Privacy policy

[v1 placeholder. pending legal review by gojiCare counsel] This policy applies to all personal information collected by gojiCare through the website, the intake questionnaire, the patient portal, customer-support channels, and any other interaction with our service.

[v1 placeholder. pending legal review by gojiCare counsel] We follow the ten fair-information principles set out in PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

[v1 placeholder. pending legal review by gojiCare counsel] Where provincial legislation applies. including PHIPA in Ontario, HIA in Alberta, PHIA in Nova Scotia and Manitoba, the Act respecting the protection of personal information in the private sector in Quebec, and others. we apply the standard most protective of you.

[v1 placeholder. pending legal review by gojiCare counsel] When you create an account we collect your name, email address, phone number, postal code, date of birth, and a hashed password.

[v1 placeholder. pending legal review by gojiCare counsel] During intake we collect health-history information, current medications, allergies, presenting concerns, lifestyle factors, and any photos or test results you submit. This is sensitive personal health information and receives the highest level of protection.

[v1 placeholder. pending legal review by gojiCare counsel] We collect device, browser, and approximate-location information automatically through cookies and server logs. See section 8 for cookie details.

[v1 placeholder. pending legal review by gojiCare counsel] The licensed Canadian provider reviewing your intake uses your health information to assess eligibility, prescribe (or decline to prescribe), and adjust your treatment plan. The dispensing pharmacy uses the prescription to fill and ship your medication.

[v1 placeholder. pending legal review by gojiCare counsel] We use account information to authenticate you, process payments, fulfill shipments, send shipment notifications, and provide customer support.

[v1 placeholder. pending legal review by gojiCare counsel] We use de-identified usage data to understand how the service is used and to improve it. We do not use your identifiable health information for product analytics or marketing.

[v1 placeholder. pending legal review by gojiCare counsel] We share your health information with the specific Canadian-licensed providers and pharmacy involved in your care. Each clinician and pharmacy is bound by their provincial regulator's privacy obligations.

[v1 placeholder. pending legal review by gojiCare counsel] We use vetted Canadian service providers for hosting, payment processing, secure messaging, and shipping. Each is contractually bound to use your information only as needed to deliver the service to you and to apply equivalent safeguards.

[v1 placeholder. pending legal review by gojiCare counsel] We may disclose information when required by Canadian law. for example, to respond to a valid court order or regulatory request. We will challenge over-broad requests and notify you where the law permits.

[v1 placeholder. pending legal review by gojiCare counsel] We do not sell, rent, or trade your personal or health information to advertisers, data brokers, or any third party for their own marketing or profiling purposes.

[v1 placeholder. pending legal review by gojiCare counsel] Clinical records are retained for the period required by the regulator of the prescribing province (typically ten years from the most recent encounter, or longer for minors). This period applies regardless of whether your account is active.

[v1 placeholder. pending legal review by gojiCare counsel] Account profile data is retained while your account is active and for a limited period thereafter so we can respond to inquiries, comply with tax and audit obligations, and resolve disputes.

[v1 placeholder. pending legal review by gojiCare counsel] You can request deletion of non-clinical account data at any time (see section 7). Clinical records subject to a regulator-mandated retention period cannot be deleted before that period expires.

[v1 placeholder. pending legal review by gojiCare counsel] Personal and health information is encrypted in transit (TLS 1.2+) and at rest. Database backups are encrypted with separate keys.

[v1 placeholder. pending legal review by gojiCare counsel] Access to identifiable health information is limited to the clinical and operational staff who need it to deliver your care. Access is logged and audited.

[v1 placeholder. pending legal review by gojiCare counsel] Personal health information is stored in Canadian data centres operated by Canadian-jurisdiction providers. Cross-border processing, where it occurs at all, is limited to non-health metadata required for service operation and is disclosed in advance.

[v1 placeholder. pending legal review by gojiCare counsel] If a privacy breach occurs that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada (and the relevant provincial regulator) without undue delay, as required by law.

[v1 placeholder. pending legal review by gojiCare counsel] You have the right to access the personal information we hold about you. Submit a request to privacy@gojicare.ca and we will respond within thirty (30) days.

[v1 placeholder. pending legal review by gojiCare counsel] You may ask us to correct inaccurate or incomplete personal information. Some clinical records can only be amended with an addendum rather than a deletion, in line with regulator requirements.

[v1 placeholder. pending legal review by gojiCare counsel] You can withdraw consent to most uses of your information at any time, subject to legal or contractual restrictions. Withdrawing consent for clinical processing will end your access to ongoing clinical care through gojiCare.

[v1 placeholder. pending legal review by gojiCare counsel] If you believe we have not handled your information properly, contact privacy@gojicare.ca first so we can investigate. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada or your provincial commissioner.

[v1 placeholder. pending legal review by gojiCare counsel] Some cookies are required for the site to function. for example, to keep you logged in to the patient portal or to remember your consent choices. These cannot be disabled without breaking the service.

[v1 placeholder. pending legal review by gojiCare counsel] We use a privacy-preserving analytics tool to understand aggregate site usage. The analytics provider does not receive identifiable health information and does not track you across other websites.

[v1 placeholder. pending legal review by gojiCare counsel] You can manage non-essential cookies through your browser settings or our in-page cookie controls. We do not use behavioural-advertising cookies and we do not sell cookie data to ad networks.

[v1 placeholder. pending legal review by gojiCare counsel] Privacy questions, access requests, and complaints can be sent to our Privacy Officer at privacy@gojicare.ca. We will acknowledge your request within ten (10) business days and respond substantively within thirty (30) days.

[v1 placeholder. pending legal review by gojiCare counsel] Written correspondence may be sent to: gojiCare. Privacy Officer, [mailing address pending]. Please do not include unsolicited health information in physical mail.

[v1 placeholder. pending legal review by gojiCare counsel] We may revise this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.

[v1 placeholder. pending legal review by gojiCare counsel] For material changes that affect how your information is used, we will notify you in advance by email or through the patient portal. Continued use of the service after the effective date constitutes acceptance of the revised policy.