PLATEFORME WELLVERVE INC. 

Privacy Policy 

Canada & United States 

Effective Date: April 23, 2026 

Privacy Officer Contact: 

privacy@wellverve.com | wellverve.com/privacy 

 

1. Introduction 

WellVerve Inc. ("WellVerve," "we," "us," or "our") operates a clinical-grade AI platform that supports licensed healthcare practitioners in delivering personalized, evidence-based supplement protocols. 

We are committed to protecting the privacy and security of personal information entrusted to us by patients, practitioners, and platform users. 

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information — including sensitive health data — in connection with our platform, services, and website (collectively, the “Services”). It applies to users in Canada and the United States. 

WellVerve operates across both jurisdictions and is designed to meet applicable Canadian and U.S. privacy requirements, including Quebec Law 25 and relevant U.S. healthcare and state privacy frameworks. 

 

2. Scope & Definitions 

Personal Information: Any information that identifies or can reasonably be linked to an individual. 

Health Information: Sensitive personal information relating to physical or mental health. 

De-identified Data: Data processed to remove direct identifiers and reduce re-identification risk using industry-standard methods. 

Practitioner: A licensed healthcare professional using the platform. 

Platform: WellVerve’s clinical AI system and associated services. 

 

3. Information We Collect 

3.1 Information You Provide 

  • Identity & Contact: Name, email, phone number, address, date of birth 

  • Practitioner Credentials: License details, professional registration, clinic affiliation 

  • Account Information: Login credentials, preferences 

  • Clinical Data: Health history, symptoms, lab results, medications, supplements, dietary data 

  • Payment Information: Processed via compliant third-party providers (we do not store full card numbers) 

  • Communications: Messages, inquiries, and feedback 

3.2 Information Collected Automatically 

  • Device & Technical Data: IP address, browser, device identifiers 

  • Usage Data: Pages visited, session activity 

  • Cookies & Tracking Technologies (see Section 9) 

3.3 Information from Third Parties 

With appropriate authorization: 

  • EHR/PMS systems 

  • Laboratories and diagnostic providers 

  • Credential verification services 

  • Referring practitioners or clinics 

3.4 Sensitive Information 

Due to the clinical nature of our Services, we process health information, which is subject to heightened protections. 

 

4. Legal Basis for Processing 

We process personal information only where permitted by law, including: 

  • Consent (e.g., clinical data, marketing, RWE participation) 

  • Performance of a contract (platform access and service delivery) 

  • Legal and regulatory obligations 

  • Legitimate interests, where applicable and balanced with user rights (e.g., platform improvement, security) 

We do not use personal information for materially different purposes without appropriate consent or legal basis. 

 

5. Use of Personal Information 

5.1 Platform Operations 

To operate and deliver Services, including: 

  • Generating practitioner-reviewed supplement protocols 

  • Supporting practitioner-patient workflows 

  • Producing clinical outputs and reports 

5.2 AI & Decision Support Transparency 

WellVerve uses artificial intelligence to support clinical insights. 

  • AI outputs are decision-support tools only 

  • Final decisions remain with licensed practitioners 

  • No fully automated medical decisions are made without human oversight 

5.3 De-identified Data & Research 

We may use de-identified, aggregated data for: 

  • Platform improvement and model training 

  • Research and publication 

  • Licensing to life sciences and research organizations 

De-identification is performed using industry-standard methods, including risk-based assessments to reduce the likelihood of re-identification. 

5.4 Marketing & Communications 

With consent where required, we may send: 

  • Service updates 

  • Clinical resources (for practitioners) 

  • Product information 

Users may opt out at any time. 

 

6. Disclosure of Personal Information 

6.1 Authorized Disclosures 

We do not sell personal information. We disclose information only as necessary: 

  • Practitioners and clinic administrators within care relationships 

  • Service providers under contractual protections (e.g., cloud, payments) 

  • Integrated systems authorized by users 

  • Legal and regulatory authorities when required 

  • Business transactions (e.g., mergers), with equivalent protections 

  • With user consent 

6.2 Data Licensing (De-identified Only) 

WellVerve licenses de-identified, aggregated datasets for research and life sciences use. 

  • No identifiable personal information is shared 

  • Strict contractual prohibitions on re-identification 

  • Use limited to research and pharmacovigilance 

  • Separate, explicit patient consent is obtained 

6.3 Cross-Border Transfers 

Personal information may be processed in Canada or the United States. By using the Services, users acknowledge cross-border data handling. 

 

7. Data Retention 

We retain personal information only as long as necessary: 

  • Clinical data: In accordance with applicable medical record retention laws 

  • Account data: While accounts remain active and for a reasonable period thereafter 

  • Legal obligations: As required by law or regulatory requirements 

  • De-identified data: May be retained indefinitely for research and analytics purposes 

 

8. Security Safeguards 

We implement safeguards appropriate to the sensitivity of the data, including: 

  • Encryption (AES-256 at rest; TLS 1.2+ in transit) 

  • Role-based access controls and least-privilege access 

  • Multi-factor authentication 

  • Segregated system architecture 

  • Regular security testing and audits 

  • HIPAA-compliant vendor agreements where applicable 

No system is completely secure. We notify affected individuals and authorities of breaches as required by law. 

 

9. Cookies & Tracking Technologies 

We use cookies to operate and improve Services: 

  • Strictly Necessary: Authentication, security 

  • Functional: Preferences and settings 

  • Analytics: Platform performance (e.g., PostHog or similar tools) 

  • Marketing: Only with consent 

Users may manage preferences via browser settings or our cookie controls. 

 

10. Your Rights 

Depending on your jurisdiction, you may have the right to: 

  • Access your personal information 

  • Correct inaccurate data 

  • Request deletion (subject to legal obligations) 

  • Withdraw consent 

  • Data portability (where applicable) 

  • Opt out of secondary uses, including RWE datasets 

  • File complaints with regulators 

Requests may be submitted to: privacy@wellverve.com 

Response timelines: 

  • Canada (PIPEDA): ~30 days 

  • Quebec (Law 25): ~15 business days 

  • U.S. state laws: up to 45 days (extendable where permitted) 

 

11. Consent 

11.1 Practitioners 

Practitioners agree to Terms of Service and Data Processing Agreements and are responsible for obtaining valid patient consent. 

11.2 Patients 

Patients are informed of: 

  • Platform functionality and AI usage 

  • Data collection and purposes 

  • De-identified data use and opt-out rights 

  • Cross-border processing 

Separate, explicit consent is obtained for inclusion in de-identified datasets. Opt-out is available at any time. 

 

12. Quebec Residents (Law 25) 

Quebec residents have additional rights, including: 

  • Data portability 

  • Rights related to automated decision-making 

  • Enhanced breach notification protections 

WellVerve conducts Privacy Impact Assessments (PIAs) where required. 

 

13. United States Residents 

13.1 HIPAA 

Where applicable, WellVerve acts as a Business Associate and complies with applicable agreements. 

13.2 State Privacy Laws 

Residents of California and other states have rights consistent with Section 10. We do not sell personal information. 

 

14. Minors 

Our Services are not directed to individuals under 18. We do not knowingly collect data from minors without appropriate consent. 

 

15. Third-Party Services 

We are not responsible for third-party privacy practices. Users should review their policies independently. 

 

16. Changes to This Policy 

We may update this Policy periodically. Material changes will be communicated via: 

  • Website updates 

  • Email notifications 

  • In-platform notices 

Continued use constitutes acceptance where permitted by law. 

 

17. Contact — Privacy Officer 

For any privacy-related inquiries: 

privacy@wellverve.com 

 

Plateforme WellVerve Inc. 

Approved by: Stephanie El-Chakieh 

Title: Privacy Officer 

Date: April 23, 2026