Privacy Policy

This tool provides pre-visit education and symptom insight. It does not diagnose or triage.

1. Who We Are

Aqueo Health Inc. ("Aqueo") operates Aqueo Dry Eye Check as an agent/service provider to your clinic.

Your clinic is the Health Information Custodian (HIC).

2. What We Collect

• Dry-eye symptom questionnaire responses + score
  Answers to a short dry-eye symptom questionnaire and the resulting score.

• Blink test capture and derived blink metrics
  Where the device supports camera access, the blink test uses the device camera in the browser to measure blink dynamics. From this capture, the system computes derived metrics such as blink rate, incomplete blink percentage, inter-blink intervals, and quality-control indicators.
  If the device cannot initialize the camera, the patient may proceed with the questionnaire alone.

• Blink video (upload optional)
  The blink test video is processed on-device to compute blink metrics.
  Uploading and retaining video is optional and requires explicit consent.
  Where consent is provided, only a cropped recording of the eye region (no audio) is uploaded. No video is uploaded or stored without this optional consent.

• Lifestyle and exposure information (optional)
  Limited information about daily activities and environments that may affect your eyes, such as approximate screen or close-up work time, contact lens wear and comfortable wear time, and time spent in air-conditioned or heated indoor spaces.

• Clinician-entered findings
  After clinic visits, clinicians may enter findings such as dry eye status, primary driver (DEWS III), severity, treatment decisions, and optional test results (e.g., TBUT, osmolarity, staining, meibomian assessments).

• Technical data
  Minimal technical information required to operate the service securely and reliably.

• Clinic ID / intake ID
  Internal identifiers used to associate results with your clinic’s records. Aqueo does not require your name or contact information to run the test.

3. How We Use Information

We use personal health information only to:

• provide the questionnaire and blink-analysis workflow,

• compute metrics and educational summaries,

• support the clinic's pre-visit discussions and documentation,

• improve the safety, reliability, and usability of the service,

• support clinic privacy obligations,

• develop, train, validate, and improve algorithms (including machine-learning models), using de-identified or pseudonymised data derived from questionnaires, derived blink metrics, optional lifestyle information, and clinician-entered findings.

Where optional consent is provided, uploaded eye-region blink video may also be used for product validation and improvement.
Raw video is handled separately from clinic identifiers and is not used for advertising or sold for unrelated purposes.

We do not use personal health information to make diagnoses, autonomous triage decisions, or for advertising.

4. Storage & Residency

• AWS ca-central-1

• SSE-KMS encryption

• TLS 1.2+

• No cross-region replication

5. Retention & Disposal

• S3 lifecycle (~3 years)

• Logs: 90 days

• Early deletion on request

6. Cross-Border

Only limited non-clinical services (e.g., DNS, static hosting) may involve non-Canadian subprocessors, with contractual safeguards.

7. Your Rights

• Contact your clinic first.

  Your clinic is the HIC and is the primary point of contact for access, correction, or questions about your PHI.

• Aqueo contact:

  You may contact Aqueo at privacy@aqueo.ca for general questions about this Policy and our role as a service provider.

• Optional video and validation consent:

  You may choose not to allow video upload or participation in product validation and improvement uses. The blink test and questionnaire still function without video upload.

• Withdrawal of consent:

  Where we rely on consent (for example, optional video and research), you may withdraw that consent on a go-forward basis, consistent with your clinic's processes.

8. Children

The tool is intended primarily for adults unless a clinic has enabled pediatric use in its workflow and obtains appropriate guardian consent in accordance with applicable law.

9. Regulators and Oversight

If you have unresolved concerns about how your PHI is handled, you may contact:

• Information and Privacy Commissioner of Ontario — https://www.ipc.on.ca

• Office of the Privacy Commissioner of Canada — https://www.priv.gc.ca

10. Changes and Contact

We may update this Privacy Policy from time to time to reflect changes in practice or law. The revised version will include an updated date and will be made available to clinics.

Contact:

Aqueo Health Inc.

Email: privacy@aqueo.ca