Skip to content
ally
← Back to Ally

Privacy Policy

Effective Date: January 1, 2026

Version: 1.0

Important: Ally collects and uses personal health information as described in this policy. By using Ally, you consent to these practices. Residents of Ontario should also refer to our obligations under the Personal Health Information Protection Act (PHIPA).

1. About This Policy

Ally Health Technologies Inc. (“Ally,” “we,” “our,” or “us”) operates an online marketplace connecting clients with caregivers. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Ontario’s Personal Health Information Protection Act (PHIPA), and applicable provincial privacy legislation.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

  • Full name and date of birth
  • Email address and phone number
  • Home address
  • Profile photo (optional)
  • Preferred language

2.2 Health and Care Information (Clients and Recipients)

When you add a care recipient profile (e.g., a family member receiving care), we collect:

  • Recipient’s name, date of birth, and contact information
  • Health conditions, mobility needs, and care tasks required
  • Medical notes and special instructions
  • Emergency contact information

This information may constitute personal health information under PHIPA.

2.3 Provider Credentials

  • Professional qualifications and certifications
  • OPSWA badge / background check documentation
  • Languages spoken and service regions
  • Government-issued identification (for verification)

2.4 Booking and Usage Data

  • Booking history, visit requests, and job records
  • Messages sent through the Ally platform
  • Payment records (processed by third-party payment providers)

2.5 Device and Usage Data

  • IP address, browser type, and operating system
  • Pages visited and features used within the app
  • Log data and error reports

3. How We Use Your Information

We use your personal information to:

  • Create and manage your account
  • Match clients with suitable healthcare providers
  • Facilitate booking, scheduling, and visit coordination
  • Send booking confirmations, updates, and care reminders
  • Conduct safety screening and credential verification of Providers
  • Resolve disputes and enforce our Terms of Service
  • Improve platform features and user experience
  • Comply with legal and regulatory obligations
  • Send administrative and service-related communications

We do not sell your personal information to third parties for marketing purposes.

4. Disclosure to Third Parties

We disclose personal information only as necessary for the operation of the platform:

4.1 Third-Party Service Processors

ProviderPurposeData Shared
Auth0 (Okta Inc.)Identity and authenticationEmail, name, account metadata
Amazon Web Services (AWS)Cloud data storage and infrastructureAll platform data (encrypted at rest)
TwilioIn-app messaging and SMSMessages, user identifiers
Postmark (Wildbit LLC)Transactional email deliveryEmail address, message content
Google Maps PlatformAddress autocomplete and location servicesAddress queries
Background check providersProvider screening (OPSWA / criminal record checks)Provider identity and consent

4.2 Other Disclosures

We may also disclose information:

  • To Providers you book, to the extent necessary to deliver services (including recipient care information)
  • When required by law, court order, or regulatory authority
  • To prevent fraud, abuse, or imminent harm to any person
  • In connection with a business transaction (merger, acquisition) — with notice

5. Cross-Border Data Transfers

Ally is operated from Canada. However, some of our third-party service providers (including AWS, Auth0, Twilio, and Postmark) process data on servers located in the United States or other jurisdictions. By using Ally, you consent to the transfer of your personal information to these jurisdictions, which may have different privacy laws than your province of residence. We take contractual and technical measures to protect your information during such transfers.

6. Personal Health Information (PHIPA)

For users in Ontario, information about a care recipient’s health conditions, care needs, or medical history may constitute personal health information under PHIPA. Ally acts as a non-health-information custodian agent — we store and transmit health information on behalf of clients and providers for the sole purpose of facilitating care. We do not use personal health information for any secondary purpose (e.g., marketing, research) without your explicit consent.

Providers who access recipient health information through Ally are independently responsible for complying with PHIPA in their capacity as health information custodians or agents.

7. Data Retention

We retain personal information as follows:

  • Active accounts: for the duration of your account plus 7 years for legal and tax purposes
  • Health tracking data: purged after 365 days of inactivity
  • Cancelled jobs: deleted after 90 days
  • Expired visit requests: deleted automatically via database TTL
  • Messages: retained for the life of the conversation, or until account deletion

You may request earlier deletion of your data — see Section 8 below.

8. Your Privacy Rights

Under PIPEDA and applicable provincial law, you have the right to:

  • Access: request a copy of the personal information we hold about you
  • Correction: request correction of inaccurate or incomplete information
  • Deletion: request deletion of your personal information, subject to legal retention obligations
  • Withdrawal of consent: withdraw consent to non-essential uses of your information; note that withdrawal may affect your ability to use certain features
  • Complaint: file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca

To exercise any of these rights, contact our Privacy Officer at info@allyhealth.co. We will respond within 30 days.

9. Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption in transit (TLS) and at rest (AWS encryption)
  • Access controls and role-based permissions
  • Presigned URLs with short expiry for document access (never public URLs)
  • Regular security reviews and dependency updates

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notifying affected users of any breach as required by applicable law.

10. Cookies and Tracking

Ally uses session cookies necessary for authentication and platform functionality. We do not use third-party advertising cookies or cross-site tracking. You may disable cookies in your browser, but some features may not function correctly.

11. Children’s Privacy

Ally is intended for users aged 18 and over. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at info@allyhealth.co.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 30 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy. The version number and effective date at the top of this page indicate the current version.

13. Contact — Privacy Officer

For privacy-related questions, concerns, or requests:
Privacy Officer, Ally Health Technologies Inc.
Email: info@allyhealth.co

Terms of ServiceBack to Ally