1. Introduction

Smilepass Inc. (“Smilepass,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy outlines our data collection, use, disclosure, and security practices in compliance with applicable laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Health Insurance Portability and Accountability Act (HIPAA).

By using our services, you consent to the collection, use, and disclosure of your personal information as described in this policy. If you do not agree, please refrain from using our services.

2. Scope of This Privacy Policy

This Privacy Policy applies to all users of our services and covers what information we collect, why we collect it, how we use it, and the choices users have to access and update their data. This policy applies to all sites, applications, and services provided by Smilepass that link to this Privacy Policy.

3. Personal Information We Collect

We collect personal information for the following purposes:

  • Verifying identity

  • Identifying user preferences

  • Delivering our services

  • Communicating treatment plan and payment-related information

  • Ensuring high service standards

  • Meeting regulatory requirements

  • Contacting customers when requested

Types of personal information we may collect include:

  • Account Registration Information: Name, email address, phone number, and password.

  • Medical Information: Treatment plans, appointment details, and insurance coverage when relevant to our services.

  • Transaction Information: Records of interactions with our services.

  • Geolocation Data: If users enable location-based features.

  • Technical Data: IP address, browser type, and device information collected through cookies.

If the purpose of collecting personal information is not clear, we will inform individuals before or at the time of collection.

4. Consent

  • We obtain consent before collecting, using, or disclosing personal information, except in cases where consent is not legally required.

  • Consent may be implied when information is voluntarily provided or when notice is given with an opt-out option.

  • Users may withdraw consent for certain uses of their personal information, but doing so may impact service availability.

5. Use and Disclosure of Personal Information

  • Personal information will only be used or disclosed for the purposes identified at the time of collection or for directly related purposes.

  • We do not share mobile information with third parties or affiliates for marketing or promotional purposes.

  • We comply with HIPAA and PIPEDA standards when handling health-related data.

  • No personal data will be sold to third parties.

  • If required by law, we may disclose personal information to regulatory authorities or law enforcement.

6. Retention of Personal Information

  • Personal information used for decision-making will be retained for at least one year.

  • We will only retain personal information as long as necessary for identified purposes, legal obligations, or business needs.

7. Security of Personal Information We take reasonable steps to protect personal information from unauthorized access, loss, misuse, or disclosure, including:

  • Secure Data Transmission: Encrypted communication for data transmission.

  • Data Encryption: Encryption of stored personal and medical information.

  • Access Controls: Limited access to sensitive health information.

  • Secure Disposal: Secure destruction of unnecessary personal data.

8. Cookies and Tracking Technologies We and our third-party service providers may collect information using cookies, pixels, and other tracking technologies to improve user experience and security. Users can control cookie settings through their browser preferences.

9. Third-Party Payment Processing Smilepass does not store or process patients’ credit card information. All payments are securely processed through third-party payment processors that comply with applicable payment security standards.

10. User Rights Over Data Users may:

  • Request an exported file of their personal data.

  • Request the deletion of their data, except where retention is required for legal, administrative, or security purposes.

  • Access and correct their personal information by submitting a written request.

  • Request details about how their data is used and to whom it has been disclosed.

11. HIPAA and PIPEDA Compliance Smilepass follows the strictest standards under HIPAA and PIPEDA when handling protected health information (PHI). Our compliance measures include:

  • Secure and Encrypted Data Storage: PHI is stored securely and accessed only when necessary.

  • Limited Access: PHI is only accessible to authorized individuals.

  • Business Associate Agreements (BAA): Third-party vendors handling PHI must comply with our security protocols.

  • Audit Controls: Regular assessments of data security measures.

If a patient submits PHI, it will only be used for the intended healthcare-related purpose and in compliance with privacy regulations.

12. Changes to This Privacy Policy We may update this Privacy Policy from time to time. Changes take effect immediately upon posting. Users are encouraged to review this policy periodically.

13. Contact Information If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Smilepass Inc.
108 College St, Suite W780
Toronto, ON M5G 0C6
Canada
Email: info@smilepass.com