Privacy Policy

Last Updated: February 17, 2026

Rapids Health Ltd. (“Rapids“, “we” or “our”), a company existing under the laws of British Columbia, respects the privacy rights of individuals and is committed to protecting it by complying with this Privacy Notice. Rapids recognizes the importance of effective systems and measures to protect personal information that we collect or which is provided to us in our role as a service provider.

Introduction 

This Privacy Notice covers both Soli and Ori services (as such services are defined and described in more detail below). For the purposes of this Privacy Notice, the term “personal information” means information about an identifiable individual, and includes  “personal health information”, which includes information about an identifiable individual that is related to the individual’s health or the provision of health services to the individual, including but not limited to health card numbers and registration information, and information regarding the individual’s medical history, medical treatment, diagnosis or mental or physical condition.

Personal information does not generally include business names and business contact information used in a commercial context. 

When we refer to the term, “processing“, or “process” we mean the collection, use, recording, disclosure, storage, treatment, management, retention, and otherwise handling of personal information.

This Privacy Notice describes how we process the personal information of users or recipients of our services. It also describes individuals’ rights of access and correction, and how to contact us with concerns regarding the handling of personal information. At all times, we comply with the requirements of privacy laws and codes of practice, including without limitation Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable laws relating to the protection of personal health information.

By accessing or using our website (https://rapidshealth.com/) (“Website”) or otherwise using our services, you indicate that you understand, accept, and consent to the practices described in this Privacy Notice.

When this Privacy Notice applies

This Privacy Notice applies to the services offered by Rapids, currently including:

  1. Soli, which allows a healthcare practitioner, provider, or organization (collectively a “Healthcare Provider”) to request such an assessment for his, her or their patients or clients, to support the diagnoses, treatment, and mitigation of the symptoms of certain psychiatric conditions; and
  2. Ori, which is a subscription-based, AI-powered clinical decision support tool focused on mental health treatment guidance and designed to assist individuals (licensed or credentialed as a clinician, medical practitioner, nurse practitioner, psychiatrist, psychiatric nurse who practices or provides his or her services in Canada (but specifically excluding any individual residing in or providing services from the Province of Quebec), collectively “Eligible Users”) in accessing evidence-based treatment information via a conversational interface and using de-identified or hypothetical patient scenarios . Ori is designed for general clinical knowledge queries only and is not designed for the processing of personal information or personal health information

If Eligible Users require guidance to discuss identifiable patient/individual information, Eligible Users should instead use Soli, which operates under appropriate privacy and security controls for personal health information.

Ori is designed to restrict the processing of personal information, including personal health information, by scanning for such personal information and attempting to redact or remove it, however, we will remind Eligible Users when they sign up for this service that identifiable patient information (including but not limited to healthcare numbers, dates of birth, identifiable patient records and any other identifying details) must not be disclosed or entered into the product. Please contact us immediately at privacy@rapidshealth.com with any concerns about mistaken entries.

This Privacy Notice does not apply to services that have separate privacy policies that do not incorporate this Privacy Notice nor does it apply to any third party services.

What Personal Information Do We Collect?

Rapids collects personal information from:

  • healthcare providers and their patients or clients as part of offering Soli; and
  • Eligible Users of Ori as part of the sign-up and registration process. 

The tables below set out what types of information is collected and from whom. 

Soli

Whose information?

Which information is collected?

Healthcare Providers
  • Title, name, email address, office address, telephone number, and fax number.
  • Country, province/state, occupation, medical specialty.
  • Organizational affiliation (if applicable).

Patient/client Information
  • Name, provincial healthcare number (or other unique identifier), email address, and cell phone number.
  • Health information including: date of birth, sex, height, weight, prior diagnoses, symptoms, prior and current medications, and psychometric assessment scores.

Ori

Whose information?

Which information is collected?

Eligible Users

Personal Information*during sign-up/subscription process

  • Title, name, email address, office address, and  telephone number .
  • Country, province/state, occupation, medical specialty.
  • Organizational affiliation (if applicable).

Technical Information during use of the Assistant Service

  • Internet Protocol (IP) address and browser details.
  • Login information and time zone setting.
  • Operating system and platform information.
  • Information about the user’s internet connection and equipment used to access the Services or Website.
  • Device identifiers.
  • Session information, page interaction information, page response times, download errors, clickstream data.
  • Full Uniform Resource Locators (URLs) and clickstream data (including date and time).

Patient Information
  • No patient/client information is collected as part of this Assistant Service.

Non-Personal Information

We may also collect non-personal information that does not directly or indirectly reveal an individual’s identity or directly relate to an identifiable individual, such as demographic information, or statistical or aggregated information and aggregated usage patterns (e.g., percentage of users or recipients of our services from a particular province or specialty). 

Submissions to Ori

We collect and store all chat interactions and clinical queries submitted in connection with use of Ori, including the questions that are asked and the responses that are provided. We do this in order to improve the AI system’s performance and accuracy, refine our AI models, identify common clinical questions and knowledge gaps, and generate usage statistics and service improvements. These queries may be used for AI training, model improvement, or research purposes. 

How Do We Collect Personal Information?

The tables below provide a breakdown of how we collect personal information for each service.

Soli

Whose information?

How do we collect it?

Healthcare Providers
  • Via a secure electronic EMR “smartform”  that healthcare providers complete and send electronically in order to register to use our service.

Patient Information
  • The healthcare provider transmits all necessary Patient information to us via electronic transmission     
  • The Patient transmits their answers to a series of psychometric questionnaires to us via a secure, HIPAA-compliant webform.

When a Healthcare Provider requests to use Soli on behalf of one of their patients or clients, the Healthcare Provider is responsible for obtaining meaningful and express consent from the relevant patients or clients in accordance with all applicable privacy laws prior to disclosing such patient’s  or client’s personal information to Rapids. 

Ori

Whose information?

Which information?

Eligible Users
  • Direct interactions when individuals register, subscribe, otherwise use our Services, or correspond with us.
  • Automated technologies as individuals use the Assistant Service and navigate the platform (see section below for details on cookies and tracking technologies).

Patient Information
  • No Patient information is collected as part of this service.

How We Use Personal Information 

We use information, including personal information, for the following purposes:

Service Delivery:

  • To provide access to our services and to generate and deliver any outputs of our services (including any mental health guidance reports or assessments with respect to Soli).
  • To authenticate user access and maintain user accounts.
  • To manage subscriptions and to communicate to users of our services about their subscription, updates, or changes to the services.
  • To fulfill the purposes for which the personal information was provided.

User Administration:

  • To manage User subscriptions.
  • To provide customer support.

Service Improvement and Other Business Purposes:

  • To: (i) improve the functionality, accuracy, and user experience of Ori; (ii) to analyze usage patterns and identify areas for enhancement; and (iii) develop, and refine our AI functionality and knowledge base and evaluate the quality and relevance of AI-generated responses.

Research and Analytics:

  • To generate de-identified aggregate statistics, usage trends and findings to: (i) conduct research on clinical decision-making patterns; (ii) to publish aggregate findings in medical literature; and (iii) to improve our products or services. When information or data in connection with Soli is used to improve our services or to generate aggregate statistics and metrics for research and population health purposes, all identifying information is removed according to industry best-practice de-identification standards. We implement technical and administrative measures to prevent re-identification of de-identified data.

Legal and Safety:

  • To comply with legal obligations.
  • To enforce our Terms of Service.
  • To protect the rights, property, and safety of Rapids, Users, and others.
  • For any other purpose with the individual’s consent.

When We Share Personal Information 

We may share personal information with:

Soli
  • A patient’s or client’s designated Healthcare Provider when the patient or client completes Soli’s issued questionnaire. We will also share the guidance report that is generated as part of Soli with the referring Healthcare Provider, provided that the Healthcare Provider has obtained the applicable patient’s or client’s consent. 
  • Trusted service providers and partners (including TELUS Health for electronic medical records services, and cloud environment management services, Google Canada for cloud infrastructure services, SRFax for electronic-facsimile services, Jotform for secure e-form services, and other IT services providers) who are contractually obligated to keep personal information confidential.
  • Our subsidiaries and affiliates as necessary to provide the services.
  • With the individual’s consent for any additional purposes.
  • As required by law, regulation, court order, or legal process.
  • To protect rights and safety if we believe disclosure is necessary to protect the rights, property, or safety of Rapids, any user or recipient of the services, or others.
  • In business transfers to a buyer or successor in the event of a merger, sale, or transfer of assets, in accordance with applicable law.
  • Unless otherwise agreed with a Healthcare Provider, we may disclose aggregated, and de-identified information without restriction including without limitation to generate aggregate statistics and metrics to guide future research and healthcare treatments at individual and population levels. 

Ori
  • Trusted service providers and partners (including TELUS Health for cloud environment management services, Google Canada for cloud infrastructure services, Auth0 for authentication services, and other IT services providers) who are contractually obligated to keep personal information confidential.
  • Our subsidiaries and affiliates as necessary to provide the services.
  • With the individual’s consent for any additional purposes.
  • As required by law, regulation, court order, or legal process.
  • To protect rights and safety if we believe disclosure is necessary to protect the rights, property, or safety of Rapids, any user or recipient of the services, or others.
  • In business transfers to a buyer or successor in the event of a merger, sale, or transfer of assets, in accordance with applicable law.
                      

Transferring Personal Information

Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

We may also transfer personal information outside of Quebec. In accordance with Quebec private sector privacy legislation, Rapids assesses personal information that is being transferred outside of Quebec to ensure that the information receives adequate protection.  

How Long Do We Retain Personal Information?

Except as otherwise permitted or required by applicable law or regulation, we will only retain personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Security Safeguards

Rapids has established, implemented, and maintains adequate security measures to protect personal information from unauthorized access, use, or disclosure, through physical, technological, and administrative safeguards. These measures include:

  • Leveraging modern encryption methods to safeguard sensitive information.
  • Applying Secure-by-Design approaches in our software development practices.
  • Employing access control measures to limit access to authorized users and detect anomalies.
  • Deploying our platform in a state-of-the-art tier-one cloud provider’s Canadian data centre.
  • Employing modern authentication methods.
  • Providing confidentiality training to all employees and contractors.

Requiring employees and contractors to sign confidentiality agreements as a condition of employment.

Our data security procedures and practices are continuously revised based on new technological developments.

Important Security Notice: The transmission of information via the Internet is not completely secure. Although we do our best to protect personal information, we cannot guarantee the security of personal information transmitted to us through email or the Internet. Any such transmission is at the individual’s own risk. We are not responsible for circumvention of any privacy settings or security measures.

Information Accuracy

We take reasonable measures to ensure that information we hold is accurate at the point of input to our system and institute quality control measures in our platform.

Users’ Responsibility: It is the responsibility of the user to notify us if their personal information changes. 

Soli only:  With respect to patients or clients who are the recipient of the Soli Service, it is the Healthcare Provider’s responsibility to inform us if their patients’ or clients’ personal information changes.

Children Under the Age of 18

Our website and services are not intended for children under 18 years of age. No one under age 18 may provide any personal information to the Website or services. We do not knowingly collect personal information from children under 18.

If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

We can be contacted at privacy@rapidshealth.com if there is cause for concern that our services are being used for children under the age of 18.

Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to:

  • Maintain session and login status.
  • Remember preferences and settings.
  • Analyze usage patterns and improve our Services.
  • Measure performance and user engagement.

Types of Cookies We Use:

  • Essential Cookies: Required for the Services to function

  • Analytics Cookies: Help us understand how our Services are used.

  • Preference Cookies: Remember settings and choices

Cookie Choices: Cookies can be controlled through the browser settings, however disabling certain cookies may limit functionality of the Services.

For more information about the cookies we use, please see our Cookie Policy.

Privacy Rights

Access to Personal Information

Individuals have the right to request access to their personal information. To review, verify, or correct personal information, contact us by email at privacy@rapidshealth.com.

We may request specific information to help us confirm user identity and right to access, and to provide the user with the personal information that we hold about them or make their requested changes.

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If we cannot provide an individual with access to their personal information, we will inform them of the reasons why, subject to any legal or regulatory restrictions.

Withdrawal of Consent

Where individuals have provided their consent to the processing of their personal information, they may have the legal right to withdraw their consent under certain circumstances. To withdraw consent, they can cancel their subscription to a Service (if applicable) and/or contact us at privacy@rapidshealth.com.

For Soli Users:

Please note: If a patient or client withdraws their consent to the processing of their personal information in connection with Soli, we will be unable to provide the Soli service to their Healthcare Provider. 

Where a patient or client has provided their consent to the processing of its personal information directly to its Healthcare Provider, we encourage such patient or client to contact their Healthcare Provider directly regarding any questions about how his or her personal information is handled or to withdraw his or her consent.

Changes to our Privacy Notice

It is our policy to post any changes we make to our Privacy Notice. If we make material changes to how we treat personal information, we will notify relevant individuals by email to the email address specified in their account and/or through a notice on the Website home page.

We include the date the Privacy Notice was last revised at the top of the page. Individuals are responsible for ensuring we have an up-to-date, active, and deliverable email address for them, and for periodically visiting our Website and this Privacy Notice to check for any changes.

Contact Information and Challenging Compliance

We welcome questions, comments, and requests regarding this Privacy Notice and our privacy practices. Please contact us at:

Privacy Officer

privacy@rapidshealth.com 

We have procedures in place to receive and respond to complaints or inquiries about our processing of personal information, our compliance with this Privacy Notice, and with applicable privacy laws. To discuss our compliance with this Privacy Notice please contact our Privacy Officer using the contact information listed above.