACCESSIBILITY

This Privacy Policy is designed to be accessible. For alternative formats or assistance, contact privacy@clinexa.co.