8. Privacy Policy

Last updated

2026-04-21.

Thank you for choosing to work with sigmaIQ (“Company,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at privacy@clearpathhealthsolutions.com.

This privacy notice describes how we collect, use, and share personal information when you:

• Use clearPath or cp2go;

• Engage with us in any other related way, including sales, marketing, onboarding, training, or support;

• Visit any of our websites or web properties that link to this notice.

Throughout this document, “App” means clearPath, cp2go, and any related application that references or links to this notice. “Services” means the App plus any related sales, support, training, marketing, or events.

Our goal is to explain, as clearly as possible, what information we collect, how we use it, and what choices you have. If any term in this notice is unclear or you disagree with it, please contact privacy@clearpathhealthsolutions.com and, if necessary, discontinue use of our Services.

8.1. What information do we collect?

8.1.1. Information you provide directly

In short: we collect the personal information you give us when you sign up, contact us, or otherwise interact with the App.

We collect personal information that you voluntarily provide when you register on the App, express interest in our products or Services, use the App, or contact us for support. The precise information we collect depends on how you use the App and the choices you make. It may include:

• Your name, email address, username, and password.

• Billing and contact information for purchase orders, quotes, and invoicing.

• Role and organisation information — the facility you work at, your title, and your clearPath permissions.

• Support correspondence — the content of tickets, email threads, and chat transcripts with our support team.

Please keep any personal information you provide accurate and up to date, and let us know if anything changes.

8.1.2. Information collected automatically through the App

In short: we collect a small amount of device and usage information so the App works reliably.

When you use the App we automatically collect:

• Device information — device type, operating system, and browser, used to diagnose compatibility and performance issues.

• Usage information — the pages you visit inside the App, so we can troubleshoot problems and improve the product.

• Audit content — observations, session notes, and related audit records you enter. This data never contains patient identifiers — see Frequently Asked Questions in the FAQ for more detail.

cp2go running on a mobile device may ask for permission to use Bluetooth (for pairing to an clearPath digital-signage device) or Location (so a session can be tagged with the facility you are currently in). These permissions are optional; you can decline them in your device’s settings.

8.2. How do we use your information?

In short: we use your information to run the App, fulfil our contract with you, comply with our legal obligations, and, where relevant, with your consent.

Specifically, we use the information we collect to:

• Create and manage your account — sign you in, reset your password, and keep your account in working order.

• Deliver the Services — run audits, generate reports, and send the distribution lists you have subscribed to.

• Respond to support requests — if you open a ticket or email us, we use the information attached to identify you and help.

• Invoice and accept payment — for paid subscriptions and quote-based engagements.

• Comply with legal obligations — retain records where we are required to, and respond to lawful requests from authorities.

• Notify you of material changes — to the App, to this notice, or to your subscription.

8.3. Do we share your information?

In short: we only share information when we have your consent, when a law requires us to, or when a trusted service provider needs it to deliver part of our Services.

We may process or share your data on one or more of the following legal bases:

• Consent — when you have given us specific consent to use your information for a stated purpose.

• Legitimate interests — where it is reasonably necessary to achieve our legitimate business interests and those interests are not outweighed by your rights.

• Performance of a contract — where we need to process your information to fulfil a contract with you.

• Legal obligations — where we are required to disclose information to comply with applicable law, a governmental request, a court order, or legal process.

• Vital interests — where disclosure is necessary to investigate, prevent, or take action against potential violations of our policies, suspected fraud, threats to safety, or illegal activity.

We may share information with:

• Service providers — infrastructure hosts, email delivery vendors, support-desk software, and similar processors, each bound by a written agreement to process the data only as we direct.

• Business transfers — during a merger, financing, or sale of some or all of our business, information may transfer to the acquirer.

We do not sell your personal information and we do not share it with advertisers.

8.4. Do we use cookies or other tracking technologies?

In short: we use a small number of cookies for sign-in and session management. We do not use advertising or cross-site tracking cookies.

clearPath uses cookies to:

• Keep you signed in across page loads.

• Remember your preferred light / dark theme.

• Protect against cross-site request forgery.

We do not use cookies for advertising, and we do not embed third-party trackers in the App.

8.5. How long do we keep your information?

In short: only as long as we need it for the purposes in this notice, plus any period required by law.

We keep your personal information only as long as necessary for the purposes set out in this notice, unless a longer retention period is required or permitted by law (for example, tax or accounting rules). Most personal information is deleted or anonymised within six (6) months of the termination of your account.

When we have no continuing legitimate business need to process your personal information, we either delete or anonymise it, or, if that is not immediately possible (for example, because the information is stored in an off-site backup), we securely store it and isolate it from any further processing until deletion is possible.

8.6. How do we keep your information safe?

In short: we use a layered set of organisational and technical safeguards designed to protect your information.

We have implemented appropriate technical and organisational security measures — including TLS in transit, encrypted backups, least-privilege access, and audit logging — to protect the information we process. However, no electronic transmission or storage system is 100% secure, so we cannot guarantee that an unauthorised third party will never defeat our safeguards. We recommend you only access the App from a trusted network.

8.7. Do we collect information from minors?

In short: no — clearPath is a business product and is not marketed to anyone under 18.

We do not knowingly solicit data from or market to children under 18. If we learn that personal information from a user under 18 has been collected, we will deactivate the account and take reasonable steps to delete the data. If you become aware of any data we may have collected from someone under 18, please contact us at policy@clearpathhealthsolutions.com.

8.8. What are your privacy rights?

In short: you can review, change, or delete your account at any time. Additional rights apply depending on where you live.

8.8.1. European Economic Area, United Kingdom, and Switzerland

If you are a resident of the EEA or the United Kingdom, you have the right to complain to your local data-protection supervisory authority if you believe we are unlawfully processing your personal information. You can find the contact details at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident of Switzerland, the contact details for your data-protection authority are at https://www.edoeb.admin.ch/edoeb/en/home.html.

8.8.2. Account Information

To review or change the information in your account, or to close your account, sign in to clearPath and update your profile.

When you ask us to close your account, we deactivate or delete the account from our active databases. We may retain a small amount of information in our records to prevent fraud, assist with investigations, enforce our Terms of Use, or comply with legal requirements.

8.8.3. Email Marketing

You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in any marketing email. After you unsubscribe we may still send you service-related emails that are necessary for your account — billing, security, support replies, and similar messages.

8.9. Do-Not-Track signals

Most modern browsers offer a Do-Not-Track (DNT) setting. No common standard currently exists for how servers should respond to a DNT signal, so we do not act on DNT signals at this time. If a standard is finalised that we must follow, we will update this notice and honour it.

8.10. California residents’ privacy rights

In short: California residents have specific rights under the California Civil Code and the CCPA.

California Civil Code Section 1798.83 (“Shine The Light”) lets California residents request, once a year and free of charge, information about the categories of personal information we disclosed to third parties for direct-marketing purposes in the preceding calendar year. To make such a request, contact us at policy@clearpathhealthsolutions.com.

If you are under 18 and reside in California, you have the right to request removal of unwanted data that you have publicly posted in the App. To request removal, contact us at policy@clearpathhealthsolutions.com and include the email address on your account along with a statement confirming your California residency. We will make the data no longer publicly visible, but please note it may remain in off-site backups for a period of time before being permanently purged.

8.10.1. CCPA Privacy Notice

The California Code of Regulations defines a resident as:

1. Every individual who is in the State of California for other than a temporary or transitory purpose, and

2. Every individual who is domiciled in the State of California but is outside the State for a temporary or transitory purpose.

All other individuals are non-residents. If the definition of resident applies to you, we adhere to specific rights and obligations regarding your personal information.

Categories of personal information we collect. Over the past twelve (12) months we have collected the following categories of personal information:

ID	Category	Examples	Collected
A	Identifiers	Contact details such as real name, alias, postal address, phone number, unique personal identifier, online identifier, IP address, email address, and account name	YES
B	Categories listed in the California Customer Records statute	Name, contact information, employment, employment history	YES
C	Protected classification characteristics under California or federal law	Gender, date of birth	NO
D	Commercial information	Transaction information, purchase history, financial details, and payment information	YES (billing customers only)
E	Biometric information	Fingerprints and voiceprints	NO
F	Internet or other similar network activity	Browsing history, search history, interactions with our websites, applications, and systems	NO
G	Geolocation data	Device location (optional; see above)	Only with consent
H	Audio, electronic, visual, thermal, olfactory, or similar information	Images, audio, video, or call recordings	NO
I	Professional or employment-related information	Business contact details and job title so we can deliver the Services	YES
J	Education information	Student records and directory information	NO
K	Inferences drawn from other personal information	Profiles or summaries drawn from the above to infer preferences or characteristics	NO

We may collect additional personal information when you interact with us by phone, mail, email, or in person — for example, during a support call or at an in-person training session.

How we use and share your information. See How do we use your information? and Do we share your information? above for the full picture.

sigmaIQ has not sold personal information to third parties for a business or commercial purpose in the preceding 12 months, and sigmaIQ does not plan to do so in the future.

8.10.2. Your rights with respect to your personal data

Right to request deletion (Right to be forgotten). You can ask us to delete your personal information. We will honour the request subject to certain exceptions provided by law — for example, another consumer’s right to free speech, our compliance obligations, or ongoing legal proceedings.

Right to be informed. You have a right to know, depending on the circumstances:

• Whether we collect and use your personal information;

• The categories of personal information we collect;

• The purposes for which we use it;

• Whether we sell your personal information (we do not);

• The categories of third parties with whom we share personal information for a business purpose; and

• The business or commercial purpose for collecting or sharing personal information.

Right to non-discrimination. We will not discriminate against you for exercising any of your privacy rights.

Verification process. When you submit a rights request, we need to verify your identity before acting on it. We do this by asking for information we can match against what we already have on file, or by reaching out through a verified channel (phone or email). We will only use the information you provide for the request to verify your identity.

Other rights. You may also:

• Object to the processing of your personal data;

• Request correction of your personal data if it is incorrect or no longer relevant;

• Restrict the processing of your data;

• Designate an authorised agent to exercise these rights on your behalf (we may deny an agent request that is not accompanied by valid proof of authorisation); and

• Request to opt out of any future sale of your personal information (we do not currently sell personal information).

To exercise any of these rights, email policy@clearpathhealthsolutions.com. We will respond within the timeframes required by applicable law.

8.11. Do we update this notice?

In short: yes — we update this notice as needed to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version is indicated by a new Last updated date at the top of the page and takes effect as soon as it is published. For material changes, we also notify users directly through the App or by email.

8.12. How can you contact us about this notice?

If you have questions or comments about this notice, email policy@clearpathhealthsolutions.com or write to us at:

sigmaIQ
Atten : Jef Brink
PO Box 78005
Oshawa RPO Taunton Harmony
Oshawa, Ontario
Canada
L1K0H7

tel : 905 448 3100
email : info@clearpathhealthsolutions.com

8.13. How can you manage the data we collect?

Based on the laws of your jurisdiction, you may have the right to request access to, correction of, or deletion of the personal information we hold about you. To submit such a request, email policy@clearpathhealthsolutions.com.