pharmasupport
Create AccountSign InFrFrançais

Privacy Policy

Last updated: April 17, 2026

The Pharmasupport.ca platform (the Platform) was designed and operated by AppGuide Inc. (AppGuide), on behalf of Pharmascience Inc. (Pharmascience). It offers pharmacists and their teams training and tools, designed to propel their practice to new heights.

The term "We" used in this policy refers to AppGuide unless Pharmascience is expressly named.

Summary of our commitment to your privacy

Privacy is a fundamental right. As such:

  • We never sell your personal information, nor do we rent or share it for commercial or advertising purposes.

  • In accordance with data minimization principles, we only collect what is strictly necessary for the operation of the site, to improve it, and to ensure its security, and only for the time necessary to fulfill these purposes.

  • We apply Privacy by Design and Privacy by Default approaches: data protection is integrated from the design stage of the Platform, into its processes, systems, and governance.

  • You retain control over your data at all times, within applicable technical and legal limits.

We aim to comply with the following laws, standards, and frameworks, to the extent applicable to our activities:

  • SOC 2 Type I certification (System and Organization Controls), obtained in 2024

  • Quebec Law 25

  • Quebec Law 5

  • Montreal Declaration for a Responsible Development of Artificial Intelligence

  • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

  • Voluntary Code of Conduct for the Responsible Development and Management of Advanced Generative AI Systems (Canada)

  • General Data Protection Regulation (GDPR) (European Union)

  • European Union Artificial Intelligence Act

  • Health Insurance Portability and Accountability Act (HIPAA) (United States)

  • California Privacy Rights Act of 2020 (CPRA)

  • Practices aligned with the principles of ISO 27001 (Information security, cybersecurity and privacy protection)

  • Practices aligned with the principles of ISO 42001 (AI Management System)

  • ISO 82304-1 (Health software Part 1: General requirements for product safety)

  • ISO 82304-2 (Health software Part 2: Health and wellness apps — Quality and reliability)

Data collected

No directly identifiable medical data is collected on this site by default.

We collect personal information only in contexts where it is required to provide you with a service, on the legal basis of consent and, where permitted by law, legitimate interest. For healthcare professionals and managers, this may include:

  • First and last name

  • Profession

  • Professional title

  • Affiliated organizations

  • Location

  • Email

  • Phone number

  • Feedback regarding the resources and self-care tools available on the Platform.

  • Aggregated or pseudonymized usage data (e.g., pages visited, clicks, searches, IP address, device information, and content viewed)

For patients and citizens, this may include:

  • Email

  • Phone number

  • Aggregated or pseudonymized usage data

“Aggregated usage data” refers to statistical, anonymized, and grouped data generated from the use of the AppGuide Platform that does not allow a person to be identified directly or indirectly.

“Pseudonymized usage data” refers to data that does not allow a person to be directly identified without additional information kept separately.

“Personal information” refers to any information relating to a natural person that allows them to be identified, directly or indirectly, within the meaning of applicable privacy laws, when such information is processed in connection with the Platform.

“Self-care tools” refers to publicly accessible digital resources, including applications, websites, or digital content intended to support users’ self-care practices, and developed, operated, and maintained by independent third parties, or, as applicable, by AppGuide or its partners.

Purpose of data collection

We collect this data in order to:

  • Prevent fraud and misuse

  • Enable access to and proper functioning of the Platform

  • Improve your experience and offer personalized services where required

  • Ensure the security, performance, and continuous improvement of the site

  • Produce aggregated statistical analyses

No advertising or cross-site tracking cookies are used. We do not carry out retargeting or intrusive tracking. However, cookies strictly necessary for operation, security, and audience measurement may be used.

Your rights and our compliance

We comply with the requirements of various local and international laws and standards. These rights may vary depending on your jurisdiction. The AppGuide Privacy Officer acts as the official contact for the following frameworks:

Quebec Law 25

In accordance with Quebec’s privacy legislation, we have designated a Privacy Officer responsible for ensuring that data collection, retention, disclosure, and destruction are properly governed and documented. Privacy Impact Assessments (PIAs) are carried out where required.

Quebec Law 5

In accordance with the Act respecting health and social services information (Law 5), where applicable, AppGuide undertakes to handle health information in compliance with legal requirements relating to confidentiality, security, and data governance. Although the Platform is not intended to collect directly identifiable health information in the normal course of its use, any data that may qualify as health information will be subject to enhanced protection measures, including strengthened security, strict access controls, and limited use to authorized purposes only. AppGuide also ensures that its practices comply with legal obligations relating to data retention, disclosure, and access management.

Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

AppGuide applies the ten principles of PIPEDA, particularly with respect to consent, limiting collection, transparency, secure retention, and access to personal information.

GDPR (European Union)

If a user resides in the European Union, GDPR principles apply, including explicit consent, data minimization, and the rights to erasure, rectification, portability, and objection. AppGuide acts as the data controller for personal information collected in connection with the operation of the Platform.

HIPAA (United States)

The Platform is not subject to HIPAA, as it does not collect, store, or process personal health information within the meaning of this law. AppGuide is not a covered entity or a business associate, and therefore HIPAA obligations do not apply.

SOC 2 Type I Certification

In addition, AppGuide applies an information security management approach and adheres to controls aligned with the SOC 2 Type I framework, including:

  • Encryption of data in transit and at rest

  • Logging, monitoring, and anomaly detection

  • Role-based access controls

  • Periodic access reviews

  • Ongoing staff training in security and privacy

  • Incident management

  • Vulnerability management

  • Regular internal audits and continuous improvement

This integrated approach ensures a high level of protection of personal information.

Subprocessors and service providers

As part of operating the Platform, we may rely on service providers and subcontractors to assist us with:

  • Cloud hosting and infrastructure

  • Performance and usage analytics

  • Electronic communications

  • Technical support and maintenance

  • Information security and monitoring

  • Development, operation, and improvement of certain features

When personal information is shared with providers, we require by contract that they protect it appropriately and use it only for authorized purposes. A more detailed list of subprocessors may be provided upon request.

Cloud infrastructure security

AppGuide relies on the secure infrastructure of Google Cloud Platform (GCP) to host and process data. GCP is certified under several international standards, including:

  • SOC 1, SOC 2, and SOC 3

  • ISO/IEC 27001, 27017, 27018

  • HITRUST, HIPAA, PIPEDA, PCI DSS, among others

Security measures

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, modification, or destruction. These measures include:

  • Encryption of data in transit and, where appropriate, at rest

  • Role-based access controls based on the principle of least privilege

  • Logging of access and security events

  • Monitoring of technological environments

  • Backup, continuity, and recovery processes

  • Periodic security and vulnerability assessments

  • Staff training and awareness in security and privacy

Automated decision-making and artificial intelligence

The Platform may use analysis, recommendation, classification, or assistance tools based in whole or in part on automated processes, including, where relevant, artificial intelligence systems. These mechanisms aim to improve the user experience, the relevance of content, the security of the Platform, and the quality of services provided.

Unless otherwise specified, these mechanisms are not used to make fully automated decisions that produce legal effects or similarly significant impacts on you.

Where required by law, we will inform you of the use of automated processing and your associated rights.

Data retention and location

To the extent possible, all data is stored in Canada in cloud environments that comply with applicable security and privacy standards. However, some service providers may be located outside Canada, including in the United States.

In such cases, appropriate safeguards are implemented, including contractual clauses, privacy impact assessments, and technical and legal protections. Data is retained only for as long as necessary to achieve the intended purposes, unless a longer retention period is required by law.

Your rights

In accordance with applicable laws, you may:

  • Request access to your personal information

  • Request its correction, portability, or deletion

  • Withdraw your consent at any time

  • Object to non-essential processing

  • File a complaint with a competent authority

  • Request de-indexing or removal of certain information where permitted by law

You will receive a response within a maximum of 30 days.

Privacy Incidents

We maintain procedures governing the detection, assessment, management, and handling of privacy incidents. When an incident involving personal information occurs, we take reasonable measures to contain the incident, mitigate its impacts, reduce the risk of harm, and prevent a similar incident from occurring in the future.

Where required by applicable law, we maintain a register of privacy incidents and carry out the necessary notifications to affected individuals and to the appropriate regulatory authorities, particularly where the incident presents a risk of serious harm.

If you believe that a privacy incident involving your personal information has occurred, you may contact us using the contact information provided in the “Contact Us” section.

External content

The Platform may direct you to self-care tools and other external digital content. These links are provided in good faith. Each of these resources has its own privacy policy, and we encourage you to review them. AppGuide is not responsible for the privacy practices of these third parties.

Children under 14

The Platform is not intended for children under 14. If we become aware that personal information has been collected without proper consent, it will be deleted as soon as possible.

Contact

The person responsible for the protection of personal information at AppGuide acts as the official contact for all obligations described above.

For any question, request, or complaint:
Privacy Officer – AppGuide
[email protected]
Mailing address: 303-164 rue Cowie, Granby, QC, Canada, J2G 3V3

For any inquiries about the platform, you may also contact Pharmascience. Contact details are available at:
pharmascience.com/contact

Updates

This policy may be updated in the event of technological, regulatory, or organizational changes. Any significant changes will be clearly communicated and published on the Platform.

Language

This Privacy Policy is available in French and English. In the event of any discrepancy between the two versions, the French version shall prevail.