Based on Solutions Biotonix Inc. Policy v2.3

Effective Date: Aug 1, 2023

Last Updated: April 17, 2025

1. Introduction & Scope

• 1.1 Purpose: This Policy outlines Biotonix Posture’s commitment (as part of Solutions Biotonix Inc.) to protecting the confidentiality, integrity, and availability of data entrusted to us, particularly personal and potentially sensitive health-related information processed through our services. It details our governance framework, cybersecurity measures, and data privacy practices.
• 1.2 Scope: This policy applies to all data processed by Biotonix Posture, including data collected through our website (www.biotonixposture.com), user payment accounts (www.biotonixposture.com/my-account), the professional platform (app.biotonix.com), the “Biotonix Assistant” mobile application, and any related support or communication channels. Measures apply uniformly across the organization.
• 1.3 Definitions: Key terms like “Personal Data,” “Processing,” “Data Subject,” “Member,” “Patient Data,” etc., are defined as per applicable data protection laws and within the context of Biotonix Posture’s services.

2. Data Governance & Responsibility

• 2.1 Principles: Biotonix Posture manages data according to principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. We comply with legal standards and best practices. We are committed to preserving individual rights and maintaining transparency with data subjects.
• 2.2 Management Responsibility: Senior management holds overall responsibility for ensuring the organization complies with its legal obligations regarding data protection.
• 2.3 Data Protection Lead: The role of overseeing data protection implementation and best practices for Biotonix Posture is handled by the Vice-President of Technologies, Sébastien Lacoste (Ing.). His responsibilities include:

• Informing leadership of data protection responsibilities.
• Reviewing data protection policies.
• Advising staff on complex data protection matters.
• Ensuring data protection integration and training are performed.
• Handling data subject access requests.
• Approving unusual data disclosures and contracts with data subprocessors.

• 2.4 Employee Responsibility: All staff must read, understand, and comply with policies and procedures related to personal data they handle in their activities.
• 2.5 Subprocessors: We partner with trusted subprocessors, such as Solulan (SOC 2 certified), to enhance cybersecurity, particularly for our Microsoft Office 365 environment, utilizing their advanced backup and Data Loss Prevention (DLP) systems.

3. Data Collection

• 3.1 Types of Data Collected: Solutions Biotonix Inc. acknowledges possession of personal and sensitive data. For Biotonix Posture, this includes:

• Member Account Data: Name, email address, professional credentials (if applicable), password, contact information, subscription and payment details (processed via www.biotonixposture.com/my-account).
• Patient/Client Data (entered by Members): Name, reference number (optional), date of birth, gender, language preference, email address (optional, for report sharing), postural assessment photos, AI-generated postural analysis data (deviations, measurements), historical assessment data.
• Usage Data: Login information, interaction logs within the platform and app, device information (type, OS), IP address, diagnostic data.
• Communication Data: Records of support inquiries via info@biotonixposture.com or other channels.

• 3.2 Methods of Collection: Data is collected directly from Members during account creation, subscription, platform/app usage (including patient data input and photo capture), and communications with us. Usage data is collected automatically.

4. Data Use

• 4.1 Purpose of Use: Biotonix Posture processes data to:

• Provide, maintain, and improve the AI-powered postural assessment services.
• Create and manage Member accounts and subscriptions.
• Enable Members to perform evaluations, generate reports, and manage Patient Data.
• Facilitate communication between Members and their patients (e.g., sending reports via email, if requested by the Member).
• Provide customer support and respond to inquiries (info@biotonixposture.com).
• Analyze usage patterns to enhance user experience and service functionality (anonymized/aggregated where feasible).
• Develop and refine the AI algorithms (using anonymized or de-identified data where possible).
• Ensure security, prevent fraud, and enforce our Terms & Conditions.
• Comply with legal and regulatory obligations.

5. Data Sharing and Disclosure

• 5.1 With Consent: Patient Data and reports are shared only as directed by the Member (e.g., sending a report to a patient’s email address provided by the Member).
• 5.2 Service Providers: We may share data with trusted third-party vendors and subprocessors (e.g., Solulan, Microsoft Azure ) who perform services on our behalf (e.g., cloud hosting, payment processing, security monitoring, backup), under strict confidentiality agreements and only for the purposes outlined in this policy.
• 5.3 Legal Requirements: We may disclose data if required by law, subpoena, or other legal processes, or if we believe in good faith that disclosure is necessary to protect our rights, protect user safety, investigate fraud, or respond to a government request.
• 5.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of the transaction, subject to confidentiality commitments.
• 5.5 Non-Sale of Personal Data: Biotonix Posture does not sell Personal Data to third parties.

6. Data Security

• 6.1 Commitment: We implement robust technical, administrative, and physical security measures designed to protect data against unauthorized access, disclosure, alteration, loss, or destruction. Key risks identified include user data loss and leaks from unsecured environments.
• 6.2 Measures:

• Access Control: Strict adherence to the principle of least privilege for employee access. Multi-Factor Authentication (MFA) is mandatory for all Office 365 account access.
• Session Management: Employees are required to log off from sessions at the end of their work period.
• Data Storage: Sensitive data from Biotonix applications is securely stored in Microsoft Azure on servers located in Canada.
• Backup & Recovery: Data backups are managed by our partner Solulan.
• Partnerships: We leverage premium Microsoft security products, optimized through partners like Solulan, for enhanced protection.

• 6.3 Member Responsibility: Members are responsible for maintaining the confidentiality of their account credentials for www.biotonixposture.com/my-account, app.biotonix.com, and the Biotonix Assistant mobile app.

7. Data Retention

• 7.1 User Control: Users are considered owners of their data and have the ability to permanently delete their data at any time via an option available directly within the mobile application.
• 7.2 Retention Policy: Biotonix Posture applies the following retention schedule:

• Active User Data: Retained as long as the account is active.
• Inactive User Data: Deleted after 24 months of inactivity, unless there is a legal obligation for longer retention.
• Transactional Data (Payments, Invoices, Connection Logs, etc.): Retained for a minimum of 7 years for regulatory compliance and audit purposes.
• Anonymized Data: May be retained indefinitely in an anonymized form for statistical analysis and service improvement, without identifying the user.

• 7.3 Exceptions: Data may be retained beyond these periods temporarily if required for a cybersecurity incident investigation, until the investigation is closed.

8. Data Subject Rights

• 8.1 Member Rights: Members generally have rights to access, rectify, or request deletion of their own account information, subject to legal and contractual limitations. Users can initiate deletion via the mobile app or by written request to the Data Protection Lead.
• 8.2 Patient/Client Rights: Patients/clients should typically direct requests regarding their data (collected by a Member using our platform) to the respective Member (the healthcare practitioner/trainer), who acts as the data controller for that patient’s information. Biotonix Posture will assist Members in responding as required by law.
• 8.3 Exercising Rights: To exercise rights related to data held directly by Biotonix Posture, contact the Data Protection Lead (Sébastien Lacoste) or use the general support contact: info@biotonixposture.com.

9. Compliance & International Transfers

• 9.1 Applicable Laws: Biotonix Posture is committed to complying with applicable data protection laws and regulations (such as Quebec’s Loi 25, and others relevant to our operating jurisdictions).
• 9.2 International Transfers: Data is stored on servers in Canada. If data is transferred across borders for other purposes (e.g., subprocessors), appropriate safeguards are ensured as required by law.

10. Incident Management

• 10.1 Incident Definition: An incident includes unauthorized access, data leak/loss, malware/ransomware infection, phishing attacks, or critical system failures exposing data.
• 10.2 Response Process:

• Detection & Alert: Monitoring via security tools (antivirus, SIEM, logs); Internal alert channel (e.g., dedicated email, Teams); Incident prioritization (minor, moderate, critical).
• Containment: Immediate isolation of compromised systems/accounts; Implement countermeasures (e.g., temporary firewall rules); Inform stakeholders (Management, Data Protection Lead, technical partners like Solulan).
• Analysis & Remediation: Identify incident origin; Assess damage and affected data; Apply security patches/fixes, update procedures.
• Communication & Notification: Notify relevant supervisory authorities (like Quebec’s CAI, or others as required by applicable law ) if necessary; Inform affected users if their data is at risk; Communicate with impacted subprocessors/partners. Biotonix commits to voluntary reporting where appropriate.
• Learning & Prevention: Document the incident (report, actions, lessons learned); Adapt procedures and staff training; Implement continuous improvement plan.

11. Policy Updates

• 11.1 Changes: We may update this Policy periodically to reflect changes in our practices or legal requirements. The “Last Updated” date indicates the latest revision.
• 11.2 Notification: We will notify Members of significant changes via appropriate channels (e.g., email, platform notification).

12. Contact Information

• For questions or concerns regarding this policy, please contact:

• Data Protection Lead: Sébastien Lacoste, VP Technologies
• General Support: info@biotonixposture.com

Biotonix Posture: Cookie Policy

Effective Date: Aug 1, 2023

Last Updated: April 17, 2025

1. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit certain websites. They help the website recognize your device and remember information about your visit, like your preferences or login information.

2. How We Use Cookies

Biotonix Posture uses cookies and similar tracking technologies for several purposes:

• Essential Cookies: These are necessary for the website (www.biotonixposture.com) and platform (app.biotonix.com) to function correctly. They enable core functionalities like secure login, account management, and navigation. You cannot opt-out of these cookies.
• Performance and Analytics Cookies: These cookies collect information about how you use our website and platform, such as which pages you visit most often and if you encounter any errors. This data helps us understand usage patterns and improve the performance and usability of our services. We may use third-party analytics tools (like Google Analytics) which use their own cookies. Information collected is often aggregated and anonymized.
• Functionality Cookies: These cookies allow our website to remember choices you make (like language preference) and provide enhanced, more personalized features.

3. Your Choices and Managing Cookies

You can manage your cookie preferences in several ways:

• Cookie Consent Banner: When you first visit our website, you may be presented with a banner allowing you to accept or reject certain types of non-essential cookies.
• Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically set your browser to block cookies, delete existing cookies, or notify you when new cookies are sent. Please refer to your browser’s help documentation for instructions. Note that blocking essential cookies may impact the functionality of our website and platform.

4. Third-Party Cookies

Some cookies may be set by third-party services used on our website (e.g., analytics providers, payment processors). We do not control these cookies. Please review the privacy and cookie policies of these third parties for more information.

5. Policy Updates

We may update this Cookie Policy from time to time. We will notify you of significant changes as required by law.

6. Contact Us

If you have questions about our use of cookies, please contact us at info@biotonixposture.com.