top of page

Privacy
Policy

Safeguarding what matters to you,

​

in accordance with Law 25 in Quebec and Personal Information Protection and Electronic Documents Act (PIPEDA) Canadian privacy laws,

 

because your trust means everything to us.

Thank you for being here. Read on for the full privacy policy below.

Privacy Policy for ElyxAI

Last Updated: August 26, 2025

 

1. Introduction

Welcome to ElyxAI. Aion Technologies en Santé Inc. ("Aion," "we," "us," "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we handle and protect your data when you use our ElyxAI platform and related services (collectively, the "Services").

Our service, ElyxAI, is an advanced healthcare software platform generating psychiatric evaluation reports from medical assessment data. This policy applies to all users of our Services, including patients, healthcare providers, and healthcare administrators (“user”, “customer”, “you”).

Our privacy practices are designed to comply with Law 25 in Quebec and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

 

2. Information We Collect

We collect information necessary to provide our Services, ensure their security, and meet our legal obligations. The information is categorized as follows:

  • Personal Information: Data that can be used to identify you as an individual. This includes:

    • Contact Details: Name, email address, phone number, and physical address.

    • Demographic Data: Date of birth.

    • Technical Information: IP address, device information, general location data, and usage data collected automatically when you interact with our Services.

  • Protected Health Information (PHI): This is sensitive health-related data that we handle with the highest level of care. We collect this information on behalf of you or your healthcare provider. This includes:

    • Medical Records: Diagnoses, medications, treatment history, and lab results.

    • Clinical Data: Appointment data, vital signs, health metrics, and assessment form data submitted by patients.

 

3. How We Collect Your Information

We collect information through various methods as you interact with our platform:

  • Directly from You: Through user registration, form submissions, and file uploads when you or your healthcare provider create an account or complete an assessment.

  • Automatically: We automatically collect technical information like usage data and IP addresses when you use our Services.

  • From Third Parties: We may receive information through API integrations with your healthcare partners (e.g., hospitals, clinics) to provide a seamless service.

  • Cookies: We use essential and analytics cookies, to operate, and improve our website. For more details, see Section 9.

 

4. How and Why We Use Your Information (Legal Basis)

We process your information for specific purposes and only when we have a valid legal basis to do so.

Purpose of Processing

Legal Basis

Service Delivery

To fulfill our contractual obligation to you and your healthcare provider by operating the ElyxAI platform, processing assessments, and generating reports.

Billing and Account Management

To manage your account, send administrative information, and process payments, which is part of our contract performance.

User Support & Communication

To respond to your inquiries and provide support based on our contractual obligation and your consent.

Security and Fraud Prevention

To protect our platform and users from security threats, a legal obligation and a legitimate interest.

Legal and Regulatory Compliance

To comply with applicable laws, such as medical device regulations and legal subpoenas, under our legal obligations.

Anonymized Research

To contribute to medical research with your explicit consent. All data used for research is anonymized to protect your privacy.

 

5. Data Sharing and Disclosure

We do not sell your personal information. We only share your information with trusted third parties under limited circumstances:

  • Cloud Service Providers: We use secure cloud hosting providers (like Google Cloud Platform) to store your data. These providers are contractually bound to protect your information.

  • Healthcare Partners: We share information with healthcare providers and institutions involved in your care, as directed by you with prior consent.

  • Research Institutions: With your explicit consent, we may share de-identified or anonymized data with research partners.

  • Government and Law Enforcement: We may disclose information if required by law or in response to a valid legal request from a government agency.

International Data Transfers: Your data is stored and processed exclusively on servers located within Canada. We do not transfer your personal information outside of Canada.

 

6. Data Security

We implement robust administrative, physical, and technical safeguards to protect your information, in line with industry best practices and legal requirements. These measures include:

  • Encryption: Your data is protected with strong encryption both in transit (while traveling over the internet) and at rest (while stored on our servers).

  • Access Control: We use multi-factor authentication and role-based access controls to ensure only authorized personnel can access sensitive data.

  • Monitoring: We use intrusion detection systems and maintain audit logs to monitor for and respond to security threats.

  • Resilience: We maintain a comprehensive incident response plan and perform regular data backups to ensure business continuity.

  • Training: Our employees receive regular training on privacy and security protocols.

 

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, or as required by law (e.g., medical record retention laws). When your account is deleted at your request, we will securely erase or anonymize your information in accordance with our data retention policies, unless legally required to keep it.

 

8. Your Privacy Rights

Under Law 25 and PIPEDA, you have specific rights regarding your personal information. You can:

  • Access Your Data: Request a copy of the personal information we hold about you.

  • Correct or Update Your Data: Request to correct any inaccuracies in your personal information.

  • Withdraw Your Consent: Withdraw your consent for data processing at any time, subject to legal or contractual restrictions.

  • Request Deletion: Ask us to delete your personal information, subject to our legal retention obligations.

  • Opt-out of Marketing: We only send marketing communications with your opt-in consent. You can unsubscribe at any time.

  • Be Notified of a Breach: You have the right to be notified of any data breach that presents a risk of serious injury.

  • File a Complaint: You have the right to file a complaint about our privacy practices.

To exercise any of these rights, please contact our Data Protection Officer at privacy@aionhealthtech.com.

 

9. Cookies and Analytics

We use the following types of cookies on our website:

  • Essential Cookies: Necessary for the website and Services to function properly.

  • Analytics Cookies: Help us understand how users interact with our website so we can improve it. We use a custom analytics solution and do not share this data with third-party analytics providers.

​

10. Children's Privacy

Our services are not designed for or intentionally targeted at children under the age of 14 without parental or guardian consent. We require verifiable parental consent before collecting any personal information from a child under 14. If we learn that we have collected such information without consent, we will take steps to delete it promptly.

 

11. Policy Updates

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and we will notify you of significant changes via a notice on our homepage. We encourage you to review this policy periodically.

 

12. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Data Protection Officer (DPO):

Aion Technologies en Santé Inc.

 Attn: Data Protection Officer

10, rue Laval, Saint-Jérôme, Quebec, J7Z 5S5, Canada

Email: privacy@aionhealthtech.com

Phone: 1-514-442-797

 

If you are not satisfied with our response, you have the right to file a complaint with the relevant privacy authority:

  • Commission d'accès à l'information du Québec

  • Office of the Privacy Commissioner of Canada

bottom of page