As a mission driven social enterprise, we put patients and caregivers at the center of everything we do, including privacy and how we use your data. While our privacy policy details everything, we recognize that most people won't read it.  So in summary, we only use your data to run our platform.  We will never disclose your personally identifiable information without your consent (this would normally only be done if Zamplo is being used by a clinician or researcher). We will also not sell your data for marketing purposes.

onboarding_2_phonesafe

All of the data on the Zamplo Platform is stored with Amazon Web Services in Montreal, Quebec, Canada.

 

We allow clinicians, researchers and other healthcare organizations to use our platform on a fee for service basis.  For such services and projects, each user must provide their informed consent to be part of the service or project and for their data to be used. Consent can be withdrawn at any time at the user's discretion.

 

Zamplo does not use user data to train artificial intelligence models without the explicit consent of users.  Zamplo does use machine learning and artificial intelligence to deliver some of its services, and when inference data is requested (i.e. the data needed to run the model) users will be notified in advance and can provide the requested data at their discretion.  The privacy and security of inference data is handled at the same level as all health data stored on our platform.

 

Privacy Policy

1. What is this Privacy Policy for?

We are Zamplo Inc. (“Zamplo”, “we”, “us”, “our”), a Canadian registered company. This privacy policy is for the personal information collected through the Zamplo website zamplo.org (“Website”), the Zamplo app (“App”) or other Zamplo accounts, and the services offered through them (“Services”) This privacy policy sets out how Zamplo uses the personal information of Users who choose to access and use the Website, App or other accounts and Services (“Users”). “Personal Information” or “personal data” includes any personal information that identifies or could identify, or is associated with information that identifies or could identify, an individual. It does not include data which cannot be related to an identifiable person (anonymous data).

3. The Information We Collect About Users 

We may collect, use, store and transfer different kinds of personal data about Users which we have grouped together as follows:

  • Identity Data includes first name, last name, or similar identifier.
  • Contact Data includes email address and telephone numbers.
  • Health Data includes information relating to the care, diagnosis, and treatment of your health.
  • Profile Data includes Users’ profile data saved through the Services.
  • Location data includes data about your geographic location while you use the App or Services.
  • Technical Data includes internet protocol (IP) address, browser type and version, operating system and platform, device identifiers and pseudonymous unique identifiers.
  • Usage Data includes data about how Users use our Services, such as browsing actions within the App and Services, the button and controls Users click on, pages of our Website that Users visit, the time spent on those pages, User’s search queries, the dates and times of User’s visits, and workplace usage.

We also collect, use and share Non-personalized data called “Service Data”, such as statistical or demographic data for any purpose. Service Data may be derived from User’s Personal Information but is not considered personal information in law as this information does not directly or indirectly reveal User’s identity. For example, we may aggregate User’s Usage Data to calculate the percentage of Users accessing a specific Website feature.

Other than health information (which may include ethnicity), we do not collect any Special Categories of Personal Data about Users (this includes details about User’s religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about User’s health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4. How Is User’s Personal Information Collected 

We use different methods to collect data from and about Users including through:

  • Direct interactions. Users may give us User’s Identity, Contact, Health and Profile Data by registering for or using the Services and completing fields within the Services.
  • Automated technologies or interactions. As Users interact with our Services, we may automatically collect Technical and Usage Data about User’s equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
  • Third parties or publicly available sources. We may receive Personal Information about Users from various third parties and public sources as set out below.
  • Technical Data from the third parties such as the following:
    1. analytics providers such as Google Analytics;
    2. search information providers such as Google.

5. Purposes for Which We Will Use User’s Personal Information

We have set out below, in a table format, a description of all the ways we plan to use Users’ Personal Information.

Purpose/Activity  Type of Data
To deliver the Services to Users (including by recognizing Users across the devices they use, and providing, maintaining, tailoring and improving Website and Services)

a) Identity

b) Contact

c) Health

d) Profile

e) Usage

f) Technical

g) Location

To register Users accounts on the Services

a) Identity

b) Contact

To manage our relationship with Users which will include notifying Users about changes to our Terms of Use or Privacy Policy

a) Identity 

b) Contact

To administer and protect our business and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

a) Identity 

b) Contact

c) Technical

d) Location

To use data analytics to improve our Services, customer relationships and experiences and to personalize our Services

a) Technical

b) Usage

To make suggestions and recommendations to Users about Services that may be of interest to Users and to provide Users with information, products or services they request

a) Identity

b) Contact

c) Technical

d) Usage

e) Profile

To improve our Services including:

a) tracking email open rates and web page visits

b) To inform Zamplo as to what content is effective

c) To provide follower updates

d) To personalize Zamplo Services

a) Identity

b) Contact

c) Health

d) Profile

e) Usage

f) Technical

g) Location

 

6. Disclosures 

We may disclose Personal Information that we collect, or Users provide as described in this Privacy Policy:

    • To third parties where you ask us to do so through the Services, or by allowing such third parties to access your account.
    • To our subsidiaries and affiliates where they are providing Services.
    • To contractors, service providers, and other third parties we use to support our business solely for the purpose of them providing services to us.
    • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Zamplo assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Zamplo about our Website, App, and/or Users are among the assets transferred.
    • To fulfill the purpose for which Users provide it.
    • For any other purpose expressly disclosed by us when Users provide the information.
    • With User’s express consent to other uses not indicated in this Privacy Policy.

We may also disclose User’s Personal Information:

    • To comply with any court order, law or legal process, including to respond to any government or regulatory request.
    • To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes.
    • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Zamplo, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

7. Access 

Upon request, Zamplo will provide Users with information about whether we hold any of User’s Personal Information. Zamplo enables Users with the ability to access and correct Personal Information we have collected. If Users have any concerns or suspect unauthorized activities associated with User’s account, please contact us at privacy@zamplo.org . We will respond to User’s request within a reasonable timeframe, and in any event within 30 days of receipt of request.

Zamplo acknowledges that Users have the right to access, update, revoke permission to process, or request the deletion of User’s Personal Information. Any such query can be directed to Zamplo’s Chief Privacy Officer at privacy@zamplo.org or at the address set out below. If requested to remove data under either scenario, we will respond within a reasonable timeframe.

8. Security and Enforcement 

The security of User’s Personal Information is important to us. We use security safeguards appropriate to the sensitivity of the information to ensure that User’s Personal Information is stored and maintained in a secure environment. Zamplo exercises managerial and technical safeguards designed to protect against the loss or unauthorized use or disclosure of Personal Information belonging to our Users. These safeguards include encryption, malware protection, logical and physical access controls, and detection of social engineering attacks.

Zamplo monitors and reviews security safeguards and takes corrective action whenever we discover deviations from our Privacy Policy. In the event of a breach of security safeguards involving Personal Information that creates a real risk of significant harm to a User, Zamplo will notify affected Users, and where required by applicable law (including PIPEDA and Alberta’s Personal Information Protection Act (PIPA)), report the breach to the relevant regulatory authority as soon as feasible. Zamplo maintains a record of all breaches of security safeguards in accordance with applicable legal requirements.

 9. Retention of Data

Zamplo will keep User’s Personal Information for as long as it remains necessary for the identified purposes set out below or as required by law, which may extend beyond the termination of our relationship with User. Users acknowledge and agree that if User requests that User’s name be removed from our databases, it may not be possible to completely delete all User’s Personal Information due to legal constraints. Upon deletion of an account, Zamplo will delete or anonymize User’s Personal Information within 90 days, except where retention is required by law or for the resolution of disputes.

 

Data type

Retention period Reason
Identity, Health, Contact and Profile data Subscription term To provide the Services to you during the subscription term

 

10. Managing the Online Collection of Additional Data 

As Users navigate through and interact with our Website, App and Services, we may use automatic data collection technologies to collect certain information about User’s equipment, browsing actions and patterns, location, and workplace usage patterns, including:

    • Details of User’s visits to our Website, App or Services, and other communication data and the resources that Users access and use on the Website, App or Services.
    • Information about User’s computer and Internet connection, including User’s IP address, operating system, and browser type.
    • We also may use these technologies to collect information about User’s online activities over time and across third-party websites or other online services (behavioral tracking).
    • When Users access and use the Website, App or Services, we may automatically collect certain details of User’s access to and use of the Website, App or Services, including traffic data, location data, and other communication data and the resources that Users access and use on or through the Website, App or Services.
    • We may collect information about User’s mobile device and Internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information and the device’s telephone number.
    • Our Website and App collects real-time information about the location of User’s device.

We and our third-party service providers may collect information about Users in a variety of ways. We and/or our third-party partners may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on our Services by informing us what content is effective.

11. Use of Cookies 

The Website uses cookies to better the User’s experience while visiting the Website. Where applicable the Website uses a cookie control system allowing the User on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from Users before leaving behind or reading files such as cookies on a User's computer / device.

Cookies are small files saved to the User's computer’s hard drive that track, save and store information about the User's interactions and usage of the Website. This allows the Website, through its server, to provide the Users with a tailored experience within the Website.

Users are advised that if they wish to deny the use and saving of cookies from the Website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from the Website and its external serving vendors.

The Website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to Users computer’s hard drive in order to track and monitor engagement and usage of the Website, but will not store, save or collect Personal Information.

Other cookies may be stored to your computer’s hard drive by external vendors when the Website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No Personal Information is stored, saved or collected.

12. Payment Processing 

When you use the Services, we may ask you to pay for the use of the Services. Your payment is processed by Stripe. You can find out more about how they secure your sensitive information here: https://stripe.com/ca/payments.

Zamplo does not store or have access to your financial information such as credit card numbers or bank numbers.

Zamplo may also use PayPal, Apple Pay or Android Pay if available. You can find out more about how they secure your sensitive information from these providers directly.

13. Links

The Zamplo App may contain third party links.

We may link to third party websites from within the App such as websites related to specific medical conditions.

We take no responsibility for any external links or the websites or content to which they may direct Users. Users should click on external links at their own risk. We cannot be held liable for any damages or implications caused by visiting any external links mentioned.

14. Transfers and Disclosures of Data 

Zamplo's headquarters in Canada is our primary location for business operations but may process or transfer data in or to other jurisdictions in the course of providing the Services.

For example, regarding normal business operations, Zamplo may engage a third-party to support our data storage, data processing, billing, support services, information technology, or mailings on our behalf, which third party’s facilities may be located in another jurisdiction. When Personal Information (including Health Data) is transferred to a jurisdiction outside Canada, Zamplo will use contractual or other means to provide a comparable level of protection to that afforded under applicable Canadian privacy law, including Alberta’s Personal Information Protection Act (PIPA). Users who are located in the United States should be aware that their Personal Information may be subject to U.S. law, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable. Zamplo requires all third-party processors and sub-processors to enter into data processing agreements that impose obligations equivalent to those applicable to Zamplo under this Privacy Policy.

We may also disclose User’s Personal Information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect User’s safety, or the safety of others, investigate fraud, or respond to a government request.

15. Additional Privacy Protections for Minors 

We join the industry in recognizing that children, including young teens, may not be able to make informed choices about Personal Information requested online. Zamplo does not solicit or knowingly collect Personal Information of those under the age of sixteen (16) unless it has obtained the consent of their parents or legal guardians.

16. Use of Artificial Intelligence and Machine Learning

Zamplo uses artificial intelligence (“AI”) and machine learning (“ML”) technologies to provide certain features of the Services, including predictive analytics and personalized care recommendations. Zamplo will clearly identify any data that is being requested to be used as inference data for AI/ML models, and the outputs of these AI/ML models are intended to support, and not replace, the judgment of qualified healthcare professionals. Zamplo does not use User’s identifiable Personal Information or Health Data to train general AI/ML models that benefit other users or third parties without obtaining explicit consent. Users have the right to request information about how automated decision-making processes may affect them and may request human review of any recommendation generated by our AI/ML systems by contacting us at privacy@zamplo.org.

17. Changes to this Privacy Policy 

Zamplo may make changes to this Privacy Policy from time to time for any reason. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any material changes or changes in the way we use information, we will notify customers via e-mail or by posting an announcement on the Website and App prior to the change becoming effective. Website and App Users are bound by any changes to the Privacy Policy after such changes have been posted. 

In the event that Zamplo is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any Personal Information and give affected Users notice before Personal Information is transferred or becomes subject to a different privacy policy. Users will be notified via email and/or a prominent notice on our Website or App of any change in ownership or uses of User’s information, as well as any choices Users may have regarding User’s information. 

 16. Contact information

Zamplo Chief Privacy Officer

Suite 610, 110 18A Street NW

Calgary, Alberta

T2N 5G5

Updated: 28 June 2026