Privacy Policy

Privacy Policy

This tool provides pre-visit education and symptom insight. It does not diagnose or triage.

1. Who We Are

Aqueo Health Inc. ("Aqueo") operates Aqueo Dry Eye Check as an agent/service provider to your clinic.

Your clinic is the Health Information Custodian (HIC).

2. What We Collect

• Short dry-eye symptom questionnaire responses + score
  Answers to a short dry-eye symptom questionnaire (for example DEQ-5, where licensed).

• Short blink video and derived blink metrics
  Blink test video (required component) and derived metrics including blink rate, incomplete blink percentage, inter-blink intervals, and other blink pattern measurements.

• Blink-test video (required component)

• Blink metrics (derived features)

• Lifestyle and exposure information (optional)
  Limited information about your daily activities and environment that may affect your eyes, such as approximate daily screen/close-up work time, contact lens wear and comfortable wear time, and time spent in air-conditioned or heated indoor places.

• Clinician-entered findings
  After clinic visits, clinicians may enter findings including dry-eye phenotype, severity, tear-film stability, treatment decisions, and optional test results (TBUT, Schirmer, osmolarity, staining, meibomian grading, etc.).

• Technical data

• Clinic ID / intake ID

If the device cannot run the blink test, the patient may proceed with the questionnaire alone.

Optional consent covers retention of blink video for research.

3. How We Use Information

We use PHI only to:

• provide the DEQ-5 and blink-analysis workflow,

• compute metrics and educational summaries,

• support the clinic's pre-visit discussions,

• improve the safety and reliability of the service,

• support clinic privacy obligations,

• develop, train, validate, and improve algorithms (including machine learning models), using de-identified or pseudonymised data. We may use de-identified or pseudonymised information from questionnaires, optional lifestyle questions, blink tests, and clinician-entered findings to develop, train, validate, and improve algorithms (including machine learning models) that improve the accuracy, usability, and reliability of the Aqueo service.

We do not use PHI for diagnosis, triage, or advertising.

4. Storage & Residency

• AWS ca-central-1

• SSE-KMS encryption

• TLS 1.2+

• No cross-region replication

5. Retention & Disposal

• S3 lifecycle (~3 years)

• Logs: 90 days

• Early deletion on request

6. Cross-Border

Only limited non-clinical services (e.g., DNS, static hosting) may involve non-Canadian subprocessors, with contractual safeguards.

7. Your Rights

• Contact your clinic first.

  Your clinic is the HIC and is the primary point of contact for access, correction, or questions about your PHI.

• Aqueo contact:

  You may contact Aqueo at privacy@aqueo.ca for general questions about this Policy and our role as a service provider.

• Optional video and research consent:

  You may choose not to upload video or participate in research and validation uses. The blink test still functions without video upload.

• Withdrawal of consent:

  Where we rely on consent (for example, optional video and research), you may withdraw that consent on a go-forward basis, consistent with your clinic's processes.

8. Children

The tool is intended primarily for adults unless a clinic has enabled pediatric use in its workflow and obtains appropriate guardian consent in accordance with applicable law.

9. Regulators and Oversight

If you have unresolved concerns about how your PHI is handled, you may contact:

• Information and Privacy Commissioner of Ontario — https://www.ipc.on.ca

• Office of the Privacy Commissioner of Canada — https://www.priv.gc.ca

10. Changes and Contact

We may update this Privacy Policy from time to time to reflect changes in practice or law. The revised version will include an updated date and will be made available to clinics.

Contact:

Aqueo Health Inc.

Email: privacy@aqueo.ca