Book a demo
Fr
Close Menu
EN FR
Book a demo
Our expertise
How it works Science behind HALEO How we support you
Meet HALEO
About us Career
How can we help
Take our online free screener Refer us your employer
Become a partner
HALEO for healthcare professional HALEO for insurer HALEO for sleep apnea experts
M127 - Hero Default

HALEO Privacy Policy

Last Updated : 2025-07-22
00 - Typography

1. Our Commitment to Your Privacy


HALEO Preventive Health Solutions Inc. (“HALEO,” “we,” “us,” “our”) is committed to protecting the privacy and security of your Personal Information. This privacy policy (the “Privacy Policy”) explains how we collect, use, communicate, store, and protect the Personal Information of our service users, website/app visitors, employees, service providers, and job applicants (collectively, “you”).

We handle your Personal Information in accordance with this Privacy Policy and applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector. We strive to be transparent about our practices and limit our collection and use of your information to specific, necessary purposes. Our commitment to robust security and privacy practices is validated through independent audits, and we maintain certifications including SOC 2 and ISO 27001:2022, demonstrating that our controls meet stringent industry standards.

“Personal Information” refers to any information which relates to a natural person and directly or indirectly allows that person to be identified. This includes details you directly provide, such as your name, contact information, date of birth, and health-related information necessary for our sleep services, as well as information we might receive from authorized third parties, such as your employer if they offer our services. We collect this information with your consent and use it strictly to provide and improve our services, as detailed in this Privacy Policy.

2. Application of This Policy


This Privacy Policy applies to Personal Information we collect through:

  • Our services, including therapy programs delivered via videoconference (the “Services”).
  • Our websites: haleoclinic.com, haleo.ca, haleo.clinic, and related subdomains (the “Websites”).
  • Our mobile applications (the “Apps”).
  • Interactions with our employees, representatives, service providers, and clinicians.
  • Information provided by third parties (such as your employer or referring provider) where you have authorized them to share it with us.
  • Our recruitment and employment processes.

3. Information We Collect

We collect Personal Information necessary to provide our Services and manage our operations. This includes:

  • Personal Information You Provide:
    • Identifying Information: Name, email address, phone number, mailing address, date of birth.
    • Account Information: Login credentials for our Services.
    • Health Information: Information related to your sleep, general health, symptoms, sleep diary entries, evaluation responses, session communications, and treatment progress necessary to provide our specific sleep programs (such as Insomnia, Shift Work, Nightmare, Sleep Optimization).
    • Insurance/Benefits Information: If applicable and authorized by you, your insurance contract and certificate number for billing purposes.
    • Correspondence: Records of your communications with us (e.g., messages via the Apps, emails to support).
    • Feedback: Satisfaction surveys and feedback provided during the program.
  • Information from Third Parties (With Your Consent or Authorization):
    • Employers/Benefit Providers: We may receive your eligibility information (e.g., name, potentially contact details) if your employer or benefits provider offer HALEO Services as a benefit.
    • Referring Providers (e.g., Physician, Sleep Clinic): If you were referred to us, we may receive referral details. We will seek your separate consent to share progress updates back with your referring providers, as further detailed at Section 7.
      • Information We May Receive When Referred: If your physician or another clinic refers you to HALEO, they might send us basic referral details, such as your name, contact information, the reason for referral (e.g., “insomnia”), and brief, relevant clinical notes about your sleep issue.
    • Insurers: If you authorize direct billing, we receive necessary Personal Information from your insurers to process claims.
  • Technical and Usage Information (Collected Automatically):
    • Device and Connection Information: IP address, browser type/version, operating system, time zone setting, device type.
    • Usage Details: Information about how you interact with our Websites and Apps (e.g., clickstream data, pages viewed, session duration, feature usage, download errors). This information is primarily collected to ensure service functionality, security, and for internal analytics to improve our Services. We aim to minimize the collection of technical data linked directly to identifiable health information where possible.

4. How We Collect Your Information


  • Directly from You: When you fill out forms, create an account, complete sleep diaries or evaluations, communicate with us or your therapist, or apply for a job.
  • Automatically: When you navigate our Websites or use our Apps, through technical means such as server logs and essential cookies (see Section 15).
  • From Authorized Third Parties: Such as your employer, benefits provider, insurer, or referring healthcare provider, based on your relationship with them and consents you have provided to them.

5. Purposes of Collection and How We Use Your Personal Information

HALEO is committed to collecting only the Personal Information that is necessary to achieve the specific, legitimate purposes identified below. We use collected Personal Information only for the following purposes, unless otherwise permitted by applicable law or unless you consent to any other use:

  • Providing and Improving Services:
    • To deliver the specific HALEO sleep program you enroll in, including therapy sessions via videoconference (using Zoom integrated into our secure App).
    • To create and manage your HALEO account.
    • To track your progress (e.g., through sleep diaries) and tailor the therapy.
    • To provide post-therapy support (e.g., follow-up questionnaires, relapse support).
    • To perform internal operations, such as data analysis (using anonymized information, where possible, as to identify trends and improve service effectiveness), testing new features, research (using anonymized information, where possible, as detailed below), monitoring usage trends for service optimization, troubleshooting software/operational issues, and preventing fraud or abuse.
  • Communication:
    • To communicate with you about your therapy, appointments, and account details.
    • To send essential non-promotional service-related communications.
    • (With Your Explicit Consent): To send optional communications, such as newsletters or information about HALEO’s products, services, or promotions that may be of interest to you. You can withdraw this consent at any time via unsubscribe links provided in such communications or by contacting us. We do not use your Personal Information for targeted advertising by unrelated third parties.
  • Billing and Administration:
    • To process payments for Services (if applicable to your enrollment).
    • To submit claims directly to your insurer or benefits provider (only with your explicit authorization and consent, providing only the information necessary for the claim).
  • Coordination of Care (With Your Explicit Consent):
    • To share necessary progress summaries or essential updates with your referring provider (e.g., physician, sleep clinic) or referral program (e.g., disability case manager) to support coordinated care, as detailed in separate consent forms you approve.
  • Recruitment and Employment:
    • To assess job applicants and manage employment relationships, collecting only information relevant to these processes.
  • Legal and Safety:
    • To enforce our terms of service, protect the rights and safety of HALEO and our users, comply with our legal obligations (including responding to lawful requests, such as subpoenas, where we disclose only the information legally required), and to address the specific limits of confidentiality outlined in our consent forms (e.g., situations of imminent harm or mandatory abuse reporting).
  • Quality Improvement and Research (De-identified or Anonymized Information):
    • To use de-identified information (meaning information where details that could directly identify a person have been removed) or anonymized information (meaning information that has been permanently altered so that it can never reasonably be used to identify a person, either directly or indirectly, under any foreseeable circumstances) for assessing program effectiveness, conducting research to advance sleep science, and improving our Services. You can opt-out of your de-identified or anonymized information being used for research purposes by contacting our Privacy Officer, as identified below.
  • Any other purpose for which you have consented (see Section 6).

6. Consent

We use, hold and communicate Personal Information only for the purposes for which it was collected, except with the consent of the person concerned. If Personal Information about a third party is provided to us, the person providing the information must represent having obtained the necessary consent from that third party, or be otherwise authorized to allow us to collect, use, hold and communicate that information in accordance with this Privacy Policy.

In the case of sensitive Personal Information (such as health information), consent must be expressly provided by the individual concerned. Exceptions to this consent requirement may arise, for example, when a medical or security emergency makes it impractical to obtain consent, or when information is collected for the detection and prevention of fraud or to meet a legal obligation. For a more exhaustive list of exceptions, please contact our Privacy Officer (identified below).

7. How We Share Your Information

We do not sell, rent, or lease your Personal Information. We only share it in the following limited circumstances:

  • With Your Explicit Consent:
  • Sharing progress updates to your referring healthcare provider or referral program: to support your overall care, we will ask for your separate consent to send a progress update to your referring provider. This typically includes a summarized confirmation of your participation, the name of the HALEO service used (e.g., "HALEO Insomnia Program"), and general outcomes (e.g., "reported improvement in sleep onset"). We do not share detailed therapy notes without your specific additional consent.
    • To your insurer or benefits provider for direct billing (as detailed in the direct billing authorization).
    • To any other third party you specifically authorize us in writing to share information with.
  • With Service Providers: We share necessary Personal Information with third-party service providers who help us operate our business and deliver services (e.g., cloud hosting (Amazon Web Services, Azure), CRM (Salesforce, Hubspot), communication tools, payment processing (Stripe), analytics (internal use primarily), videoconferencing (Zoom via app integration)). These providers are contractually obligated to protect your information, use it only for the services they provide to us, comply with applicable laws and to comply with this Privacy Policy. We vet these providers for their security and privacy practices. (A list of key provider types can be made available upon request, by contacting our Privacy Officer (identified below)).
  • Anonymized, de-identified and Aggregated Information: We may share information that has been securely anonymized, de-identified and aggregated (so it cannot identify you) for research, statistical analysis, or reporting purposes.
  • Legal Requirements and Safety (Limits of Confidentiality): As outlined in our consent forms and Section 5, we may be legally required to disclose Personal Information without your consent in specific situations (e.g., court orders, subpoenas, mandatory reporting of abuse, imminent harm). We will only disclose the minimum information required by law.
  • Business Transactions: If HALEO undergoes a merger, acquisition, or asset sale, your Personal Information might be transferred as a business asset. We will ensure the receiving party agrees contractually to protect your information according to this Privacy Policy and applicable law, and you will be notified.

8. Data Security

We implement robust physical, technical, and administrative safeguards to protect your Personal Information against unauthorized access, use, disclosure, alteration, or destruction. This includes:

  • Storing client files in secure, access-controlled electronic systems compliant with applicable privacy laws.
  • Limiting internal access to Personal Information on a need-to-know basis (e.g., primary access by your therapist, limited access for support/technical roles).
  • Using encryption for data storage and transmission where appropriate.
  • Regular employee training on privacy and security.
  • Securely destroying or anonymizing information when no longer needed.
  • Our security measures are aligned with industry best practices and are regularly audited and validated through our SOC 2 and ISO 27001:2022 certifications.

While we take security very seriously, please understand that no electronic transmission or storage system is 100% secure. We cannot guarantee absolute security, and any transmission of information is at your own risk, but we are committed to employing industry-recognized practices to protect your Personal Information.

9. Navigating External Links

Our Websites or Apps may contain links to external sites not operated by HALEO. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective security or privacy policies. We encourage you to review the privacy and security statements of any third-party sites you visit before submitting any Personal Information to these websites.

10. Data Retention and Deletion

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected (e.g., providing therapy and follow-up support), and to satisfy any legal, accounting, or reporting requirements. Once Personal Information is no longer needed, we securely destroy or anonymize it according to our internal data lifecycle management procedures.

11. International Data Transfers

Our primary operations and data storage are in Canada. However, some of our third-party service providers may process or store Personal Information outside of Canada (including outside Quebec). Be aware that Personal Information stored or processed outside Canada may be subject to access by foreign governments or law enforcement under the laws of that jurisdiction. When your Personal Information is transferred outside of Quebec, we take steps to ensure it is protected in compliance with applicable laws. This includes conducting a privacy impact assessment (as required by Quebec law for transfers outside the province) and ensuring contractual safeguards are in place with the service providers. Personal Information is only communicated if the assessment demonstrates that it would benefit from adequate protection.

If you would like additional information about the service providers that we use and to whom Personal Information is communicated outside Quebec, please contact our Privacy Officer (identified below). We confirm that we may, strictly in accordance with this Privacy Policy, communicate your Personal Information outside Quebec or Canada to third parties we retain to provide us with services involving the use, communication or retention of your Personal Information on our behalf. You consent to any such communication, use or retention.

12. Foreign Laws and Restrictions

HALEO is established and operates under the laws of the Province of Quebec, Canada. Privacy laws may differ depending on your jurisdiction of residence. If you reside or are established outside the province of Quebec, you are responsible for ensuring that the transmission of your Personal Information to HALEO is permitted by the local or national laws applicable to you. By transmitting your Personal Information to us, you acknowledge and agree that such information will be subject to the laws of the Province of Quebec, Canada.

13. Information about Employees and Job Applicants

HALEO responsibly manages the Personal Information of its current, former, and prospective employees.

  • Collection & Use: For job applicants, we collect Personal Information from applications, interviews, and (with consent) references/background checks, solely to assess suitability for roles. For employees, we collect Personal Information necessary for managing the employment relationship with us, including payroll, benefits, performance, and legal compliance.
  • Retention: Unsuccessful applicant Personal Information is retained for a reasonable period for future opportunities (unless deletion is requested). Employee Personal Information is kept for the employment duration and then for legally required periods, before secure destruction or anonymization.
  • Disclosure: Employee Personal Information is shared on a strict need-to-know basis with HR service providers (e.g., payroll) under a signed agreement imposing confidentiality requirements compliant with this Privacy Policy, or as legally required. We do not sell employee Personal Information.

14. Your Privacy Rights

You have rights regarding your Personal Information under applicable privacy laws:

  • Access: You can request access to the Personal Information we hold about you.
  • Correction: You can request correction of inaccurate or incomplete Personal Information.
  • Withdraw Consent: You can vary or withdraw your consent to the use or communication of your Personal Information at any time, subject to legal or contractual restrictions. Note that withdrawing consent may impact our ability to provide Services (e.g., if consent for essential information sharing with a referral program or insurer is withdrawn).
  • Opt-Out: You can opt-out of receiving promotional communications and opt-out of having your anonymized information used for research purposes.

To exercise these rights, please contact our Privacy Officer (contact details below). We will respond to your request in accordance with applicable laws and may need to verify your identity. We may not accommodate a request if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

15. Cookies and Tracking Technologies

We use cookies and similar technologies on our Websites and Apps primarily for essential functions, such as maintaining your login session, ensuring security, and understanding how our Services are used (internal analytics) to improve them.

We may use your Personal Information collected through these technologies for remarketing purposes, such as providing you with personalized promotional content related to your interests and to your interaction with our Services on other platforms. You can withdraw your consent to such use at any time.

We limit the use of non-essential cookies and tracking technologies. We do not use third-party cookies for targeted advertising purposes based on your interaction with our health services. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect service functionality.

16. Children’s Privacy


Our Services are intended for adults aged 18 and older. We do not knowingly collect Personal Information from individuals under the age of 18. If an individual is under the age of 18, they should not provide us with any Personal Information either directly or by other means. If we become aware that we have inadvertently collected such information, we will delete it promptly.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on our Websites/Apps and update the "Last Updated" date displayed at the top of this Privacy Policy. The collection, use and disclosure of your Personal Information by HALEO will be governed by the version of this Privacy Policy in effect at that time. For material changes that significantly affect how we handle your Personal Information, we will provide proactive notice (e.g., via email or a prominent notice within the Service) and may seek your renewed consent where required by law. We encourage you to review this Privacy Policy periodically.

18. Contact Us - Privacy Officer

If you have questions, concerns, or wish to exercise your privacy rights, please contact our designated Privacy Officer:

Stephen Osmond
data.officer@haleoclinic.com
HALEO PREVENTIVE HEALTH SOLUTIONS INC.

19. Commitment to Addressing Your Concerns

HALEO is committed to ensuring compliance with this Privacy Policy and applicable privacy laws. If you have a complaint regarding our handling of your Personal Information or our compliance with this policy, please submit it in writing to our Privacy Officer at the email address above. We will acknowledge receipt of your complaint promptly, investigate the matter thoroughly, and make all reasonable efforts to resolve it in a timely and fair manner. We will inform you of the outcome of the investigation and any steps taken to address your concerns.