Privacy Policy

Effective Date: December 17, 2025

1. Overview

Medda Technologies Incorporated and its affiliates (“Medda”, “we”, “our”, “us”) are committed to protecting your personal information (which may include your medical or personal health information) that we collect, use and disclose in the course of providing services and operating our business, in accordance with all applicable regulatory requirements, including applicable privacy and health legislation. Personal information does not include de-identified or aggregated information that cannot reasonably be associated with a specific individual. 

2. Information We Collect 

We collect personal information directly from individuals, your healthcare providers and through our services.We may also receive information indirectly and through third-parties. We also collect personal information through automatic means through our Websites as described below. We collect and process the following types of personal information:

  • Personal Identification Information: Name, date of birth, contact details, signatures and similar information.

  • Health or Medical Information: Medical history, prescriptions, diagnosis, test results, treatment plans or other medical records. We always seek consent from you or your healthcare providers to collect health or medical information - which can be revoked. 

  • Authentication Data: Government-issued ID, healthcare or patient identifiers, biometric authentication data (if applicable), authentication forms and similar data.

  • Web Usage Data: Log files, device information, IP addresses, and browsing behavior within our platform, including Google Analytics, ‘cookies’ or similar technologies.

3. How We Use Your Information 

How we might use your personal data depends in part on which services that you use, how you use them, and any preferences selected. We may use your personal data to: 

  • provide, manage, and improve our services, including Customer care services, and retrieving, organizing, and sharing your medical information with authorized recipients (such as Medda Care).

  • ensure security and fraud prevention measures, service availability and system analytics. 

  • assist in research and development to improve speed, security, and artificial intelligence (AI) integration, including to identify trends, usage, activity patterns, and areas for integration and improvement. 

  • create anonymized and aggregated data to support research and development, health outcomes (as permitted) and AI enablement. 

  • provide communication, analytics, service development (including AI), support, update and marketing purposes, including by email, SMS or mobile notification. 

  • process to maintain compliance as required by legal and regulatory obligations.

4. Legal Basis for Processing

We process personal data based on different legal grounds. Your consent allows us to collect and share your data when you explicitly authorize us. Legal obligations require us to process your data under applicable regulatory frameworks such as Provincial health information acts or Provincial or Federal personal information protection acts. We may also process your data under legitimate interests, ensuring that our services function effectively and securely. In cases where processing is necessary to fulfill an agreement with you, we rely on contractual necessity as a legal basis.

5. Data Sharing and Disclosure 

We may share your data with:

  • Healthcare Providers: To facilitate your medical care, continuity of care and in support of our services, as agreed with yourself or your medical providers, including Medda Care. 

  • Authorized Representatives: Individuals or companies you designate to access your records.

  • Legal Reasons: We or our third-party service providers may disclose personal information to other persons in response to a valid legal investigation or order in the case of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise required or permitted by applicable law or governmental authority.

  • Service Providers: Third-party vendors, agents and contractors who assist with provision of our services including security, cloud storage, AI, software, billing, communications and analytics.

6. Data Security Measures 

We understand that data security is a critical issue and we are committed to safeguarding the Personal Information in our custody or control. We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure.

7. Your Choices

If you have signed up to receive our email communications, you can unsubscribe any time by clicking the ‘unsubscribe’ link included at the bottom of the email. 

Opting out of ‘interest-based advertising’ (via ‘cookies’ or similar technologies) and to understand your options for more control over tracking technologies, please visit the Digital Advertising Alliance of Canada website at: http://youradchoices.ca/choices

Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics, and you may still see ads but the ads may be less relevant to you and your interests.

For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

8. Your Rights 

You may:

  • Access & Portability: Request a copy of your medical records in a structured format.

  • Correction: Update or correct inaccuracies in your data.

  • Erasure: Request deletion of your data, subject to legal and operational requirements.

  • Consent Withdrawal: Revoke consent for processing where applicable, including revoking any authorization and consent for health or medical information.

  • Objection & Restriction: Limit how your data is processed under certain conditions.

To exercise these rights, please send a written request to the Contact Us section below.

9. Data Retention

We retain your personal information for only so long as is necessary to fulfill the purposes for which it was collected or as required to meet legal or regulatory requirements. We may keep your personal information along with other information about you in our records, even after your account is closed, for the purposes of complying with legal and regulatory obligations. For example, medical records are often required to be maintained for 10 years, depending on your location. 

10. De-Identified and Aggregated Information

De-identified information is data that has been processed to remove personal identifiers so it cannot reasonably identify you. We create de-identified information by removing names, contact details, unique identifiers, and modifying other elements like dates and geographic information that could identify individuals.

We use de-identified information for broader purposes including AI training, health research, service improvement, product development, and analytics. Unlike identifiable personal information, de-identified data can be used, shared, and commercialized more flexibly because it cannot reasonably be linked back to you.

We apply de-identification standards, regularly assess risks, and prohibit any attempt to re-identify individuals.

11. International Data Transfers 

Your data is stored in data centers in Canada. It may be accessed or processed from outside Canada in limited circumstances for third party service support (including AI), technical support and maintenance purposes, including maintaining, repairing, trouble-shooting or upgrading the platform or software. 

12. Third Party Links

Our Website may contain links to other websites that Leeg does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites.

13. Updates to This Privacy Policy 

We may update this Privacy Policy periodically to reflect changes in laws, regulations, or business operations. We encourage you to review this page regularly to ensure you are familiar with those changes. We will indicate at the top of this privacy policy when it was most recently updated.

14. Contact Information

For questions or concerns about this Privacy Policy please contact us at: legal@medda.ai

By using Medda's services, you acknowledge that you have read, understood and agree to this Privacy Policy and any applicable Terms of Service.