Dialogue Privacy Policy

Date of last revision: June 30, 2026

At a glance

  • We use your personal information to provide your health and wellness services.

  • We protect it for as long as needed, then securely destroy it.

  • We never sell it. Ever.

  • Your organization cannot see your specific information.

  • Safely access your information via the app or by contacting support.

 

Content

  1. About this Policy

  2. What Information We Collect

  3. How We Use Your Information

  4. Who Can See Your Information

  5. Where We Store Your Information

  6. How We Protect Your Information

  7. How Long We Keep Your Information

  8. Cookies and Similar Technology

  9. Communications

  10. Your Rights and Actions

  11. Changes to This Policy

  12. Contact Us 

 

1. About This Policy

Dialogue operates an integrated health platform that gives you access to health and wellness services. This policy explains how we collect, use, and protect your personal information when you interact with us.

Personal information means any information that identifies you, or that can reasonably be used to identify you. This includes information about your health.

Who this policy applies to

This policy applies to Members, meaning individuals who access Dialogue services through a program offered by an employer, association, or other sponsoring organization. It also applies to guardians who accept this Policy on behalf of their dependents, and to anyone who contacts us directly with a question, request, or concern.

Our services

At Dialogue, we offer health and wellness services through an integrated health platform. These may include clinical services with healthcare professionals, mental health support, employee assistance programs (EAP), as well as wellness tools and content. The services available to you depend on what your organization has selected.

You may access Dialogue's services directly through our app, website, call center, or through a partner-branded application provided by Dialogue such as Consult+ (Canada Life) or Lumino Health Virtual Care (Sun Life). In this policy, "app" refers to any of these access points.

Applicable laws

We process your personal information in accordance with privacy and health privacy laws applicable in all provinces or territories where we operate in Canada. For example, Dialogue's processing of Albertans’ personal information is subject to Alberta's Personal Information Protection Act (PIPA) and, for health information, the Health Information Act (HIA).

 

2. What Information We Collect

We collect personal information from three sources: directly from you, automatically through your use of the platform, and from your organization.

What you give us directly

  • Account information. Your name, date of birth, gender, email address, phone number, and your connection to your organization.

  • Clinical information. Your symptoms, medical history, medication, diagnoses, test results, and other information you share when you interact with our app and our personnel.

  • Wellness information. If you use our wellness features, we collect your fitness activity, health habits, and challenge participation. If you choose to connect a fitness tracker or health app to Dialogue, we receive information from that source. We only access what you actively authorize.

  • Identification documents. When required for certain services, we may collect your health card information or other government-issued ID.

  • Communications. Information you share when you contact our team or respond to surveys.

What we collect automatically

  • Device and connection information. Browser type, operating system, IP address, and device identifiers.

  • Usage information. How you navigate the platform, which features you use, and session activity.

  • Cookies and similar technologies. See Section 8 for more detail.

What we receive from your organization

  • Eligibility information. Your name, email address, sometimes your date of birth or employee ID, and information about your organization (e.g. office location, work team), to correctly identify you.

 

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing your services. We use your information to deliver the health and wellness services you request, manage your account and consultations, verify your eligibility, and communicate with you.

  • Supporting your care. Only authorized people in our care and support teams can access the information needed to help manage your services, respond to your requests, or assist with issues such as technical or consultation support. Access is strictly limited to what each person needs to do their job.

  • Keeping your services running smoothly. We may use information about how our platform is used to help maintain, support, and troubleshoot your services to make them better. When we do this, we apply appropriate protections, including de-personalization, hashing, and other technical measures, to limit the use of identifiable information. We never use your information for other technical or commercial purposes, and we never sell it.

  • Conducting optional surveys. From time to time, we may invite you to participate in surveys, questionnaires, or interviews to help us understand your experience with our services. Participation is always voluntary. If an activity requires additional consent, we will ask for it specifically.

  • Communicating with you. We use your contact information to send you account notifications, health and wellness content, service updates, and to respond to you. See Section 9 for how to manage your communication preferences.

  • Comply with the law. We may use your information to detect and prevent fraud, enforce our Terms of Use, and meet our legal and regulatory obligations.

  • Aggregate reporting. We may provide your organization with aggregated statistics when minimum thresholds are met, for example, the total number of consultations over a period of time by Members in your organization. Personal health information, including any information related to your specific health, diagnoses, or consultations, is never shared with your organization.

  • Leverage vendors. We work with a range of vendors who help us operate our platform and services. These include technology and hosting providers, analytics tools, customer support platforms, payment processors, and other Software as a Service (SaaS) vendors. They process certain personal information on our behalf and are bound by contract to protect it and use it only as we direct.

 

4. Who Can See Your Information

Dialogue personnel

Members of our team, including practitioners, care coordinators, and support specialists, may access your information on a need-to-know basis to provide the services you request or to assist with troubleshooting. Access is strictly limited to the minimum information required for each person to perform their role.

External resources and referrals

When a practitioner must share information or make a referral on your behalf, for example to an external practitioner, specialist, pharmacy, or laboratory, they will confirm your preferences with you and obtain your consent before sharing your information.

Wellness challenge leaderboards

Our wellness program includes individual and team challenges. If you participate in a challenge, your name, ranking and activity metrics may be visible to other registered Members of your organization in the app. Leaderboard information may be shared with your organization for challenge-related initiatives, such as administering prizes or recognition.

Legal and regulatory requirements

We may share some of your information when legally required by a court or authority, or when allowed by law, for example to protect a child or someone in danger.

 

5. Where We Store Your Information

Your information is stored in Canada.

Sometimes, trusted vendors handle limited, non-sensitive information outside of Quebec or Canada to help us run things like customer support, in-app feedback, or payment processing. We strictly vet every vendor’s security and privacy practices beforehand, ensuring your information is protected with safeguards that are equivalent to those required locally.



6. How We Protect Your Information

We take privacy and security seriously. Our program includes:

  • Certified facilities. Our data centers meet strict international standards (ISO 27001) and pass independent security audits (SOC 2 Type II) every year.

  • Total encryption. All video, audio, and written consultations are end-to-end encrypted. Your information is always encrypted, whether it’s moving or stored.

  • Strict access controls. Only team members who strictly need your information to do their jobs are authorized to see it. Every look at your information is logged and monitored.

  • Team training. Every employee and contractor must complete privacy and security training.

  • Vendor oversight. We thoroughly vet every vendor before working with them, including our cloud, analytics, and artificial intelligence (AI) vendors. Every vendor is legally bound by strict privacy rules.

 

7. How Long We Keep Your Information

We keep your information only for as long as needed to provide you with our services, or as required by law.

Clinical records created by our practitioners must be kept for a minimum amount of time based on rules that vary by province and territory. If you ask us to delete your clinical records during this mandatory period, we cannot fulfill your request until that timeframe has passed. Once it has, we will be able to delete them.

When information is no longer needed and there is no legal requirement to keep it, we securely dispose of it following our internal policies.

 

8. Cookies and Similar Technology 

We use cookies and similar tracking technologies to keep our website and platform running smoothly, understand how they are used, and deliver relevant content.

  • Strictly necessary cookies. These are essential for core functionality, security, and fraud prevention. Because the platform needs them to work safely, they cannot be turned off.

  • Analytics cookies. These help us understand how Members use the platform so we can improve the experience. You can opt out of these anytime in your app or browser settings.

  • Marketing cookies. These help us measure how effective our communications are. You can also turn these off through your app or browser settings.

  • Web beacons (pixels). These are tiny pieces of code in our webpages and emails that tell us if content was viewed or a link was clicked. They help us measure performance and never collect information that identifies you. You can block them by disabling automatic image loading in your email settings.

 

9. Communications

We send health and wellness content, service updates, and program information. Here is how each type of communication works, and how you can manage your preferences:

  • Monthly newsletter. We send these to Members once a month with helpful tips and updates. You can unsubscribe at any time using the link in the email footer.

  • Push notifications. We use these to send wellness content, challenge reminders, and habit updates. You can manage individual notification categories at any time in your profile settings.

  • Campaigns. Occasionally, we email specific groups of Members; for example, to let you know about a service you have access to but haven’t tried yet. You can unsubscribe at any time using the link in the email footer.

  • Essential communications. You cannot opt out of core service messages, such as account confirmations, consultation reminders, and clinical notifications.

 

10. Your Rights and Actions  

Understanding your consent

When you create a Dialogue account, you agree to how we handle your personal information as described in this policy.

If you are setting up an account for a dependent who is under 14 years old, or someone who cannot legally consent on their own, you provide consent on their behalf. Members who are 14 or older and able to consent must create their own account and give their own consent.

Accessing your information

You can view some of your information directly in the app, such as your profile information, care plans, and messages with our care team. To request a copy of your full clinical record or other personal information, contact our support team at support@dialogue.co. Please note that releasing clinical records is subject to clinical review. When requested, we will provide your information in a structured, commonly used electronic format so you can view it or share it with an external practitioner or organization.

Correcting your information

You can update most of your account information directly in the app. If you need to correct something that cannot be edited in the app, or if you want to request a change to clinical content, contact our support team at support@dialogue.co. Please note that any updates to clinical content are subject to clinical review.

Limiting access to your information

You can ask us to limit who can see your health information, such as requesting to restrict certain practitioners from accessing some or all of your clinical records. We will handle these requests based on the rules that apply in your province or territory.

Closing your account

You can close your account through the "Close Account" option in the app or by emailing support@dialogue.co. Once your account is closed, we will stop using your information in the future.

If you have had at least one clinical consultation through Dialogue, your account will be archived rather than deleted. This is required by law, as regulations set mandatory minimum periods during which clinical records must be kept, even if you ask us to delete them. While your account is archived, it is no longer accessible on our platform. Once the mandatory retention period has passed, all associated information will be securely destroyed following our internal policies.

Filing a complaint

If you have concerns about how we handle your personal information, please contact our Privacy Officer at privacy@dialogue.co. If you are not satisfied with our response, you can file a complaint with your provincial, territorial, or federal privacy regulator. Contact information for these regulators is included at the end of this policy.

Being notified of a privacy incident

If Dialogue experiences a privacy incident that creates a risk of serious injury or a real risk of significant harm to you, we will notify you and the applicable privacy regulator. We will tell you what happened, what information was involved, and the steps we have taken to address the situation.

 

11. Changes to This Policy

This policy may be updated from time to time to reflect changes in our practices, legal requirements, or how we handle your information. You can always find the most recent version at www.dialogue.co. If we make important changes to how we collect, use, or protect your information, we will let you know. In some cases, we may ask you to review and accept the updated policy in the application.

 

12. Contact Us

Our Privacy Officer is responsible for overseeing our privacy practices and is your point of contact for any questions, requests, or concerns regarding them.

 

Dialogue Health Technologies Inc.

Privacy Officer

2200 Stanley St., 2nd Floor, Montreal, Quebec H3A 1R6

privacy@dialogue.co

 

If you are not satisfied with our response, you can submit an inquiry or file a complaint with your privacy regulator:

 

Province / Territory

Regulator and contact

Alberta

Office of the Information and Privacy Commissioner | oipc.ab.ca

British Columbia

Office of the Information and Privacy Commissioner | oipc.bc.ca

Manitoba

Office of the Ombudsman | ombudsman.mb.ca

New Brunswick

Office of the Ombud | ombudnb.ca

Newfoundland and Labrador

Office of the Information and Privacy Commissioner | oipc.nl.ca

Northwest Territories

Office of the Information and Privacy Commissioner | oipc-nt.ca

Nova Scotia

Office of the Information and Privacy Commissioner | oipc.novascotia.ca

Nunavut

Access to Information and Protection of Privacy Commissioner | atipp-nu.ca

Ontario

Information and Privacy Commissioner of Ontario | ipc.on.ca

Prince Edward Island

Office of the Information and Privacy Commissioner | assembly.pe.ca

Quebec

Commission d'accès à l'information | cai.gouv.qc.ca

Saskatchewan

Office of the Information and Privacy Commissioner | oipc.sk.ca

Yukon

Information and Privacy Commissioner | yukonaccountability.ca

Federal (PIPEDA)

Office of the Privacy Commissioner of Canada | priv.gc.ca