Application Privacy Policy

Effective Date: August 7, 2025

FirstHX Corp. (“we”, “us”, “our”, “FirstHX”) is committed to the confidentiality and security of the personal information we hold. This Application Privacy Policy describes how we collect, use, disclose and otherwise manage your personal information when you access or use any FirstHx web property, including www.firsthx.com, its sub-domains such as intake.firsthx.com and hxmanager.firsthx.com, and any equivalent sites operating under other top-level domains (e.g. firsthx.ca, firsthx.sa, or their sub-domains) (collectively, the “Website”)

We developed this privacy policy to be transparent and clear about our privacy practices and to inform the patients who use our Website (“you”, “your”) of our ongoing commitment to the protection of your personal information.

By accessing or using the Website, you consent to the collection, use, and disclosure of your personal information by us in accordance with this Privacy Policy.

About This Application

FirstHx’s intake application gathers targeted health-related information before your appointment so your healthcare provider can review it in advance, streamline your visit, and enhance the quality of care.

What is personal information?

Personal information, including personal health information, is information that can identify an individual or is about an identifiable individual, whether alone or combined with other information. Personal Information includes, for example, personal health information such as biometrics, health history, clinical notes, treatment plan and medical imaging.

The table below sets out the types of data we collect or process, and why we collect or process it. Please note that this is not an exhaustive list.

Category Examples Stored By
Identifying Details Name, Date of Birth, Contact Details Provider Only (removed from FirstHx after transfer)
Clinicial Information Symptoms, Medications, Allergies, Medical History, Visit-specific questions Provider & FirstHx

FirstHx retains only the minimum clinical content needed to operate and improve the application. All identifying fields are stripped before storage.

Who is Responsible for Your Information?

  • Your healthcare provider acts as the primary health-information custodian, incorporates the data into your official medical record, and keeps that record up to date.
  • FirstHx Corp. supplies and supports the software platform. We process data only under your provider’s instructions and solely to operate, secure, and improve the application.

How We Use Your Information

  • Direct Care: Your provider uses the information for diagnosis, treatment, and follow-up care.
  • Legal record-keeping: Your provider maintains the data as required by healthcare regulations.
  • System maintenance & quality improvement: FirstHx uses de-identified or aggregated information to debug issues, enhance features, and ensure reliable performance.
  • Analytics & troubleshooting: FirstHx analyzes de-identified data trends to improve user experience.

We never use your information for advertising, marketing, or profiling.

Disclosure to Third Parties

Your personal health information is not sold or shared except:

  1. With your explicit consent;
  2. When required by law (e.g. public health reporting or court order); or
  3. With trusted service partners that host or secure data for us and are contractually bound to equal or stronger privacy safeguards

Data Retention

  • Identifying Information is deleted from FirstHx immediately after secure transfer to your provider
  • De-identified clinical content remains on FirstHx’s secure servers only for the period necessary to improve the application, after which it is securely removed or anonymized beyond re-identification.

Security Measures

  • Technical: Encryption in transit and at rest, network segmentation, continuous intrusion detection.

  • Administrative: Role-based access controls, mandatory privacy training, confidentiality agreements.

  • Physical: Tier-III or higher data-centre facilities with 24/7 monitoring and restricted access.

FirstHx complies with HIPAA (USA), PHIPA (Ontario), and PIPEDA (Canada), and undergoes regular independent security audits.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal health information.

  • Request corrections to inaccurate or incomplete data.

  • Restrict or object to certain uses or disclosures.

  • File a complaint with your regional privacy commissioner or, in the U.S., the Department of Health and Human Services (HHS).

For record-related requests, contact your healthcare provider. For technical privacy inquiries, reach out to FirstHx (see below).

Changes to This Policy

We may revise this Privacy Policy periodically. Any material changes will be posted in-app and on the Website at least 30 days before they take effect.

Contact Us

If you have any questions about this privacy policy or would like to raise a concern or provide comments or suggestions about our privacy practices, please send an e-mail to info@firsthx.com. If we cannot resolve your concern, or if there is a further complaint, you have the right to contact the Office of the Privacy Commissioner of Canada at (www.privcom.gc.ca) or at 30, Victoria Street, Gatineau, Quebec, K1A 1H3, Toll-free: 1-800-282-1376, Phone: (819) 994-5444, TTY: (819) 994-6591.

FirstHx Corp.
Email: info@firsthx.com
Mailing Address: 725 Spadina Ave, Suite 300, Toronto, ON M5S 2J4, Canada

Your use of the Website and related sub-domains signifies that you have read, understood, and agreed to the practices outlined above.