Privacy Notice

Last modified: November, 2023

RAPIDS Health Ltd. (“RAPIDS“), a company existing under the laws of British Columbia and doing business as RAPIDS, respects your privacy and is committed to protecting it by complying with this Privacy Notice. RAPIDS recognizes the importance of effective systems and measures to protect personal information that we collect or are provided with in our role as a service provider of certain well-being, care or disability management solutions (collectively the “Services“).  

This Privacy Notice describes:

  • how we collect, use, disclose, and protect the personal information of the users and beneficiaries of our Services, and website users (“you“);
  • the types of information we may collect from when you visit the website (our “Website“) or that you may provide (or that your designated Well-being Provider (as defined below) may provide on your behalf) to us in connection with the Services; and
  • our practices for collecting, using, maintaining, protecting, and disclosing that information.

By accessing or using this Website or otherwise using the Services, you indicate that you understand, accept, and consent to the practices described in this Privacy Notice. 

For the purposes of this Privacy Notice:

Well-being Provider” means a healthcare practitioner, provider or organization that provides healthcare or well-being services to its patients or employees (for example, a disability management service provider) which procures our Services and in doing so, receives guidance pertaining to diagnosis and treatment for mental health and brain-related conditions. 

personal information” means information about an identifiable individual as may be defined or limited under applicable privacy legislation. Personal information does not generally include business names and business contact information used in a commercial context.

Processing” the collection, use, recording, disclosure, storage, treatment, management, retention and otherwise, handling of personal information. 

How Do We Obtain Consent for Processing Personal Information?

Your knowledge and informed consent is required for the collection, use, or disclosure of your personal information by RAPIDS, except where the collection, use or disclosure of personal information without such knowledge and consent is permitted or required by law. 

If you are submitting the personal information of others, such as patients or employees, you are responsible for obtaining their consent to the disclosure of their information to RAPIDS, as may be required by law.

RAPIDS as a Service Provider

In some instances, you will have provided your consent to the Processing of your personal information as described in this Privacy Notice directly to your Well-being Provider. In this case, RAPIDS obtains and relies on contractual assurances provided by your Well-being Provider to Process such information in compliance with all applicable privacy laws. In such a case, we Process personal information under the direction of that Well-being Provider (being the organization in control of such data).

What Information Do We Collect about you?

We collect (either directly from you or from designated Well-being Providers) and use several types of information from and about you, including: 

  • Personal information, that we can reasonably use to directly or indirectly identify you, such as your name, mailing address, e-mail address, telephone number, personal health information (e.g., any related prior diagnosis, symptoms and psychometric scores, prior treatments, your primary care physician), Internet protocol (IP) addresses used to connect your computer to the Internet, user name or other similar identifier, and any other identifier that we may use to contact you.
  • Non-personal information, that does not directly or indirectly reveal your identity or directly relate to an identifiable individual, such as demographic information, or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific Website feature or accessing our Services through a particular Well-being Provider.
  • Technical information, including your login information (where pertinent), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Website, and usage details.
  • Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.

If you are submitting any comments or messages to us via the Website, please carefully consider the information that is contained within your comments or messages and ensure that you are not providing any sensitive information that is not necessary for us to consider in responding to you. 

How we Collect Information About You

We use different methods to collect your information, including through:

  • Direct interactions with you when you provide it to us, for example, by filling in web forms, questionnaires, or corresponding with us by phone, email, or otherwise.
  • Automated technologies or interactions, as you navigate through our Website/web application. Information collected automatically may include usage details, and IP addresses.
  • Well-being Providers that we engage with during the course of providing our Services. 

For What Purpose Are We Obtaining This Information?

We use information that we collect about you or that you provide to us (or is provided on your behalf), including any personal information:

  • To present our Website and its contents to you.
  • To provide you with information, products, or the Service that your Well-being Provider has on your behalf requested us to provide.
  • To fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose for which you provide it.
  • To notify you about changes to our Website.
  • To improve our Website, the Services, or customer relationships and experiences.
  • To generate aggregate statistics and metrics that will guide future research and healthcare treatments at an individual and population level.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

De-identifying Information

To safeguard your privacy, when information is used to improve our Services or to generate aggregate statistics and metrics that will guide future research and healthcare treatments at an individual and population level, all identifying information is removed using best-practice de-identification methods.

Unless otherwise agreed with your Well-being Provider, we may disclose aggregated information about you and information that does not identify you without restriction.

When We Disclose Information

We may disclose personal information (including information contained within guidance reports issued by RAPIDS as part of the Services) that we collect or you provide (or is provided on your behalf by a Well-being Provider) as described in this Privacy Notice in the following circumstances:

  • To our subsidiaries and affiliates.
  • With your consent.
  • To our trusted service providers and partners (e.g., health records provider, IT services provider, electronic forms provider) who are contracted to perform services or functions on our behalf only where they require the information to assist us in serving you . These service providers and partners are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Privacy Notice.
  • As required by law, regulation, or legal process.
  • To fulfill the purpose for which you provide it.
  • In accordance with applicable law, to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of RAPID’S assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by RAPIDS about our customers and users is among the assets transferred.

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable law.
  • To enforce or apply our terms of use located here and other agreements.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of RAPIDS, any Well-being Provider, or others. 

Transferring Your Personal Information

Your personal information will remain in Canada, however, it is possible that we may transfer your personal data outside of Quebec. Your information will only be transferred where the recipient jurisdiction offers adequate protection for your personal data, and only where there is a written agreement requiring the recipient to protect your personal information.. Whenever we engage a service provider, we require that its privacy and security standards adhere to this Privacy Notice and applicable Canadian privacy legislation. 

How Long Do We Retain Personal Information?

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

What Safeguards Do You Have to Protect One’s Personal Information?

RAPIDS  has established, implemented and maintains adequate security measures to protect personal information from unauthorized access, use, or disclosure, through physical, technological and administrative safeguards.  These measures include:

  1. Leveraging modern encryption methods to safeguard sensitive information.               
  2. Applying Secure-by-Design approaches in our software development practices
  3. Employing access control measures to limit access to authorized users and detect anomalies.
  4. Deploying our platform in a state-of-the-art tier-1 cloud provider’s Canadian data centre.
  5. Employing modern authentication methods.     

Our data security procedures and practices are continuously revised based on new technological developments. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to us through email or our Website through the use of web forms. Any such transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

We make our staff and contractors aware of the importance of maintaining the confidentiality of personal information by providing training sessions to all employees and contractors, and by requiring, as a condition of employment, that they sign confidentiality agreements. 

How Do You Ensure That The Information Is Accurate?

We take reasonable measures to ensure that information we hold about you is accurate at the point of input to our system and institute quality control measures in our platform. Please keep us and your Well-being Provider informed if your personal information changes. 

Children Under the Age of 16

Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to the Website. We do not knowingly collect personal information from children under 16. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at

Can I Access My Personal Information?

If you want to review, verify, or correct your personal information you may send us an email at We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. 

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Where you have provided your consent to the Processing of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at Please note that if you withdraw your consent we may not be able to provide you with our Services. We will explain the impact to you at the time to help you with your decision.

Where you have provided your consent to the Processing of your personal information directly to your Well-being Provider, we encourage you to contact your Well-being Provider directly if you have questions about how they manage your personal information. Notwithstanding the above, upon receiving an email at the above address from an individual, RAPIDS will, to the extent that it is acting as a service provider in the particular circumstance, promptly forward the request to the appropriate Well-being Provider in control of such personal information.

Upon receiving a request from a Well-being Provider regarding an individual’s personal information, RAPIDS will cooperate with the Well-being Provider by following the Well-being Provider’s instructions with respect to the request, as soon as feasible, and in accordance with applicable privacy laws. 

If you are concerned about our response, you may contact our Privacy Officer at

Who Can I Contact If I Have A Concern About My Personal Information?

We welcome your questions, comments, and requests regarding this Privacy Notice and our privacy practices. Please contact us at:  

Privacy Officer

20th floor, 250 Howe Street, 

Vancouver, British Columbia, 

V6C 3R8

RAPIDS will investigate all concerns and/or complaints pursuant to its complaint procedures. RAPIDS will inform each individual of the outcome of the investigation regarding his or her challenge/complaint. 

Changes to Our Privacy Notice

We include the date this Privacy Notice was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Website and this Privacy Notice to check for any changes.