Cortico Health Technologies Inc. - Privacy Policy

Last Updated: 2025-11-11

1. Who is Cortico? What are the Website and the Programs?

Cortico Health Technologies Inc. and its subsidiaries, located at 6388 No 3 Road, Richmond BC, V6Y 0L4 ("Cortico"), develop software to help patients and clinicians communicate, share data, and save time.

Cortico's software includes the website at cortico.ca and cortico.health (the "Website") as well as an online patient engagement platform and booking service (together, the "Programs"). The Programs comply with all applicable privacy laws and regulations in jurisdictions where Cortico operates.

2. What is this document?

This Privacy Policy explains how and why Cortico collects, stores, and uses information about patients using the Programs ("you") while protecting and respecting your privacy rights.

Note that privacy obligations apply to the relationship between Cortico and patients. This Privacy Policy does not apply to medical services providers, administrators, support staff, clinic owners or other persons associated with a clinic or medical facility ("Clinician"). Clinician information is subject to statutory laws and regulations, and, if applicable, a Clinician's regulatory body.

It is incorporated into, and subject to, the terms of any other agreement between you and Cortico with respect to the Programs. It is governed by the laws of the Province of British Columbia, Canada.

If you have any questions about this Privacy Policy, please email privacy@cortico.health

3. Which types of information does Cortico collect?

When you access the Website or use the Programs, Cortico may collect three types of information:

• Health Information: Information that relates to your physical or mental health, or your medical history. Also called "personal health information" or "protected health information" in some jurisdictions.
• Personal Information: Information that can be used to identify you, such as your name or email address. Also called "personally identifiable information" in some jurisdictions.
• Anonymous Information: Information that neither relates to you nor can be used to identify you. For example, demographic information or site traffic information.

4. How does Cortico interact with your clinician's software?

Most clinicians store and administer their patients' Personal and Health Information using Electronic Medical Records (EMR) software.

Your clinician has decided to use the Programs to benefit from Cortico's digital services (such as booking appointments or making video calls). The Programs interact with EMR software.

Note: Cortico neither develops EMR software nor chooses which software your clinician uses.

4.1. Cortico forwards information to your clinician's EMR software.

To provide services through the Programs, Cortico collects Personal and Health Information about you. Cortico then forwards this information to your clinician's EMR software, which processes it to handle appointments, reminders, alerts, scheduling, changes, and more.

4.2. Cortico may access information stored in your clinician's EMR software.

To provide services through the Programs, Cortico may need administrative access to your clinician's EMR software. This is due to technical constraints related to the design of some software.

Such access requires written consent from your clinician, who may withdraw it at any time for any reason. If your clinician withdraws consent, the Programs will no longer work properly.

With administrative access, Cortico may access Personal and Health Information about you stored in your clinician's EMR software.

5. How does Cortico collect and use Personal or Health Information?

Cortico collects your Personal and Health Information:

• from you, when you use the Programs; and
• from your clinician's EMR software.

In addition, Cortico securely collects and stores your Personal and Health Information when:

• you allow your clinician to store such information using the Programs; or
• you ask Cortico to store such information (for instance, to maintain access to your personal health records if your clinician ever closes).

Your Personal and Health Information remains yours. Cortico only uses it as necessary to provide services through the Programs and as explained in this document.

5.1. Cortico may use Personal Information to reply to your messages.

If you contact Cortico through the Programs, Cortico may use your Personal Information to reply to your message.

To comply with applicable law or regulation, Cortico will keep your messages and its own (including any Personal Information they contain) as well as your email address indefinitely.

5.2. Cortico may email you for other purposes, unless you refuse.

Cortico may also use your Personal Information to email you for commonly accepted purposes, such as:

• to request your feedback (for instance, to help improve the Programs);
• to inform you about new products; or
• to notify you about changes to the Programs or its other products.

If you don't want Cortico to contact you for such purposes, you may opt out of these emails.

5.3. Cortico may use your information for other purposes — but only with your permission.

Cortico might identify other purposes for using your Personal Information than those covered in this document. If this is the case, Cortico must either ask for your consent or give you a way to opt out before using your Personal Information for those new purposes.

If you give Cortico your consent, you may withdraw it at any time. If you withdraw consent, however, the Programs might no longer work properly.

To learn more, see Cortico's guidance on how to exercise your privacy rights.

6. How does Cortico store and protect Personal and Health Information?

Cortico stores your Personal and Health Information in Canada, unless applicable law authorizes Cortico to store it elsewhere.

6.1. Cortico takes your privacy very seriously.

Cortico is committed to protecting and respecting your privacy rights. This commitment involves keeping your Personal and Health Information private and secure. To this end:

• Cortico tracks and audits all its access to such information. It provides access logs upon request to your clinician to ensure such access is appropriate.
• Cortico takes appropriate security measures to protect your information against information security risks. Such risks include unauthorized access, collection, use, disclosure, or disposal of information. Cortico uses industry-standard technology to maintain a secure environment.

To learn more, see the Cortico Privacy and Security Brief.

6.2. You must protect your access credentials.

To keep your Personal and Health Information secure, you must protect any credentials you use to access the Programs. This includes taking measures to protect the email account or phone you use to gain such access.

If you share your credentials with a third party for any reason, you may be responsible for actions taken using your credentials. If you believe someone else has obtained access to your credentials, you must contact Cortico immediately.

Cortico will never ask you to reply directly with your credentials or other sensitive information by email. However, Cortico may ask you to enter such information on the Website or other Cortico sites. Always verify the website domain is Cortico.health or Cortico.ca.

6.3. Cortico will delete your information — with exceptions.

Your access to the Programs may end as described in Cortico's Terms of Service.

When this happens, Cortico will delete your Personal and Health Information, unless applicable law requires Cortico to keep it.

7. What are your rights over your Personal and Health Information?

You control your Personal and Health Information. This means that you may at any time:

• ask to access the Personal and Health Information Cortico holds about you;
• ask Cortico to correct, update, or erase such information;
• ask to share, download, or export such information; and
• ask Cortico which of your Personal and Health Information it has erased.

You may also exercise some of these rights on your own using the Programs.

Please note that restrictions apply to the exercise of some of these rights. For instance:

• Cortico may need reasonable grounds to correct, update, or erase your information; and
• applicable law may require Cortico to keep your information for a specific duration.

To learn more, see Cortico's guidance on how to exercise your privacy rights.

8. Who may access your Personal Information?

When Cortico needs to view or share your Personal Information, it only views or shares information that it believes to be appropriate to the circumstances.

8.1. Cortico limits access to relevant employees and technology service providers.

Wherever reasonably possible, Cortico avoids sharing any Personal Information with its employees and technology service providers.

Cortico only gives access to your Personal Information to its employees and technology service providers who need to know such information to provide the Website and the Programs, as well as other products or services, to you. For instance, quality control personnel, developers and technical support may need to know such information if the software fails to work correctly and needs intervention.

Cortico requires such employees and technology service providers to:

• process your Personal Information in compliance with its instructions, this Privacy Policy, and any applicable law,
• protect such information using appropriate confidentiality and security measures; and
• neither use nor share such information for any other purposes.

Only properly trained personnel can access your information, and only when necessary for your care. Their training covers relevant policies put in place by your clinician and by Cortico as well as standards relating to information security, document retention, and protection of confidential or Health Information.

8.2. Cortico may share information in specific circumstances.

Cortico may share your Personal Information with other parties if:

• a legal process requires it (such as in response to a subpoena, warrant, or court order);
• applicable law requires it (for instance, in response to requests from law enforcement authorities, regulators, or auditors); or
• Cortico merges with, or is acquired by, another company. This Privacy Policy will continue to apply and the successor company will assume Cortico's obligations.

Cortico might want to share your Personal Information for purposes not covered in this document. If that happens, Cortico must ask for your consent.

9. How does Cortico collect and use Anonymous Information?

Reminder: Anonymous Information neither relates to you nor can be used to identify you.

Anonymous Information may include, for instance:

• medical-related administrative information (such as website visits and appointment dates),
• site traffic information (such as device, pages viewed, and features used),
• general statistics or metadata about users and usage patterns.

9.1. How does Cortico collect Anonymous Information?

When you access the Website or use the Programs, Cortico collects Anonymous Information (usage data) to improve the Programs.

9.2. How does Cortico use Anonymous Information?

Cortico owns all Anonymous Information.

Cortico may use Anonymous Information for various purposes, such as:

• conducting statistical and demographic research, analysis, and reporting;
• better understanding patients' preferences regarding the Programs;
• solving any technical issues within the Programs;
• training in-house artificial intelligence tools in order to improve care for you and other patients; or
• using and improving technological tools designed to assist your clinician in their work (for instance, to help them analyze your needs and provide appropriate treatment).

10. What happens when Cortico modifies this policy?

Cortico may modify this Privacy Policy at any time and will notify you of the change via the preferred channel you specify in the Programs, or upon your next use of the Programs. If you access the Programs after a change has been made, you are deemed to have accepted it.