Flash Care AI

Flash Care AI

Privacy Policy

Effective date: August 1, 2025

This Privacy Policy describes how Flash Health Technologies Inc. and its products and services, including Flash Pharmacy and Flash Care AI (together, “we”, “us”, “our”), collect, use, disclose, store, and protect personal information.

This policy applies to our websites, portals, mobile applications, e-commerce storefront, pharmacy services, AI features, and any related features (collectively, the “Services”).

Key points

  • We collect personal information to provide pharmacy services, fulfill orders, operate the Services, maintain safety and security, meet legal requirements, and improve our Services.
  • We handle health information and protect it with safeguards appropriate to its sensitivity.
  • Our e-commerce store is powered by Shopify. Shopify and its service providers may process certain personal information to enable storefront functionality and checkout.
  • Flash Care AI runs on Microsoft Azure. Prompts and outputs are not used to train generative AI foundation models without your permission or instruction, as described in Microsoft documentation.
  • Our pharmacy database is hosted in Canada and is encrypted. Some processing, including AI model processing, may occur outside Canada.

1) Definitions

  • Personal information means information about an identifiable individual, as defined by applicable law.
  • Health information includes prescription information, medication history, clinical notes, consultations, and other information related to an individual’s health or healthcare.
  • De-identified means information altered so it cannot reasonably be used to identify an individual, where applicable and appropriate.

2) What information we collect

A) Information you provide

  • Account and contact information: name, email, phone number, address, date of birth, and account credentials or authentication tokens.
  • Pharmacy and health information (sensitive): prescription details, medication history, allergies, conditions, prescriber details, pharmacy notes, and communications with pharmacy staff.
  • Order and checkout information: products purchased, shipping and billing address, order history, transaction status, and customer service records.
  • Uploads and submissions: prescription images or PDFs and other documents you submit.
  • Support communications: messages and other support interactions.

B) Information collected automatically

  • Device and usage data: IP address, device identifiers, browser type, operating system, pages or screens viewed, referring URLs, and timestamps.
  • Cookies and similar technologies: used for essential functions, preferences, security, analytics, and, where enabled, marketing-related purposes. Shopify-powered storefronts and related services may also use cookies and similar technologies.

C) Information from third parties

  • Shipping and delivery updates from carriers.
  • Fraud and risk signals from payment processors or fraud-prevention tools.
  • Information required to process prescriptions where you authorize it or where permitted by law.

3) How we use information

  • Provide pharmacy services and patient care, including processing prescriptions and providing pharmacist counseling.
  • Operate and support accounts, authentication, customer service, and the Services.
  • Process purchases, fulfill orders, deliver items, and handle returns.
  • Maintain security, prevent fraud, detect abuse, and protect our Services.
  • Meet legal, regulatory, and professional obligations.
  • Improve our Services, including analytics, testing, quality assurance, and product development.

4) Marketing, email, and SMS

You may be automatically subscribed to receive medical campaigns, promotions, and updates, subject to applicable law. All promotional communications provide a clear way to unsubscribe (for example, an email unsubscribe link and/or SMS stop instructions).

You will still receive non-promotional messages where necessary, such as order confirmations, pharmacy notices, security alerts, and account-related communications.

5) Shopify-powered storefront and checkout

Our e-commerce store is powered by Shopify. When you browse, register, or purchase through our Shopify-powered storefront, Shopify and its service providers may process personal information to provide storefront functionality and checkout, and to support payments, fraud prevention, analytics, and related commerce operations.

For information about how Shopify processes data when shoppers interact with Shopify-powered merchants, refer to Shopify’s Consumer Privacy Policy:https://www.shopify.com/ca/legal/privacy/consumers

6) How we disclose (share) information

We do not sell personal information.

A) Within our company group

We may share information between Flash Health Technologies Inc., Flash Pharmacy, and Flash Care AI to operate integrated Services (for example, account, pharmacy, e-commerce, and AI features).

B) Service providers (processors)

We may share information with vetted service providers who help us operate the Services, such as:

  • Infrastructure and hosting providers (including Microsoft Azure).
  • E-commerce provider (Shopify) for storefront and checkout operations.
  • Payment processors and fraud-prevention providers.
  • Delivery and logistics partners.
  • Communications providers (email and SMS), analytics, customer support, and IT providers.

We require service providers to use appropriate safeguards and to process personal information only as needed to provide services to us.

C) Healthcare and pharmacy-related disclosures

We may disclose health information as needed to process and dispense prescriptions, communicate with prescribers and insurers where applicable, and meet professional obligations and legal requirements.

D) Legal, safety, and business transactions

We may disclose information if required by law, to protect rights and safety, or in connection with a corporate transaction (subject to appropriate protections).

7) Flash Care AI and AI safety notice

A) What Flash Care AI is (and is not)

Flash Care AI provides informational support and may present health-related information and product suggestions.

Flash Care AI can make mistakes. Please verify important information.

  • AI outputs are not medical advice and are not a substitute for a consultation with a licensed healthcare professional.
  • Do not start, stop, or change medications or treatment based only on AI output.
  • Following AI output without consulting a licensed healthcare professional can be hazardous, including risks of incorrect dosing, contraindications, drug interactions, delays in diagnosis, and other harms.
  • If you have urgent symptoms or a medical emergency, seek immediate medical care or call local emergency services.

To the extent permitted by law, Flash Care AI, Flash Pharmacy, and Flash Health Technologies Inc. disclaim responsibility for outcomes resulting from reliance on AI outputs, including where a user does not consult a licensed healthcare professional before acting. This does not limit any rights that cannot be excluded under applicable law.

B) Where AI processing occurs

Our pharmacy database and application backend services are hosted in Canada. AI features are hosted on Microsoft Azure and AI model processing may occur outside Canada, which means personal information may be subject to the laws of the jurisdiction where processing occurs.

C) Model access and privacy

We access foundation models through Azure-hosted services (including GPT-4.1 and Llama family models). Microsoft documentation indicates that prompts and outputs are not available to other customers and are not used to train generative AI foundation models without your permission or instruction.Microsoft documentation

D) How we use AI chats, outputs, and feedback

  • Provide the AI feature, including maintaining conversation history where enabled.
  • Troubleshoot, detect abuse, maintain safety, and improve system quality.
  • Improve prompts, routing, guardrails, retrieval components, safety filters, evaluation datasets, and internal workflows.
  • Create aggregated insights and, where appropriate, de-identified datasets for analytics and improvement.

We apply controls such as access restrictions, logging, minimization, and de-identification where appropriate.

We do not use patients’ real prescription uploads or identifiable prescription documents, images, or files for model training or fine-tuning.

E) Personalization and product recommendations via AI

AI features may recommend products based on profile details you provide, shopping activity, and the context of your interaction with our Services.

8) Data residency and cross-border processing

Our pharmacy database is hosted in Canada and is encrypted. Some service providers, including AI model processing, may process or store personal information outside Canada. When this happens, personal information may be subject to foreign laws, including lawful access requests.

9) Security safeguards

We use safeguards appropriate to the sensitivity of the information, including health information. Safeguards may include:

  • Encryption in transit and, where appropriate, at rest (including encrypted databases).
  • Role-based access controls and least-privilege permissions.
  • Monitoring, logging, and security testing.
  • Policies, training, and confidentiality commitments for authorized personnel.
  • Administrative and physical safeguards.

No system can be guaranteed 100 percent secure, but we take reasonable steps to protect personal information.

10) Retention

We retain personal information for 10 years, or longer where required by applicable Canadian federal or provincial laws, pharmacy regulatory requirements, or professional standards. During retention, information is stored using safeguards appropriate to its sensitivity, including encryption where appropriate.

We may retain de-identified or aggregated information longer for analytics and improvement.

11) Privacy incidents and breach notification

We maintain records of all breaches of security safeguards involving personal information and retain those records for at least the period required by applicable law. Where a breach poses a real risk of significant harm, we will notify affected individuals and report to the appropriate regulator as required by law.

12) Your rights and choices

Depending on applicable law, you may request access to and correction of personal information we hold about you. You can also manage marketing preferences by unsubscribing as described above. For requests, contact us using the details below.

13) Children’s privacy

Our Services are not intended for children who cannot legally provide consent on their own. If you believe a child has provided personal information, contact us and we will take appropriate steps.

14) Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version with a revised effective date.

15) Contact us

Company: Flash Health Technologies Inc.

Mailing address: 800 W Pender St, Vancouver, BC V6C 2V6

Email: [privacy@flashpharmacy.com]

Phone: +1 (778) 539-5449