CareRoad – Privacy Policy

CareRoad – Privacy Policy

Effective: November 5, 2025

Introduction

CarePal Inc. (“CareRoad”, “we”, “us” or “our”) is a Québec-based company offering the CareRoad mobile application (the “App”), a community platform that connects individuals living with similar health conditions (“CarePals”) through one-on-one chats and condition-specific support groups (“CareGroups”). The App is available globally via the App Store and Google Play.

This Privacy Policy (the “Policy”) explains how we collect, use, disclose, and protect your personal information when you use the App or otherwise interact with us. Because the App involves information about health conditions that you may choose to share, some of the information we collect can be considered sensitive personal information under applicable privacy laws. We treat this information with particular care and apply safeguards consistent with the strictest standards that may apply, whether under Québec, Canadian, or international laws.

Please read this Policy carefully to understand our practices. By creating an account or using the App, you consent to the collection, use, and disclosure of your personal information in accordance with this Policy.

1.    Personal Information We Collect

When you use the App, we may collect the following categories of personal information:

• Account and Profile Information

When you register, you provide information we can reasonably use to identify you and create your account, such as your first name, email address, and a password. You will also be asked to select one or more diagnoses from a list, which qualifies as sensitive health-related information.

• User Content

Information you voluntarily provide when you create or update your profile, post in CareGroups, share stories, or exchange private messages with your CarePals.

• Payment Information

Payments for subscriptions or features are processed directly through the App Store or Google Play. CareRoad does not store your credit card or banking information, however, we may receive limited transaction details (e.g., date, amount, and status) from these vendors to maintain your subscription.

• Device and Usage Data

Technical information collected automatically when you use the App, such as your device type, operating system, language settings, crash logs, and interactions within the App. This data helps us ensure functionality, security, and service improvements.

• Support and Communications

Information you provide when you contact us with questions, feedback, or complaints (e.g., your name, email address, and the content of your communication).

• Feedback

Information you provide when you respond to optional surveys, questionnaires, or feedback requests to help us improve the App.

• Anonymized Data

Aggregated, anonymous, or de-identified data derived from personal information. Such data cannot reasonably be used to identify you and is not considered personal information.

We limit collection to what is necessary for the purposes described in this Policy. We do not knowingly collect personal information from minors without the consent of a parent or legal guardian. The App may also contain links to third-party websites or services not operated by CareRoad. This Policy does not apply to those third parties, and we recommend you review their privacy policies before sharing any personal information.

Please read the following carefully to understand our practices regarding your personal information. We also encourage you to review our Terms and Conditions of Use (https://sites.google.com/view/careroad-terms/home).

2.    How We Use Your Personal Information

We may use your personal information for the following purposes:

To provide and operate the App

·       Create and manage your account.

·       Connect you with CarePals and CareGroups.

·       Enable messaging, notifications, and other interactive features.

·       Ensure the App functions properly on your device.

To communicate with you

·       Provide you with account-related information and service notices.

·       Respond to your questions, requests, or complaints.

·       Notify you of updates to the App or this Policy.

·       Send you optional communications, such as news or new features, if you have consented (you may unsubscribe at any time).

To process payments

·       Manage your subscriptions and transactions made through the App Store or Google Play.

·       Receive limited transaction details (e.g., date, amount, status) to maintain your account and confirm payment. CareRoad does not store your full payment card or banking information.

To improve and develop the App

·       Monitor technical performance and usage data (e.g., device type, operating system, crash reports) to ensure stability and security.

·       Perform analytics to understand how the App is used and to guide improvements.

·       Collect information you provide in optional surveys or feedback forms.

·       Create aggregated or de-identified information for statistical, research, or business purposes. This information cannot reasonably identify you.

To protect you and the community

·       Maintain a safe and respectful environment by detecting, preventing, and addressing misuse or violations of our Terms of Use.

·       Implement safeguards to prevent fraud, unauthorized access, or other harmful activity.

·       Enforce our Terms of Use and comply with applicable legal obligations.

To meet our legal obligations

·       Comply with our legal obligations (for example, responding to lawful requests or meeting regulatory requirements).

3.    Sharing of Personal Information

We do not sell your personal information to third parties. We only disclose it in the circumstances described below, or as otherwise permitted or required by law. We also limit the personal information disclosed to what is necessary for these purposes.

Service Providers

We use trusted service providers to help us deliver and operate the App. These may include providers of cloud hosting (Firebase/Google Cloud), analytics, crash reporting, notification services, and customer support tools. Where payments are processed through the App Store or Google Play, limited transaction details (such as the date, amount, and status of a payment) may be shared with us by those vendors. Service providers are contractually required to protect your personal information and may not use it for any purpose other than providing services on our behalf.

Community Features

Certain information you voluntarily share in the App (such as your profile, messages, or group posts) will be visible to other users of the App in accordance with your use of CareGroups or CarePals. Please use caution when deciding what information to share publicly or with others, as CareRoad is not responsible for information you choose to make available through community features.

Legal Compliance and Protection

We may disclose personal information when required by law, regulation, or court order, or when we believe disclosure is necessary to:

·       Comply with legal obligations.

·       Respond to lawful government or regulatory requests.

·       Enforce our Terms of Use.

·       Protect the rights, property, or safety of CareRoad, our users, or the public.

Business Transfers

If CareRoad is involved in a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. If such a transfer results in a material change in the use of your personal information, we will provide notice before your personal information becomes subject to a different privacy policy.

4. Where We Store and Transfer Your Personal Information

CareRoad stores your personal information primarily on secure servers provided by Firebase (Google Cloud) in Montréal, Québec, Canada.

While we configure our systems to keep data in Canada, certain limited processing or access may occur outside Québec or Canada (for example, if technical support or sub-processors are involved). In such cases, we apply contractual, technical, and organizational safeguards to protect your information and ensure that any transfers are limited to what is strictly necessary for the operation and support of the App.

Please note that laws in other countries may differ from those in Québec and Canada, and may permit or require access to personal information by local authorities, law enforcement, or national security bodies. Where required by law, we will disclose information only to the extent necessary and with appropriate safeguards in place.

For users in the European Economic Area (EEA) or the United Kingdom, if your personal information is transferred outside these regions, we rely on legally recognized safeguards such as Standard Contractual Clauses (SCCs) or their UK equivalent, in accordance with applicable privacy laws.

5.    How We Keep Your Personal Information Secure

We take the protection of your personal information seriously. We use administrative, technical, and physical safeguards designed to protect your information against accidental loss, unauthorized access, use, alteration, or disclosure.

These safeguards include, among others:

• Secure storage. Your data is hosted on Firebase/Google Cloud infrastructure, which complies with internationally recognized security standards.

• Encryption. Personal information is encrypted in transit and at rest.

• Access limitations. Access to personal information is restricted to CareRoad and trusted service providers who require it to operate the App, and such providers are bound by confidentiality and security obligations.

While we rely on industry-standard measures to protect your information, no system can be guaranteed 100% secure. We therefore cannot guarantee absolute security of your personal information.

6.    Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, regulatory, or contractual obligations. When your personal information is no longer needed, we will securely delete, anonymize, or aggregate it in accordance with applicable privacy laws.

If you delete your account, we will remove or anonymize your personal information within a reasonable period of time, unless we are legally required to retain certain data (for example, for tax, accounting, or dispute resolution purposes).

7.    Your Rights

Depending on your place of residence, you may have certain rights regarding your personal information, subject to applicable laws. These rights may include the right to:

• Access and correction. You may request access to the personal information we hold about you and ask that any inaccurate or incomplete information be corrected.

• Deletion. You may request the deletion of your personal information, subject to legal or contractual restrictions.

• Withdrawal of consent. Where processing is based on your consent, you may withdraw that consent at any time. Please note that this may affect your ability to continue using the App.

• Portability. In certain jurisdictions (such as the EEA and the UK), you may request a copy of your personal information in a structured, commonly used, and machine-readable format.

• Objection or restriction. In certain circumstances, you may request that we restrict or stop processing your personal information.

To exercise these rights, please contact us at [Contact Us[MM1] ]. We may ask you to provide information to help us verify your identity before responding to your request. We will respond within the timelines required by applicable law.

We do not discriminate against you for exercising your privacy rights.

8.    Children’s Privacy

The App is intended for individuals who are at least 18 years old. We do not knowingly collect personal information from individuals under 18 without the consent of a parent or legal guardian. If you are under 18, you may only use the App with the involvement and consent of a parent or guardian.

If we become aware that we have collected personal information from a minor without proper consent, we will take steps to delete such information promptly. Parents or guardians who believe their child has provided personal information to us without their consent should contact us at support@careroad.ca.

9.    Third-Party Links and Services

The App may contain links to third-party websites, plug-ins, or services. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites or services and are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party websites or services you interact with.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The date of the most recent update is indicated at the top of this Policy.

If we make material changes to how we handle your personal information or to your rights, we will notify you by posting a notice within the App, by email, or through another appropriate channel, in addition to updating this Policy on our website. We encourage you to review this Policy periodically to stay informed.

11.                  Supervisory Authorities and Complaints

If you have concerns about how we handle your personal information, we encourage you to contact us first at support@careroad.ca, so we can address your concerns directly.

Depending on where you live, you may also have the right to make a complaint to your local privacy regulator or data protection authority.

• In Québec, you may contact the Commission d’accès à l’information du Québec (CAI): www.cai.gouv.qc.ca

• In Canada, you may contact the Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca

• In the European Economic Area (EEA), you may find your supervisory authority here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

• In the United Kingdom, the relevant body is the Information Commissioner’s Office (ICO): www.ico.org.uk

12. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, you may contact us by mail at by email at support@careroad.ca.  

We have appointed a Privacy Officer / Data Protection Officer (DPO) to oversee compliance with applicable privacy laws, and this email address also serves as their direct contact point. We will respond to your inquiries in a timely manner, in accordance with applicable laws.

13. Supplemental Notices for Users in the European Economic Area (EEA) and the United Kingdom (UK)

If you are located in the EEA or the UK, the following legal bases for processing your personal information may apply, in addition to your consent:

·       Contractual necessity. We may process your personal information when it is required to provide you with the App and related services. For example, to create your account, connect you with CarePals and CareGroups, or respond to your inquiries.

·       Compliance with a legal obligation. We may process your personal information when necessary to comply with applicable laws. For example, to meet tax or accounting requirements.

·       Vital interests. We may process your personal information if it is necessary to protect your vital interests or those of another individual, such as in case of an emergency.

·       Legitimate interests. We may process your personal information where it is necessary for our legitimate interests and these are not overridden by your rights and interests. For example, to maintain and improve the safety, security, and performance of the App.