We're committed to protecting personal information and respecting your privacy. This privacy policy (“policy”) explains how we handle the personal information we collect during the operation of our services. It also outlines your rights when it comes to your personal information.

We'll always be transparent about how and when we collect, use, and share your personal information, and we'll never sell your data.

This policy may be updated periodically. If it changes, we'll post a notice on our website or system interface. Updates are effective as of the date indicated on the policy.

In this policy, “we,” “our,” and “us” refer to OslerAI, including its subsidiaries and partners. Our privacy officer oversees compliance with this policy.

Healthcare practitioners who utilize OslerAI products maintain their own privacy policies regarding the collection, use, and disclosure of personal information, including personal health information. We recommend reviewing their privacy policies to understand the measures in place to protect your personal information.

What Is Personal Information?

Personal information is data that identifies an individual, either on its own or when combined with other information. Examples include names, contact details, and sensitive information such as health or employment-related data.

When relevant, this may include information about others, such as colleagues or dependents. If you provide such information, you are responsible for ensuring their consent for its collection and use.

Why do we use personal information?

We use your personal information to:

• Manage our relationship with you and provide the information or services you request.
• Conduct research and evaluate the development and performance of the system, including analyzing user feedback and training data to enhance and improve our services.
• Communicate with you regarding inquiries, customer support requests, or potential employment opportunities.
• Detect, prevent, or investigate security breaches.
• Process payment information, as applicable and agreed upon through the system.
• Validate requests and confirm identities.
• Protect our business operations and assets.
• Maintain accurate records for internal administrative purposes.

OslerAI reserves the right to aggregate and anonymize Account information (or other data) and use such aggregated information at its discretion. OslerAI does not use or access any personal health information stored within the system, except when explicitly requested by healthcare practitioners to provide technical support.

Our Services and Your Data

OslerAI is the creator and operator of an advanced AI training platform designed to assist healthcare professionals in honing their patient communication skills. The platform includes tools that simulate patient interactions, allowing healthcare professionals to practice delivering sensitive news and receive detailed feedback on their performance. The system evaluates these interactions and provides constructive guidance for improvement.

As a user of the platform, information such as your name, contact details, and account-related information will be collected to administer your account (“Account”). The simulated patient interactions do not involve actual personal health information; rather, they are based on pre-programmed scenarios and AI-generated responses. OslerAI does not collect or use any real personal health information and will only access system data if requested to provide technical assistance. In such cases, any interaction data accessed will remain secure, and no information will be collected or retained by OslerAI after the technical issue is resolved.

How We Collect Personal Information

We collect personal information in several ways:

• Directly from you – for example, when you sign up, submit information during interactions, or communicate with us.
• From third parties – such as authorized organizations, administrators, or service providers involved in delivering or managing our services.
• From system use – such as logs, analytics, or technical data generated while interacting with our systems.

When we collect your information, we'll only gather what is necessary and explain the purpose for its collection.

Types of Personal Information We Collect

Depending on your role and use of the system, we may collect:

• Identification and contact details (e.g., name, address, email, date of birth, or unique identifiers).
• Authentication details (e.g., passwords, biometric data, or system credentials).
• Behavioral and usage data (e.g., interactions with the system, IP addresses, session activity).
• Role-specific data (e.g., professional qualifications or affiliations).
• Other relevant details required to deliver or improve the services.

Website Access

Unless you choose to opt out, our website uses "Cookies" and other automated data collection technologies, with your consent, to gather personal information whenever you visit or interact with the website. This includes unique identifiers and preference information such as IP address, technical usage data, browser type, time zone settings, language preferences, operating system, unique device identifiers, search history, page response times, length of visits, pages viewed, marketing preferences, and navigation or clickstream behavior during online interactions. These Cookies help us better understand how you interact with our website and its content, allowing us to make improvements. Additionally, we may use Cookies to promote our services through targeted marketing and advertising. These Cookies may be accessed or shared with third parties to deliver relevant advertisements.

You have the option to opt out of Cookies or restrict third-party access to our Cookies through the privacy settings on your browser. Please note, however, that opting out of Cookies may limit certain website features and impact our ability to provide the information or services you have requested.

Contact Us

When you submit a form on the website or contact us directly via phone or email, we may collect details such as your name, email address, phone number, organization, the province where you are located, and any additional information you choose to share with us. This information is used by OslerAI to communicate with you and provide the information or assistance you requested.

Direct Marketing

If you sign up to receive direct marketing or promotional communications from OslerAI, we will collect your name and e-mail to inform you about the requested products and services.

How We Use Personal Information

Your personal information is used to operate, manage, and improve our services. Depending on the context, it may be used to:

• Verify your identity and eligibility for system access.
• Provide a tailored experience, such as personalized feedback or recommendations.
• Maintain accurate records and support effective system operation.
• Improve functionality, performance, and security of the platform.
• Support compliance with legal, regulatory, or organizational requirements.

Using Personal Information for System Optimization

We may use advanced technologies, such as data analytics, to refine and optimize the platform. This includes analyzing large datasets to enhance system performance, automate processes, and identify potential improvements. Wherever possible, personal information is anonymized to protect privacy.

Who Do We Share Personal Information With?

OslerAI shares your personal information only with service providers to operate the website and deliver the information or services you request. This may involve sharing personal information for purposes such as:

• Fraud prevention
• Payment processing
• Providing requested services or information
• Operating and maintaining the website
• Customer service

We ensure that all service providers maintain a comparable level of protection for your personal information, as outlined in this Privacy Policy. Contracts with our service providers require them to comply with these obligations and to use your personal information only for the purposes requested.

In rare instances, and as permitted or required by law, we may need to disclose personal information to law enforcement agencies when they demonstrate legal authority to request it.

OslerAI enables healthcare practitioners to use the AI training system to enhance their skills. If required by the healthcare practitioner's discretion, personal information related to the practitioner may be shared with other authorized individuals or organizations to support their training process.

OslerAI will never collect, disclose, or store personal health information as part of this process.

How We Share Personal Information

We only share personal information with authorized individuals and organizations required to support the delivery or improvement of services. This may include:

• Technology providers assisting in system operation.
• Security, legal, and compliance advisors.
• Regulatory or government authorities, when legally mandated.
• External evaluators or auditors involved in system quality assurance.

When information is shared, it is subject to strict confidentiality and security agreements. Some partners or systems may operate outside your jurisdiction, and information may be subject to local laws.

If your personal data is transferred to a country outside the European Economic Area (EEA), we ensure that the data is protected under standard contractual clauses or other appropriate safeguards, in accordance with applicable data protection laws.

How We Protect Personal Information

Protecting your information is a priority. We use technical and organizational safeguards to ensure data security, including:

• Encrypted data transmission and storage.
• Role-based access controls and multi-factor authentication.
• Continuous system monitoring and threat detection.
• Security and privacy training for employees and contractors.

Our service providers must meet or exceed our data protection standards and are contractually obligated to safeguard your information.

How Long We Keep Personal Information

We retain personal information, such as healthcare practitioner account details, for as long as necessary to provide the services for which it was collected or as required by applicable legal and regulatory obligations.

Healthcare practitioners using OslerAI are responsible for adhering to statutory and regulatory requirements regarding the retention of personal health information for a mandated minimum period. We encourage you to consult directly with your healthcare practitioner to understand how long they are required to store your personal information.

OslerAI is not an electronic medical record (EMR). Once any data related to the training system has been successfully utilized by the healthcare practitioner for its intended purpose, it is routinely deleted from the OslerAI platform in accordance with our data retention policies.

How Do We Keep Personal Information Accurate?

We take reasonable steps to ensure that any personal information in our custody is accurate and up-to-date. However, we primarily users to inform us when personal information changes. Once you update your information, it will be automatically reflected in our system.

Your Privacy Rights

You're in control of your personal information and have the right to:

• Access – Request a copy of the personal information we hold about you.
• Correct – Update or amend inaccurate or incomplete details.
• Delete – Request the removal of your information, where permissible.
• Manage Consent – Adjust preferences for how your information is used.
• Inquiry – Ask about our data practices or automated decision-making processes.

Data Subject rights

• Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data if it is based on legitimate interests, public interest, or direct marketing.
• Right to Withdraw Consent: You may withdraw consent to our processing of your personal information at any time, where applicable.

Contact us at [email protected] to exercise any of these rights. If we are unable to fulfill your request due to legal or operational constraints, we will inform you promptly. All requests will be handled with equal care and attention.

How do we protect your personal information and respond to breaches?

We implement reasonable and appropriate physical, administrative, and technical measures to help secure your personal information against accidental or unlawful loss, access, or disclosure. Only authorized personnel and service providers with a legitimate business purpose for accessing your personal information are allowed to do so. Access to sensitive data is logged and restricted to key operational personnel. Any unauthorized use of personal information by anyone affiliated with OslerAI is strictly prohibited and may result in disciplinary action.

For the AI training system, all personal information and any data associated with the system are protected using industry-standard encryption, including encryption at rest and in transit. All data is securely stored and transmitted using robust encryption measures, ensuring that it is inaccessible to unauthorized third parties, including OslerAI's own employees. OslerAI utilizes cloud infrastructure with strong security measures to protect your data.

Although we take all necessary precautions to safeguard your personal information, no system is entirely immune to potential security breaches. In the event of a suspected or confirmed security breach (an "Incident"), it is immediately reported to the privacy officer and senior management for investigation. During the investigation, any at-risk data will be secured or deleted, and audit logs will be reviewed to aid in the follow-up.

If the Incident is confirmed as a breach, OslerAI will follow applicable legal and regulatory requirements.

Where do we store personal information?

All personal information collected through OslerAI is securely stored on servers located in Canada. These servers are used to securely store all information collected through our platform and associated services. However, personal information processed by our third-party service providers may be stored outside Canada. When personal information is stored outside of Canada, it is subject to the laws of that jurisdiction, which may allow governmental authorities to access your personal information. For more information on our service providers or where personal information is stored, please contact us at [email protected].

Links to third-party sites

Our platform may contain links to third-party websites, including those promoting other products or services. Additionally, your healthcare practitioner may have their own website with separate privacy policies. These third-party organizations operate independently from OslerAI. We are not responsible for how any third party collects, uses, or discloses your personal information. We encourage you to review the privacy policies of these websites before sharing any personal information with them.

Concerns or Questions?

If you have any concerns, questions, or requests, please contact our team at [email protected].

OslerAI