Norhi (Northern Health Innovations Inc.) is committed to protecting the privacy of individuals and safeguarding personal information in our custody. We comply with applicable Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and follow industry best practices for data protection. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our websites, products, and services. It also explains your rights regarding your personal information and how you can contact us with questions or concerns.

By using Norhi's services or providing us with personal information, you consent to the practices described in this Privacy Policy (subject to your rights to withdraw consent as described below). We may update this policy from time to time, so please check back periodically for any changes.

We collect personal information (information about an identifiable individual) that you provide to us and information generated through your use of our services. The types of personal information we may collect include:

• Contact Information: Your name, email address, mailing address, telephone number, and other similar contact details (for example, when you create an account, fill out a form, or contact us).
• Account and Professional Information: If you register for our platform, we may collect information related to your account or role, such as your username, password, professional title or credentials, and the healthcare organization you are affiliated with.
• Communication Content: Any personal information you provide when contacting us (for example, through customer support inquiries, emails, or other correspondence). This can include feedback, questions, or other details you choose to share.
• Usage Data: Information about how you use our website or platform. This may include your IP address, browser type, device identifiers, pages visited, actions taken, and timestamps of activities. We may use cookies or similar tracking technologies to collect some of this information (see Cookies and Website Data below).
• Health Information: We generally do not collect patient personal health information directly from patients through our website. However, our platform may be used by healthcare providers to store or manage patient information. In such cases, any personal health information is handled on behalf of those healthcare providers and in accordance with applicable health privacy laws (such as Ontario's Personal Health Information Protection Act, PHIPA). We protect all sensitive information with appropriate safeguards.
• Other Information with Your Consent: Any other personal information that you voluntarily provide to us or that we collect with your consent for a specified purpose.

We limit the personal information we collect to what is necessary for the purposes identified. If you choose not to provide certain information, you may not be able to use some features of our services.

Norhi uses the collected personal information for the purposes for which it was collected or as otherwise permitted by law. These purposes may include:

• Providing and Improving Services: To operate our software platform and services, facilitate your login and authentication, maintain your account, and enable the features you request. We also use data to understand how our services are used and to make improvements to functionality, performance, and user experience.
• Communicating with You: To respond to your inquiries, provide customer support, and send you important notifications or updates about our services (for example, changes to our platform, security updates, or service-related announcements). These communications are considered part of our service to you.
• Marketing and Newsletters: To send you newsletters, industry updates, event information, or marketing communications about Norhi products and services, only if you have provided your consent to receive such communications. We strive to ensure any marketing is relevant and infrequent. You can opt out of these messages at any time (see Email Communications and CASL Compliance below).
• Compliance and Legal Obligations: To meet our legal and regulatory obligations, such as complying with applicable laws, regulations, court orders, or lawful requests by government authorities. We may also use your information to enforce our terms of service or protect our rights, privacy, safety, or property, and those of our clients or the public.
• Analytics and Research: To analyze aggregate usage of our websites and services, perform research and development, and derive insights that help us better tailor our offerings. Where possible, we use anonymized or aggregated information for these purposes.
• Other Purposes: We may use your personal information for other purposes that we identify at the time of collection, or for which we obtain your consent. We will not use personal information for purposes unrelated to the identified purposes without your consent or as required/allowed by law.

Norhi will obtain your consent before using your personal information for any new purpose not originally identified, unless otherwise required by law.

Our website uses cookies and similar tracking technologies to enhance your user experience and collect usage data for analytics. Cookies are small text files placed on your device that help us remember your preferences and understand how you interact with our site. For example, we may use cookies to remember your language preferences or to gather anonymous statistical information about site traffic.

We may use third-party analytics services (such as Google Analytics) to help us understand site traffic and usage. These services may use cookies and collect information such as your IP address or device information. This data is used in aggregate form to help us improve our website and is not used to identify you personally. We do not collect sensitive personal information via analytics cookies.

Your Choices: Most web browsers automatically accept cookies, but you can modify your browser settings to refuse cookies or alert you when cookies are being used. Please note that disabling cookies may affect your ability to use certain features of our website.

By using our site without disabling cookies, you consent to our use of cookies as described above. For more information on managing cookies, refer to your browser's help documentation.

We at Norhi understand the importance of keeping your personal information confidential. We do not sell or rent your personal information. We only disclose your information in the following circumstances, and always in accordance with PIPEDA and other applicable laws:

• Service Providers: We may share personal information with third-party service providers or partners who perform services on our behalf. For example, this can include cloud hosting providers, data analytics services, email delivery services, customer support tools, or other IT service providers. These third parties are given only the information necessary to perform their functions, and they are contractually obligated to protect your information and use it solely for the purposes of providing their services to us.
• Healthcare Partners: If you are using Norhi's platform as part of a healthcare organization or clinic, information (including patient information) you input may be shared with or accessible to authorized individuals within that organization in accordance with that organization's policies and agreements. Norhi acts as a service provider (or "agent") to those healthcare providers in handling patient data, and we do so consistent with applicable privacy laws (such as PIPEDA and PHIPA).
• Legal Compliance and Protection: We may disclose personal information if we believe it is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request. We may also disclose information to enforce our agreements or policies, to detect, investigate and help prevent security, fraud or technical issues, or to protect the rights, property, or safety of Norhi, our users, patients, or the public. If we receive an access request or inquiry from law enforcement or regulators, we will only disclose personal information provided we are legally required or permitted to do so.
• Business Transactions: If Norhi is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be transferred to a successor or affiliate of Norhi as part of that transaction. In such cases, we will ensure that appropriate privacy protections are in place and that the recipient of the information continues to honour the commitments of this Privacy Policy (unless you consent otherwise).
• With Your Consent: We may share your personal information with other third parties in situations where you have given us your explicit consent to do so. For instance, if you request that we share data with a third-party application or partner, we will do so only with your authorization.

In all cases, we share the minimum information necessary and evaluate requests for information carefully. If personal information is transferred to third parties outside of Canada, it will be protected with appropriate safeguards, but note that it may become subject to the laws of the jurisdiction where it is held (for example, information stored in the United States may be subject to U.S. lawful access requests).

We take the security of your personal information seriously. Norhi has implemented technical, administrative, and physical safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, or modification. These safeguards include measures such as encryption, secure servers, access controls, and regular security assessments. We limit access to personal data to those employees, contractors, and agents who require such access to carry out their duties.

We also train our staff on privacy best practices to ensure your information is handled in accordance with this Policy and applicable laws. While we strive to use commercially acceptable means to protect your personal information, please note that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. In the unlikely event of a data breach that poses a risk of significant harm, we will notify affected individuals and relevant authorities as required by Canadian law.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. The length of time we keep information will depend on the nature of the information and the reasons for which it was obtained.

For example:

• We may retain your account information while your account is active and for a period after your account is closed, in case you decide to reactivate the service, to resolve disputes, or as needed to comply with legal obligations (such as record-keeping requirements).
• If you contact us with a question or support request, we may retain the correspondence as long as necessary to assist with your inquiry and for our records.
• If information is collected for a specific short-term purpose (e.g., a contest or event registration), we will dispose of or anonymize the information after that purpose is fulfilled.

When personal information is no longer required, we will securely destroy, erase, or anonymize it. We continuously review our data retention practices to ensure they are aligned with legal requirements and our internal data retention policies.

We respect your rights to control your personal information. Under PIPEDA and other applicable laws, you have certain rights regarding your personal information that we hold. These include:

• Access and Correction: You have the right to request access to the personal information we have about you and to receive an explanation of how it is used and disclosed. You may also request corrections or updates to any inaccurate or incomplete personal information in our records. Upon written request and authentication of identity, we will provide you with the personal information under our control, subject to any exceptions under law (for example, information that would reveal personal information about another individual). We will correct any verified inaccuracies as required.
• Withdrawal of Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by clicking the "unsubscribe" link in the email or by contacting us directly (see Email Communications and CASL Compliance below). Please note that withdrawing consent for certain uses of your information may mean we can no longer provide you with certain services. In some cases, we may continue to retain or use your information if we have a legal obligation to do so or if required to protect our legal interests.
• Account Deletion: If you have an account with us, you may request that we delete your account and personal information. We will take reasonable steps to delete your personal information, although we may need to retain some records for legal or internal business purposes (as noted in Retention above).
• Challenging Compliance: If you have questions, concerns, or complaints about our privacy practices or compliance with this Privacy Policy, you have the right to raise these with us (see Contact Us below). We will investigate and respond to complaints in a timely manner. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner to file a complaint.

To exercise any of these rights or for more information, please contact us using the contact information provided in the Contact Us section. We may need to verify your identity before fulfilling certain requests to ensure we do not disclose personal information to the wrong individual.

Norhi is committed to respecting your preferences regarding electronic communications. Canada's Anti-Spam Legislation (CASL) requires us to obtain your consent before sending you commercial electronic messages. We will only send you promotional emails, newsletters, or other marketing communications if we have your consent (implied or express as permitted by CASL).

• Opt-In: You may be asked to provide explicit consent (opt-in) to receive our newsletter or marketing emails, for example by checking a box on a signup form. If you are an existing client or have an established business relationship with us, we may send you relevant information under the implied consent provisions of CASL, but we will ensure that such communications meet CASL requirements.
• Identification and Unsubscribe: All marketing emails from Norhi will clearly identify us as the sender and include our mailing address and a clear unsubscribe link or instructions. You may unsubscribe from our marketing communications at any time by clicking the unsubscribe link in the email or contacting us with your request. Once you unsubscribe, we will promptly remove you from our marketing distribution list, in compliance with CASL.
• Transactional Messages: We may still send you essential non-promotional communications even if you have opted out of marketing emails. For example, we may send you emails about your account, product updates that affect usage, security alerts, or responses to your inquiries. These are considered transactional or informational and are not covered by CASL's consent requirement.
• Third-Party Marketing: We will not provide your email address or other contact information to third parties for their own marketing purposes without your consent.

Our electronic communication practices are designed to ensure compliance with CASL and to respect your choices. If you believe you have received a commercial electronic message from us without consenting, or if you have any questions about our communications, please contact us and we will address your concern.

Our website or services may contain links to external websites or integrate with third-party services (for example, a link to a partner's site or an embedded third-party widget). This Privacy Policy does not apply to any third-party websites or services that we do not operate. Norhi is not responsible for the privacy practices or content of those third parties.

We encourage you to review the privacy policies of any external sites or services you interact with. If you access any third-party services through our platform (for example, by using a single sign-on feature or an integrated health data service), any information you provide to those third parties is governed by their privacy policies, not this one.

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make a material change to this Policy, we will post the updated version on our website and update the "Last Updated" date at the bottom. If the changes are significant, we may also notify you through other means, such as by email or by displaying a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any updates to this Policy indicates your acceptance of the changes, subject to applicable law.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us. We will be happy to assist you and address any issues.

You may also contact us at the above mailing address or email if you wish to withdraw your consent, update your information, or request access to your personal data.