← Back to Home

Privacy Policy

Last Updated: September 15, 2024

Your Privacy Matters: At Bluestone AI, we are committed to protecting your privacy and handling your personal information with the highest level of care. This Privacy Policy explains how we collect, use, and protect your information in compliance with Canadian privacy laws, including PIPEDA.

1. Information Collection and Use

Bluestone AI Inc. ("we," "our," "us") collects information you provide directly to us and information we obtain automatically when you use our services.

1.1 Information You Provide

We collect information when you:

  • Create an account or join our waitlist
  • Use our mental health platform and services
  • Communicate with us via email, phone, or chat
  • Participate in surveys or provide feedback
  • Subscribe to our newsletter or marketing communications

1.2 Types of Information Collected

Information Type Examples Purpose
Personal Information Name, email address, phone number, date of birth Account creation, communication, service provision
Health Information Mental health assessments, therapy preferences, treatment history Personalized treatment recommendations, progress tracking
Usage Data Login times, feature usage, session duration Service improvement, analytics, user experience optimization
Technical Data IP address, browser type, device information Security, technical support, platform optimization

2. Legal Basis for Data Processing

Under Canadian privacy law, we process your personal information based on the following legal grounds:

  • Consent: You have explicitly consented to our collection and use of your information
  • Contract: Processing is necessary for the performance of our service contract with you
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services
  • Legal Obligation: Processing is required to comply with legal or regulatory requirements

3. Health Information Handling

We recognize the sensitive nature of health information and implement additional safeguards:

3.1 PIPEDA Compliance

Our handling of personal health information complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial health information legislation.

3.2 Health Information Safeguards

  • End-to-end encryption for all health data transmission
  • Secure, encrypted storage in Canadian data centers
  • Access controls limiting who can view health information
  • Regular security audits and vulnerability assessments
  • Staff training on health information privacy requirements

3.3 Disclosure of Health Information

We will only disclose your health information:

  • With your explicit consent
  • To healthcare providers involved in your care (with your permission)
  • When required by law or legal process
  • In emergency situations to protect your health and safety

4. Third-Party Service Providers

We work with trusted third-party service providers to deliver our services. These partners are carefully selected and bound by strict confidentiality agreements.

4.1 Current Service Providers

  • Cloud Infrastructure: Secure, PIPEDA-compliant hosting services
  • Analytics: Anonymized usage analytics and performance monitoring
  • Communication: Email delivery and customer support systems
  • Payment Processing: Secure payment processing services (when available)

4.2 Third-Party Obligations

All service providers must:

  • Comply with Canadian privacy laws
  • Implement appropriate security measures
  • Use data only for specified purposes
  • Return or destroy data when services are terminated

5. Data Retention and Deletion

We retain your information only as long as necessary to provide our services and comply with legal obligations.

5.1 Retention Periods

Data Type Retention Period Reason
Account Information Duration of account + 2 years Service provision, legal compliance
Health Records As required by healthcare regulations Continuity of care, legal requirements
Usage Analytics 24 months Service improvement, performance analysis
Marketing Communications Until unsubscribe + 30 days Communication preferences, compliance

5.2 Data Deletion

When data is scheduled for deletion, we:

  • Securely delete data from all systems and backups
  • Provide confirmation of deletion upon request
  • Ensure third-party service providers also delete the data

6. Your Rights and Controls

Under Canadian privacy law, you have several rights regarding your personal information:

6.1 Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Review how your information is being used

6.2 Correction and Updates

  • Correct inaccurate or incomplete information
  • Update your personal details and preferences
  • Modify consent preferences

6.3 Deletion and Withdrawal

  • Request deletion of your personal information
  • Withdraw consent for specific processing activities
  • Close your account and delete associated data

6.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@bluestoneai.com. We will respond within 30 days of receiving your request.

7. International Data Transfers

We primarily store and process data within Canada. If we transfer data internationally, we ensure:

  • Adequate level of data protection in the receiving country
  • Appropriate safeguards are in place
  • Your explicit consent for sensitive health information transfers
  • Compliance with PIPEDA requirements for international transfers

8. Security Measures

We implement comprehensive security measures to protect your information:

8.1 Technical Safeguards

  • 256-bit SSL/TLS encryption for data transmission
  • AES-256 encryption for data storage
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Automated threat detection and response systems

8.2 Administrative Safeguards

  • Employee background checks and confidentiality agreements
  • Privacy and security training programs
  • Access controls based on principle of least privilege
  • Incident response and breach notification procedures

8.3 Physical Safeguards

  • Secure data center facilities with 24/7 monitoring
  • Biometric access controls and surveillance systems
  • Environmental controls and backup power systems
  • Secure disposal of hardware and storage media

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience and understand how our service is used.

9.1 Types of Cookies

Cookie Type Purpose Duration
Essential Cookies Core website functionality, security Session/Persistent
Analytics Cookies Usage statistics, performance monitoring Up to 24 months
Preference Cookies Remember your settings and preferences Up to 12 months
Marketing Cookies Personalized content, advertising Up to 12 months

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our service.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or service notification
  • Post the updated policy on our website with the revision date
  • Obtain additional consent if required by law
  • Provide a summary of key changes

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Complaints and Privacy Officer

If you have concerns about how we handle your personal information, you can:

  • Contact our Privacy Officer at privacy@bluestoneai.com
  • File a complaint with the Privacy Commissioner of Canada
  • Contact the privacy regulator in your province

12.1 Privacy Officer Contact

Our Privacy Officer is responsible for ensuring compliance with privacy laws and handling privacy-related inquiries:

Email: privacy@bluestoneai.com
Phone: +1 (XXX) XXX-XXXX
Mail: Privacy Officer, Bluestone AI Inc., [Address], Toronto, ON, Canada

Questions About This Privacy Policy?

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@bluestoneai.com

General Email: hello@bluestoneai.com

Address: Bluestone AI Inc.
[Company Address]
Toronto, ON, Canada

Phone: +1 (XXX) XXX-XXXX