Privacy policy

This Privacy Statement applies to all websites owned and operated by AgeRate, Inc., including www.AgeRate.com, and any other websites, pages, features, or content we own or operate, and to your use of the AgeRate mobile app and any related Services. The Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.

By using our Services, you acknowledge and accept the Privacy Statement. You may not be able to use the Services if you do not accept the Privacy Statement. Please carefully review this Privacy Statement. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement, you should not use our Services.

Summary

AgeRate respects your privacy and safeguards your personal and personal health data. AgeRate adheres to Canadian (Personal Information Protection and Electronic Documents Act) legislation and United States (Health Information Portability and Accountability Act) legislation in developing our Privacy Statement. AgeRate does not sell or distribute Personal Information without consent. This Privacy Statement applies to the collection and use of your Personal Information. We recommend you read the Privacy Policy in its entirety.

Purpose

This Privacy Statement applies to the collection, use and disclosure of your Personal Information in the custody and control of AgeRate. We recommend you read the Privacy Statement in its entirety.

Personal Information shall include (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act; (ii) personal health information as such is defined in the Personal Health Information Protection Act (Ontario); (iii) protected health information as defined by the Health Information Portability and Accountability Act (United States customers only), provided that for purposes of this policy, Personal Information shall not include information about AgeRate employees in such employees’ capacity as employees of AgeRate.

It is the policy of AgeRate to keep any information gathered through the use of our systems secure. As such, user information is not disclosed or shared to unauthorized third parties except as allowed by Canadian law and described herein.

AgeRate reserves the right to review the covenants contained in this Privacy Policy and to make changes. Every time that a change to this policy is made, users will be notified and the revised version will be posted on our website. By utilizing our application and/or website, or otherwise providing Personal Information to us, the user agrees to be bound by AgeRate’s Privacy Policy.


Personal and Personal Health Information

AgeRate collects information that personally identifies the user, such as but not limited to the user’s name, date of birth, biological sex, billing and shipping address, payment information, email, phone number, etc.
AgeRate collects:

  • Registration Information: information you provide during account registration or when purchasing the Services, such as a name, user ID, password, date of birth, billing address, shipping address, payment information (e.g., credit card), account authentication information, or contact information (e.g., email, phone number).
  • Epigenetic Information: information regarding your methylation biomarkers, generated through processing of your blood sample by AgeRate or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to AgeRate. 
  • Sample Information: information regarding any sample, such as a blood sample, that you submit for processing to be analyzed to provide you with Epigenetic Information, laboratory values or other data provided through our Services.
  • Self-Reported Information:​ information you provide to AgeRate including your gender, disease conditions, health-related information, traits, ethnicity, family history, or anything else you provide to us within our Service(s).
  • Biometric information:​ certain Self-Reported Information you provide to us or our service providers to verify your identity using biological characteristics.
  • User Content: information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials, other than Genetic Information and Self-Reported Information, generated by users of AgeRate Services and transmitted, whether publicly or privately, to or through AgeRate. For example, User Content includes comments posted on our Blog or messages you send through our Services.
  • Web-Behavior Information: information on how you use our Services or about the way your devices use our Services is collected through log files, cookies, web beacons, and similar technologies (e.g., device information, device identifiers, IP address, browser type, location, domains, page views).

Upon user consent, User’s Personal and Personal Health Information is disclosed to other users of the application, including the user’s Physician(s) and other Health Care Provider(s), individuals and companies managing those Physicians and Health Care Professionals, and AgeRate administrative and technology staff.

Collection, Use and Disclosure of Personal and Personal Information

AgeRate uses and discloses Personal and Personal Health Information for purposes consistent with such Personal Information’s collection. These include: the provision of our Services; the improvement of our Services and offering new products and services; informing about events; invitations to research projects; obtaining testimonials for promotional purposes; performing quality control checks; conducting another R&D; and conducting AgeRate Research. Your epigenetic information is used to generate AgeRate predictions to identify your specific biological age, and other health score developments (i.e. immune health and smoking adherence).

We use Web and In App Behavior (Google Analytics, etc.) Information to understand how users interact with our website, for R&D purposes, for quality control in order to improve our Services and to advertise products and services. This information will not be shared with any third parties without consent.

Access to private, sensitive and confidential information, including user’s Personal Information, is restricted to authorized employees with legitimate business reasons. We require all of our employees to abide by AgeRate’s privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.

Employees are strictly prohibited from accessing or disclosing Personal Information without authorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.

AgeRate will never rent or sell the personal information or personal health information it collects.

AgeRate will never disclose personal or personal health information to third parties except as contemplated in this privacy policy or as otherwise permitted by law. Further, AgeRate will never disclose Personal Information to third parties, except as required by law or upon demonstrated lawful authority, or as set out in this Privacy Policy.

AgeRate uses third-party service providers to host servers in Canada and the United States. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to AgeRate, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.

The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.

Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.


Should AgeRate conduct market or product research, it will never use Personal nor Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.

When transferring personal health information for processing with contracted laboratories, it will be anonymized to conserve privacy. We screen these research and laboratory contractors, and we subject them to the rules established by AgeRate.

Usage and Aggregate Data

AgeRate collects usage information from users to our services, which is retained as aggregate data. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. This information, as well as the Personal Information collected, enables AgeRate to analyze trends, administer AgeRate’s services and products, troubleshoot, enhance, and improve AgeRate’s services. For security purposes, AgeRate may also log IP addresses, user IDs and device identifiers when you access your data on AgeRate’s platform.


AgeRate maintains the right to inform our users about any change that may affect information collected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.

AgeRate reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.

AgeRate is not anticipating any changes in corporate status, however as we grow and develop that may change. You understand and agree that we may use your Personal Information and disclose your Personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing Personal Information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your Personal Information for substantially the same purposes as those set out in this Policy. In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your Personal Information in any manner whatsoever for any purpose, and to return or destroy such Personal Information. Personal Information that is collected online remains subject to applicable legislation and corporate policy.

Data Retention

AgeRate reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
Data will be stored indefinitely in a secure and private manner or deleted as per direction from the user as allowable by operational needs and the relevant law. AgeRate maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care.

Control of User Data

AgeRate takes reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.

AgeRate has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer (CPSO) responsible for information system monitoring and information security policy and procedure management.
The CPSO is responsible for compliance with AgeRate’s privacy program including,
• Undertaking privacy impact assessment and threat and risk assessments on a regular basis;
• Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.

AgeRate users may access their Personal Information by accessing their account and, should they require assistance, by contacting our CPSO. Our CPSO’s contact information can be found below on AgeRate’s website www.agerate.com/privacy.

Safeguard measures to ensure authorized access include: the use of a username and a password for authentication. Every user must keep their password and username safe and make sure that any person who has access to view such private information is permitted to do so. Users must contact AgeRate immediately if the user believes their password has been compromised or misused.

AgeRate stores all Personal and Personal Health Information in Canada, with servers, databases and applications in the Google Cloud Platform (Montreal) secure clouds. Google Cloud is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit Google for compliance.

Governing Law

This privacy policy shall in all respects be governed by and interpreted, construed and enforced in accordance with the laws of the Province of Ontario and the laws of Canada, and the applicable laws within the United States, including HIPAA.

You have the right to file a complaint if you do not agree with how we have used or disclosed your Epigenetic, Self-Reported, or Registration information. All complaints must be submitted in writing. Your services will not be affected by any complaints you make. We cannot retaliate against you for filing a complaint or refusing to agree to something that you believe to be unlawful. Please contact our Privacy Officer below, who will attempt to expeditiously resolve any concern or complaint you may have.

Alternatively, you can contact a data and privacy protection organization for assistance or advice.

Office of the Privacy Commissioner of Canada
Place de Ville, Tower B, 112 Kent Street
Ottawa, Ontario K1A 1H3

Toll Free: 1-800-282-1376

U.S. Department of Health & Human Services (U.S. Customers only)

200 Independence Avenue, S.W.
Washington, D.C. 20201

Toll Free Call Center: 1-877-696-6775


Contacting AgeRate

Subscribers may contact our CPSO to make inquiries on our privacy practices or to the accuracy of their personally identifiable information and to request the update, correction, or deletion of such information or account should they wish to do so. Any query, comments, or concerns can be sent to us by email at privacy@agerate.com or by mail at the following address:

AgeRate Inc.
175 Longwood Rd S, Suite B21
Hamilton, ON L8P 0A1.

Cookies

Our website may use "cookies" to enhance the user experience. Web cookies are very small text files that are stored on the user’s computer from a webpage to keep track of information about the user’s browsing on that site. The use of cookies allows us to capture standard web traffic information, such as the time and date the user visited our website, their IP address, and their browser information. In no circumstances do the cookies capture any information that can personally identify the user. The user may choose to set their web browser to refuse cookies or to alert the user when cookies are being sent. If the user sets their web browser to disable cookies, some parts of the website may not be accessible to the user.