Privacy policy.

This Privacy Policy explains how Metamed Health Inc., located at Unit 12, 1401 Plains Rd E, Burlington, ON, L7R 0C2, Canada ("we," "us," "our") collects, uses, discloses, and protects the personal information of our users ("you," "your") in connection with the Metamed mobile application, website, and related services (collectively, the "Platform").

We are committed to protecting your privacy and handling your personal information in a manner consistent with the requirements of applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario's Personal Health Information Protection Act (PHIPA).

BY USING THE PLATFORM, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT CONSENT, PLEASE DO NOT USE THE PLATFORM.

Metamed is a digital metabolic health platform that connects users with independent practitioners (including skills coaches, registered dietitians, and nurse practitioners) and provides digital tools, AI-powered coaching, and behavioral skills content to support metabolic health.

This Privacy Policy applies to personal information we collect when you use the Platform. It does not apply to third-party services linked to or accessible from the Platform. Those third parties have their own privacy practices, and we encourage you to review their policies before providing them with your information.

We collect several types of information to provide and improve our Services.

Information you provide directly

Registration and profile information

When you create an account, we collect:

• Name
• Email address
• Phone number
• Date of birth
• Gender (optional)
• Password

Health and medical information

To provide our services, we collect health information you provide, including:

• Height and weight (to calculate BMI)
• OHIP number (optional)
• Diagnosed health conditions
• Medication history (past and current)
• Weight loss goals
• Responses to behavioral challenge assessments
• Food logs, journal entries, and mood scores

This information is considered personal health information and is treated with the highest level of confidentiality.

Payment information

When you make a purchase, your payment information is collected and processed securely by our third-party payment processor, Stripe. We do not store your full credit card details on our servers. We retain only records of transactions for accounting and customer service purposes.

Communications

If you contact us directly, we may receive additional information about you, such as your name, email address, phone number, the contents of your message, and any attachments you may send us.

Information we collect automatically

Technical and usage data

When you use the Platform, we may automatically collect information such as:

• IP address
• Device type and model
• Operating system and version
• Browser type and settings
• App usage statistics (e.g., pages viewed, features used, time spent)
• Crash logs and performance data

Device permissions

The Platform may request access to your device's:

• Camera (for future AI photo logging features)
• Notifications (for appointment reminders and nudges)
• Photos/media (for uploading images)

You can manage these permissions through your device settings. Withdrawing permission may affect certain features of the Platform.

Cookies and similar technologies

We may use cookies and similar tracking technologies to maintain basic functionality, gather aggregate analytics, and improve user experience. Cookies are small data files stored on your device. You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Platform.

Information from integrated technologies

InBody data

If you choose to use InBody scanning services, you authorize Metamed to receive and store your body composition data through our integration with InBody. This data may include:

• Body fat percentage
• Muscle mass (segmental)
• Visceral fat level
• Body water percentage
• Basal metabolic rate

Wearable data

If you choose to connect your account with Apple Health, Google Fit, Fitbit, or other wearables, we may collect health metrics from these services to enhance your progress tracking. You control which data is shared through your device and wearable app settings.

We use your information for the following purposes:

To provide and personalize services

• To deliver our digital skills modules and behavioral content
• To provide AI-powered coaching and personalized recommendations
• To generate package recommendations based on your profile
• To schedule appointments with practitioners
• To track your progress over time

To communicate with you

• To send administrative information, such as service updates and policy changes
• To provide appointment reminders and confirmations
• To respond to your inquiries and support requests
• To send behavioral nudges and motivational messages (you may adjust these preferences)

For clinical care

• To provide your practitioner with the information necessary to guide your care plan
• To enable secure messaging between you and your practitioner
• To document your progress and session notes

For payment processing

• To process your payments and manage your subscriptions
• To generate receipts for insurance claims
• To handle refunds and billing inquiries

For improvement and analytics

• To analyze usage patterns and improve the functionality and user experience of the Platform
• To develop new features and services
• To conduct quality assurance and training

For security and legal compliance

• To protect the security and integrity of the Platform
• To prevent fraud and unauthorized access
• To comply with legal obligations and regulatory requirements

For research (anonymized data)

We may use anonymized and aggregated data for research purposes and to publish outcomes, helping to advance the understanding of metabolic health. This data will not be used to identify you personally. Any research publications will use only aggregate, de-identified information.

• We do not sell your personal information: We never sell your personal information to third parties for marketing or advertising purposes.
• We do not use your information for advertising: We do not use your personal health information for third-party targeted advertising or profiling.
• We do not share your information with employers or insurers: Without your explicit consent, we do not share your information with your employer, insurance company, or any other third party (except as required by law or as described in Section 7).

We may share your information in the following limited circumstances:

Within the "circle of care"

Your personal health information may be shared among Metamed team members and practitioners who require it to provide you with care. This includes:

• Your assigned skills coach
• Registered dietitians
• Nurse practitioners
• Administrative staff supporting your care

All individuals with access to your information are bound by confidentiality obligations and receive training on privacy and security.

Service providers

We share information with trusted third-party service providers who assist us in operating the Platform. These providers are contractually obligated to protect your information and use it only for the services they provide to us. Key service providers include:

Legal and safety requirements

We may disclose information if required by law, such as in response to:

• A court order, subpoena, or warrant
• A request from a regulatory authority with legal authority to compel production
• To protect the rights, property, or safety of Metamed, our users, or others

Business transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any such change in ownership or control via email or prominent notice on the Platform.

With your consent

We may share your information for other purposes with your explicit consent. For example, if you request that we share your progress report with another healthcare provider, we will do so only after obtaining your consent.

Security measures

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, use, or disclosure. These include:

• Encryption of data in transit (using TLS/SSL)
• Encryption of sensitive data at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Staff training on privacy and security

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data storage location

Your information is primarily stored on secure servers located in Canada. Some of our third-party service providers may process or store data outside of Canada (e.g., in the United States). When information is processed outside Canada, it may be subject to the laws of those jurisdictions, which may require disclosure to governmental authorities in certain circumstances.

Data retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account deletion

You may request deletion of your account at any time by contacting us at admin@metamed.health. Upon account deletion:

• Your account will be deactivated
• Your personal information will be removed from active databases
• Certain information may be retained as required by law (e.g., health records, payment records)
• Anonymized data that cannot identify you may be retained for research purposes

You have the following rights regarding your personal information:

Access and correction

You may request access to the personal information we hold about you and request that any inaccuracies be corrected. Most information can be accessed and updated directly through your account settings. For additional requests, contact us at admin@metamed.health.

Withdraw consent

You may withdraw your consent for us to collect, use, or disclose your information at any time, subject to legal and contractual restrictions. Withdrawing consent may limit our ability to provide the Services to you. To withdraw consent, contact us at admin@metamed.health.

Delete account

You may request deletion of your account as described in Section 8.D.

Opt out of communications

You may opt out of receiving non-essential communications (e.g., marketing, newsletters) by:

• Following the unsubscribe instructions in any communication
• Adjusting your notification preferences in account settings
• Contacting us at admin@metamed.health

You cannot opt out of essential service communications (e.g., billing notices, safety alerts, policy changes) without discontinuing the Services.

Restrict processing

In certain circumstances, you have the right to restrict the processing of your information. This may include objecting to processing for direct marketing purposes.

Data portability

You have the right to receive a copy of your information in a structured, commonly used, and machine-readable format. To request data portability, contact us at admin@metamed.health.

The Platform is not intended for individuals under the age of 18 without parental consent. Where consent from a parent or guardian is required, we collect information about the minor solely for the purpose of providing the Services. The parent or guardian:

• Has the right to access and correct the minor's information
• May request deletion of the minor's account at any time
• Gives affirmative consent to the collection, use, and disclosure of the minor's information as described in this Privacy Policy

If we become aware that we have collected personal information from a minor without appropriate consent, we will take steps to delete that information.

The Platform uses artificial intelligence to provide personalized recommendations, behavioral nudges, and content suggestions. These AI Services involve automated processing of your information to:

• Suggest relevant skills modules based on your challenges
• Generate personalized meal and activity recommendations
• Send context-aware nudges based on your behavior patterns
• Analyze journal entries for emotional tone and cognitive patterns

These automated decisions are made to enhance your experience and are not the sole basis for any clinical recommendations. Your practitioner remains responsible for your care plan and can override or adjust any AI-generated suggestions.

Types of cookies we use

Managing cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View cookies stored on your device
• Delete individual or all cookies
• Block cookies from specific sites
• Block all cookies

Please note that disabling cookies may affect the functionality of the Platform.

The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites or services you access.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the "Last Updated" date at the top of this page.

We will notify you of any material changes through:

• An in-app notification
• An email to the address associated with your account
• A prominent notice on the Platform

Your continued use of the Platform after the changes become effective constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must discontinue using the Platform.

Privacy Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

• Privacy Officer: Privacy Officer, Metamed Health Inc.
• Email: admin@metamed.health
• Address: Unit 12, 1401 Plains Rd E, Burlington, ON, L7R 0C2, Canada
• Phone: (289) 270-8786

Making a complaint

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario:

If you are a resident of Quebec, you have additional rights under Quebec's privacy laws, including:

• The right to be informed of the existence of any computerized personal information system
• The right to access and rectify personal information held by third parties on our behalf
• Enhanced consent requirements for certain types of information

To exercise these rights, please contact our Privacy Officer.

The Platform is intended for users in Canada. If you are accessing the Platform from outside Canada, your information may be transferred to, stored, and processed in Canada. By using the Platform, you consent to the transfer of your information to Canada, which may have different data protection laws than your country of residence.

• Personal Information: Information about an identifiable individual, as defined by PIPEDA.
• Personal Health Information: Information concerning the physical or mental health of an individual, as defined by PHIPA.
• Practitioner: An independent skills coach, registered dietitian, nurse practitioner, or other health professional providing services through the Platform.
• Services: All services offered through the Platform, including digital skills modules, AI coaching, and practitioner sessions.
• Platform: The Metamed mobile application, website, and related services.