Privacy Policy

INTRODUCTION ‍NodeAI ("NodeAI," "we," "our," or "us") provides artificial intelligence-powered software accessible through our website (https://www.nodeai.ca), associated applications, and related services (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Services.

NodeAI's Services are intended for use by authorized professionals, including clinicians and researchers, and are not intended for direct consumer use.

By accessing or using the Services, you ("Authorized User") agree to the terms of this Privacy Policy.

CURRENT USE OF DATA (RESEARCH USE ONLY)

NodeAI currently operates as a research and evaluation platform.

At this time:

NodeAI does not collect, process, or store Personal Health Information (PHI), defined as health-related information that identifies or could reasonably identify an individual.

Users are strictly prohibited from submitting any clinical or health-related information that directly or indirectly identifies an individual.

The Services are designed to accept de-identified data only, including cropped images that cannot reasonably be used to identify a person.

Users are responsible for ensuring that any data submitted to NodeAI has been properly de-identified in accordance with applicable laws and standards, including (as applicable) HIPAA Safe Harbor or Expert Determination standards, and PHIPA (Personal Information Protection Act) de-identification requirements.

NodeAI reserves the right to remove or restrict access to any data that does not meet these requirements.

BUSINESS INFORMATION COLLECTION (CURRENT RESEARCH PLATFORM)

To operate our research platform and manage user accounts, NodeAI collects certain business and administrative information. This is separate and distinct from clinical data or Personal Health Information (PHI). Business information collected may include your name, email address, residential address, phone number, date of birth, gender, occupation, and geolocation. This information is collected solely for account management, service delivery, security, and platform improvement—not for clinical or health-related purposes. Collecting this business information is voluntary; however, failure to provide it may limit your ability to access certain features of the Services.

FUTURE CLINICAL USE (SOFTWARE AS A MEDICAL DEVICE)

NodeAI is developing capabilities that may qualify as Software as a Medical Device (SaMD). In future clinical deployments, NodeAI may support workflows involving Personal Health Information, but only:

- under formal agreements with healthcare organizations or providers;

- in compliance with applicable privacy and health information laws (including, where applicable, PHIPA, PIPEDA, HIPAA, or other regulations); and

- subject to appropriate technical, administrative, and contractual safeguards.

Unless explicitly stated in a written agreement with your healthcare provider, Personal Health Information must not be submitted to the Services.

In future clinical deployments, the "Personal Health Information Privacy" section of this policy (below) will govern the handling of PHI.

TYPES OF INFORMATION WE COLLECT

NodeAI may collect information from Authorized Users and Clients through your use of our website, services, and software solutions, which falls into two categories:

(a) "Personal Information" refers to any information about an identifiable individual collected for business, account management, or administrative purposes, as defined by applicable privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and similar laws where applicable. This is distinct from Personal Health Information (PHI). Business-related Personal Information we collect may include: your name, email address, residential address, geolocation information, phone number, date of birth, gender, occupation, and your username. This information is collected to manage your account, deliver requested services, respond to inquiries, and improve our platform.

(b) "Non-Personal Information" refers to data that does not identify you as an individual. This may include business activity or transaction data, as well as statistics derived from such data. Non-Personal Information can also result from Personal Information that has been de-identified, meaning any identifiable elements are removed to create generalized data such as age, postal code, or other demographic details, which may then be used for system optimization or usage pattern analysis. De-identified data becomes Non-Personal Information under this definition, in compliance with applicable policies and legislation. Additionally, Non-Personal Information includes anonymous "Usage Data," such as data related to how you interact with NodeAI's software. This could include information about how long you use our services, what features you engage with, and technical details about your device and browser. Usage Data, in its non-identifying form, is gathered for improving our services and system troubleshooting.

(c) "Personal Health Information (PHI)" refers to health-related information that identifies or could reasonably identify an individual. As stated in the "Current Use of Data" section above, NodeAI does not currently collect, process, or store PHI on the research platform. In future clinical deployments, PHI may be collected only under formal healthcare provider agreements and in compliance with applicable privacy laws (PHIPA, HIPAA, and others). See "Personal Health Information Privacy" section below for details on future clinical use.

At NodeAI, Non-Personal Information is collected and used for internal purposes such as resource planning and optimizing service delivery, in compliance with relevant agreements and legislation. Non-Personal Information may be shared with third-party sub-contractors supporting our services. NodeAI is not engaged with any third-party advertising partners and does not use Non-Personal Information for advertising or marketing purposes.

Providing Personal Information or Non-Personal Information (except Usage Data) is entirely voluntary. If you choose not to provide certain details, this may limit our ability to deliver certain features of the services. However, the decision to share or withhold information is always yours.

APPLICATION OF THIS PRIVACY POLICY

This Privacy Policy applies solely to the information that NodeAI collects, uses, or receives from you through your access to and use of our website, services, and AI-driven solutions. NodeAI is not responsible for the actions of any third parties, the content of their websites, or how they handle the information you provide to them. Any information you share with third parties is subject to the privacy policies of those third parties. We encourage you to review their privacy policies to understand how your information will be handled by these entities.

NodeAI's website and services may also contain links to third-party websites ("Linked Sites") that are not controlled or operated by NodeAI. These links are provided for your convenience and do not indicate NodeAI's endorsement, affiliation, or sponsorship of those third parties. Linked Sites are governed by their own privacy policies and terms of use. NodeAI is not responsible for the information you disclose to, or that is collected by, these Linked Sites or for the privacy practices of the operators of those sites. To understand how your information will be treated when interacting with a Linked Site, please review the privacy policy applicable to that specific site.

CONSENT – PERSONAL INFORMATION

As a client, by providing Personal Information to NodeAI, you consent that we may collect, use, disclose, and transfer your Personal Information in accordance with this Privacy Policy and as permitted or required by law.

Subject to legal and contractual requirements, you have the right to refuse or withdraw your consent to the collection, use, disclosure, and transfer of your Personal Information for specific purposes outlined in this policy. You may do so at any time by contacting NodeAI using the contact details provided below. If you choose to refuse or withdraw your consent, please be aware that we may be unable to provide or continue providing certain services that may be beneficial to you.

COLLECTION OF INFORMATION

We may collect information from you in the following ways:

(a) Information You Provide to Us. When you engage with NodeAI as our Client to receive a Service that requires submitting information, we collect the minimum information necessary, as per this privacy policy, to deliver the requested Service. This information may be necessary for verifying your identity, fulfilling your orders, contacting you regarding the Service, or other actions required to provide and protect your information.

(b) Your Location. In certain cases, we may collect precise or approximate geolocation information as part of delivering requested Services. This data is collected only when necessary, is securely deleted after use, and is not stored for any other purpose. Location-based data is also aggregated from de-identified Client information for resource management but does not include any identifying details.

(c) Information You Submit to Us. If you voluntarily submit Personal Information for any other reason, we will collect and use it for the purpose for which it was submitted.

(d) Visiting Our Site. We do not collect any Personal Information simply by virtue of your visiting our Site. However, we collect Non-Personal Information, such as Usage Data, to improve our Portal. This data is not combined with Personal Information unless you choose to provide such information.

(e) Where Permitted by Law. We may also collect information, including Personal Information, as otherwise permitted by law.

(f) Do Not Track (DNT). Do Not Track (DNT) is a privacy setting available in most web browsers. NodeAI does not currently respond to DNT signals. If you wish to limit tracking, you may disable cookies in your browser settings or use the Google Analytics opt-out mechanism described below.

(g) Cookies. We may use "cookies" or similar technologies when you access our Site or Services. Cookies are small files that are stored on your computer by your web browser. A cookie allows the Services to recognize whether you have visited before and may store user preferences and other information. If you do not wish to accept cookies, you can block or disable them, but some aspects of our Site may not function properly as a result.

(h) Third-Party Analytics Partners. NodeAI uses Google Analytics to collect and analyze usage data for the purposes described in this Policy. Google Analytics may collect your IP address and device identifiers and processes this data on servers located in the United States. By using the Services, you consent to the processing of your data by Google in the manner and for the purposes set out in Google's Privacy Policy (policies.google.com/privacy). You may opt out of Google Analytics data collection at https://tools.google.com/dlpage/gaoptout.

(i) Aggregated or De-identified Information. We may also collect and share aggregated or de-identified information about users of the Site, including any de-identified or aggregated information collected through the Portal. Such aggregated or de-identified information will not identify you personally.

(j) Server Logs. Server logs automatically record information and details about your online interactions with us. For example, server logs may record information about your visit to our Services at a particular time and day and collect information such as your device ID or IP address.

USE OF YOUR INFORMATION

NodeAI may use your Personal Information for administrative, analytical, optimization, security, and other purposes, including, but not limited to, the following:

(a) To develop, enhance, market, sell, or otherwise provide information, products, services, and functionality that you, as our Client, have requested, including the Services;

(b) To improve our Site and inform the development of future Services;

(c) To improve our platform infrastructure, service reliability, and operational systems using anonymized usage and telemetry data. NodeAI does not use submitted clinical images or clinical data to retrain or fine-tune its AI or machine learning models without the express prior written consent of the submitting institution. See the 'Current Use of Data' section above;

(d) Improve our artificial intelligence and machine learning;

(e) Benchmark results for our customers;

(f) To send you information related to our Site and other topics that are likely to be of interest to you, including newsletters, updates, promotional emails, technical notices, security alerts, and support or administrative messages;

(g) To engage in analysis, auditing, research, and reporting, including through Google Analytics as described in the 'Collection of Information' section above;

(h) To manage your account with NodeAI, respond to customer service inquiries and/or troubleshoot problems with the Site and/or Services;

(i) To compile usage statistics; and

(j) For any other purpose to which you consent or that is otherwise permitted or required by law.

By providing Personal Information through your access to, or use of, our Site, you acknowledge and agree that we may use the Personal Information for the purposes outlined in this Privacy Policy. By accessing, using, or submitting information to us, you also agree that we may use Non-Personal Information for the purposes set out in this Privacy Policy.

DISCLOSURE OF INFORMATION

NodeAI will not transfer your Personal Information to third parties, except to our subsidiaries, subcontractors, and business partners who are engaged to provide services on our behalf, such as (but not limited to) web hosting, software providers, and order fulfillment companies. These third parties are required to comply with legally mandated privacy standards and may only use your Personal Information for the purposes disclosed at the time of collection or for a use consistent with that purpose. NodeAI will only share the minimum necessary Personal Information required to deliver the Services you requested from NodeAI or that third parties provide on NodeAI's behalf in accordance with this Privacy Policy.

We may also disclose your Personal Information to third-party vendors whose products or services you have requested as our Client to deliver those products and services. Such third parties may retain and use your Personal Information even if you do not purchase their products or services. Your Personal Information will be subject to their privacy policies, and you should contact them directly to inquire about or address any concerns with their policies.

Notwithstanding the above, we reserve the right to disclose Personal Information if required by law or legal process or upon the request of a law enforcement officer or agency acting under proper authority. Additionally, we reserve the right to disclose Personal Information and Non-Personal Information to:

(a) enforce our Terms of Use;

(b) investigate or take action against unlawful activity, suspected misuse of our Site and Services, or unauthorized use;

(c) protect and defend the rights or property of NodeAI; or

(d) act in urgent situations, including medical emergencies, to protect the safety or security of the public or yourself.

Subject to applicable privacy laws, we may also disclose information, including Personal Information, in connection with a corporate reorganization, merger, or sale of all or part of NodeAI's assets, as permitted by applicable federal and provincial commercial privacy legislation. Such disclosure is allowed only if the receiving entity continues to use the information for the purposes allowed under this Privacy Policy. If such a transaction occurs, we will notify you as required by applicable legislation that your Personal Information has been transferred.

We may also share aggregated or anonymized information, including de-identified Personal Information, with service providers, business partners, and third parties, as permitted by law.

Additionally, we may share Non-Personal Information, such as Client Usage Data, device IDs, and approximate geolocation data, with third parties who assist us with operations like administration, analytics, planning, optimization, and security, either directly or through services provided on NodeAI's behalf.

PROTECTION OF YOUR INFORMATION

In accordance with applicable privacy laws, NodeAI has implemented reasonable administrative, physical, and technical safeguards, including system audit logs, to protect the information we collect or receive from unauthorized access, loss, misuse, or alteration by third parties. While we strive to maintain the integrity and security of our network and systems, no method of transmission over the Internet or electronic storage is entirely secure, and we cannot ensure or warrant the security of any information you transmit to the Services or to us, and you transmit such information at your own risk. We do not warrant or represent that your information will be completely protected against loss, misuse, or alteration by third parties.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY FOR YOUR PERSONAL INFORMATION.

If you have questions or require further details on how we safeguard the information we collect or receive, please contact us at info@nodeai.ca

EXTERNAL LINKS

This Site may contain links to third-party websites. If you use these links, you will leave the Site and/or Services. We have not reviewed these third-party sites and do not control and are not responsible for any of these sites, their content, or their privacy policy. Thus, we do not endorse or make any representations about them, or any information, software, or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites listed on our website, you do so at your own risk.

DATA RETENTION

NodeAI retains Personal Information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable law and regulation. Retention periods may vary by data type and are governed by our internal data retention schedule. Certain records may be subject to mandatory minimum retention periods under applicable medical device regulations (including FDA 21 CFR Part 820 and Health Canada requirements), or other legal requirements, and deletion requests may be deferred or declined on those grounds. We will advise you of any such limitation when responding to a deletion request.

When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.

INTERNATIONAL USERS

Information collected through or in connection with the Services is transferred to and processed in Canada or the United States for the purposes described above. Specifically, NodeAI uses Google Analytics, which processes usage data on servers located in the United States. Some third-party service providers may store limited contact information outside of Canada or the USA for specific services that you have requested. In certain jurisdictions, courts, law enforcement agencies, regulatory bodies, or security authorities may be entitled to access such information.

If you are a resident of the EU, UK, or another jurisdiction with an applicable privacy law, you may have the following rights:

(a) the right to be informed;

(b) the right to access and rectify your data;

(c) the right to erasure;

(d) the right to data portability;

(e) the right to restrict or object to processing;

(f) the right to opt out of automated decision-making;

(g) the right to lodge a complaint with your local data protection authority; and

(h) the right to withdraw consent where applicable.

ACCOUNT SECURITY

As a user accessing our Site and/or using any of our Services, you are responsible for maintaining the confidentiality of your account credentials and any authentication factors associated with your account, including passwords, multi-factor authentication codes, single sign-on tokens, and any other access mechanisms we may implement. You agree to take responsibility for all activities that occur under your account. Please notify us immediately if you suspect a breach or misuse of your account.

ACCESS AND ACCURACY

NodeAI will use commercially reasonable efforts to provide Authorized Users and Clients access to Personal Information we hold about them. To request access, contact us at info@nodeai.ca.

NodeAI reserves the right to deny access to Personal Information on any of the following grounds:

(a) when denial is required by law;

(b) when granting access is reasonably likely to negatively impact the privacy of others;

(c) when it is cost-prohibitive acting reasonably; or

(d) when we have reason to believe the request is frivolous or made in bad faith.

If you believe Personal Information maintained by NodeAI is inaccurate or incomplete, please notify us at info@nodeai.ca. Upon receiving a request, we will use commercially reasonable efforts to either amend or correct your information, or note any claimed inaccuracies as reported.

CHILDREN

NodeAI recognizes the privacy interests of children, and our Site is not intended for individuals under the age of majority in your jurisdiction. We do not target our Site or Services to children under the age of majority. NodeAI does not knowingly collect or use any Personal Information from children under the age of majority unless provided by a parent or guardian using the Site on behalf of such minors. If a parent or guardian becomes aware that their child has provided us with information without their consent, please contact us at info@nodeai.ca. We will take steps to delete such information from our files within a reasonable time.

GOVERNING LAW

Those who choose to access or use the Site from outside Canada do so on their own initiative and are responsible for compliance with local laws, if and to the extent such laws are applicable. Notwithstanding this, and in recognition of the global nature of the Internet, each individual shall comply with all local rules regarding online conduct and submission of acceptable materials. This Privacy Policy is governed by and will be interpreted pursuant to the federal laws of Canada.

PERSONAL HEALTH INFORMATION PRIVACY

This section applies exclusively to future clinical deployments where NodeAI acts as a service provider to a Health Service Provider. It does not apply to NodeAI's current research platform, which does not collect or process Personal Health Information (PHI).

Definitions:

"Affiliate" or "Agent" refers to any person or entity directly employed by or performing a service for a Health Service Provider under contract or agency relationship.

"Health Service" refers to any health-related service provided to a Patient by a Health Service Provider, whether utilizing NodeAI software or otherwise.

"Health Service Provider" refers to any provider of Health Services, such as pharmacists and doctors, utilizing NodeAI to deliver Health Services. It can also refer to groups of Health Service Providers under a single entity, like a pharmacy or clinic.

"Patient" refers to an individual receiving Health Services.

"Patient Representative" means a person authorized to act on behalf of the Patient in managing the Patient's Health Services.

"Personal Health Information (PHI)" refers to health-related information that identifies or could reasonably identify an individual, including medical records, diagnostic information, treatment details, and health history.

Collection and Use of Personal Health Information:

The collection, use, and protection of all Personal Health Information are the responsibility of the Health Service Provider. For any inquiries regarding this information, please contact your Health Service Provider directly. Alternatively, you may contact NodeAI's leadership using the contact information in this Privacy Policy, and we will forward your inquiry to your Health Service Provider on your behalf.

NodeAI may also use Non-Personal Information to support services, such as geographic data or payment processing. De-identified Personal Health Information may only be used as Non-Personal Information if directed by the Health Service Provider.

Consent:

Providing your Health Service Provider or NodeAI with Personal Health Information is voluntary. By doing so, you consent to the collection, use, disclosure, and transfer of your Personal Health Information to facilitate the delivery of Health Services, in accordance with the Health Service Provider's policies and applicable law. Subject to statutory and contractual requirements, you may refuse or withdraw consent to the collection or use of your Personal Health Information at any time. However, withdrawal of consent may limit the ability of the Health Service Provider to deliver Health Services.

In certain circumstances, your Patient Representative may provide Personal Health Information and consent on your behalf. Proof of authorization may be required by the Health Service Provider or NodeAI before accepting information from a Patient Representative.

Use and Disclosure of Personal Health Information:

NodeAI uses or discloses Personal Health Information only in the manner and for the purposes authorized and directed by the Health Service Provider. NodeAI does not use Personal Health Information for other purposes unless directed by the Health Service Provider. Any requests to access, amend, or correct your Personal Health Information should be directed to your Health Service Provider. NodeAI will forward such requests to the relevant Health Service Provider and inform you of the action.

Data Retention:

We retain Personal Health Information only as directed by your Health Service Provider and in compliance with applicable law. NodeAI does not use cookies for Health Service delivery. No advertising occurs within our platform.

CONTACT US

We welcome questions or comments regarding this Policy. Please direct inquiries to info@nodeai.ca.