Simuhealth Technologies Inc.
Last Updated: February 25, 2026

Thank you for choosing Simuhealth (“we,” “our,” “us”). Your privacy, trust, and confidence matter to us. This Privacy Policy explains how we collect, use, protect, and share information when you access or use our website, mobile application, and related services (collectively, the “Services”).

This policy applies when you visit our websites at https://app.simu.health, https://simu.health, https://simuhealth.com, or https://app.simuhealth.com, or any website of ours that links to this Privacy Notice, and when you engage with us in other related ways, including any marketing or events.

Simuhealth Technologies Inc. is a corporation incorporated under the laws of the Province of British Columbia, Canada. We are subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (PIPA, B.C.), as well as applicable provincial health privacy legislation. Where we collect personal information from residents of Québec, we also comply with An Act respecting the protection of personal information in the private sector (Law 25 / Bill 64).

We collect information to provide better Services, improve performance, and protect both you and our platform. We only collect what is necessary and relevant to deliver the features you use.

We collect personal information that you voluntarily provide when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

Simuhealth is a digital platform built for education, training, and simulation management in healthcare and related professional settings. Our goal is to help teams practice, prepare, and perform — in a safe and structured environment.

• Account and profile details (e.g., name, email address, job title, organization).

• Contact information when you reach out for support.

• Any content you upload or enter while using the Services.

• Technical data such as device type, IP address, browser type, usage analytics, and interaction data.

• Cookies and similar technologies used to optimize functionality.

Our servers automatically collect service-related, diagnostic, usage, and performance information when you access or use our Services. This log data may include your IP address, device information, browser type, date/time stamps, pages and files viewed, searches, and other actions you take, as well as device event information such as system activity and error reports.

We collect information about your computer, phone, tablet, or other device used to access the Services, such as IP address (or proxy server), device and application identification numbers, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

We process your personal information for the following purposes, depending on how you interact with our Services:

• To facilitate account creation, authentication, and management of user accounts.

• To deliver and facilitate delivery of Services to you.

• To respond to your inquiries and provide user support.

• To send administrative information, including details about products and services, changes to our Terms and policies, and similar information.

• To enable user-to-user communications where applicable.

• To request feedback and to contact you about your use of our Services.

• To protect our Services, including fraud monitoring and prevention.

• To identify usage trends and improve our Services.

• To save or protect an individual’s vital interest, such as to prevent harm.

We operate in accordance with PIPEDA and, where applicable, BC PIPA and Québec Law 25. We may process your personal information where:

• You have given us your express or implied consent for a specific purpose. You may withdraw your consent at any time by contacting us using the details in Section 13.

• Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

• Processing is necessary to fulfil our legitimate business interests, provided those interests are not outweighed by your privacy rights.

• Processing is required or authorized by law, including compliance with court orders, subpoenas, regulatory obligations, or statutory reporting requirements.

In exceptional cases permitted by applicable Canadian law, we may process your information without your consent, including for fraud detection and prevention, business transactions (subject to applicable conditions), investigations relating to a breach of an agreement or a contravention of Canadian law, emergency circumstances involving risk to life or safety, and other circumstances explicitly permitted under PIPEDA or provincial privacy legislation.

If you are a resident of Québec, you have additional rights under Law 25, including the right to de-indexation (removal of certain information) and the right to be informed of automated decision-making that significantly affects you. We will comply with these obligations as applicable.

If you are located in the EU, UK, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:

• Consent: where you have given us permission to use your personal information for a specific purpose. You can withdraw consent at any time.

• Performance of a Contract: where processing is necessary to fulfil our contractual obligations to you.

• Legitimate Interests: where we have a legitimate business interest that is not overridden by your fundamental rights and freedoms.

• Legal Obligations: where processing is required for compliance with applicable law.

• Vital Interests: where processing is necessary to protect your vital interests or those of a third party.

If you are in the EU or UK and believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or the UK Information Commissioner’s Office (ICO).

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).

We may share your personal information in the following limited circumstances:

• Service Providers: We use third-party service providers for hosting, authentication, analytics, customer support, and communications. Each service provider is bound by a written contract requiring them to protect your personal information and to use it only for the purpose for which it was disclosed.

• Business Transfers: We may share or transfer your information in connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you before your personal information is transferred and becomes subject to a different Privacy policy.

• Other Users: When you share personal information by posting comments, contributions, or other content to public areas of the Services, such information may be viewed by all users. Other users may also be able to view descriptions of your activity and communicate with you within our Services.

• Legal Obligations: We may disclose your personal information where required by law, court order, warrant, subpoena, or regulatory requirement.

We have not sold or shared personal information with third parties for commercial purposes in the preceding twelve (12) months, and we do not intend to do so.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to gather information when you interact with our Services. Cookies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

You may configure your web browser to refuse or remove cookies. Doing so may affect certain features or services. Specific information about how we use cookies and how you can manage your preferences is set out in our Cookie Notice. Where applicable, we will seek your consent for non-essential cookies in accordance with Canadian law.

Simuhealth Technologies Inc. is headquartered in Vancouver, British Columbia, Canada. Your personal information may be processed or stored by our service providers outside of Canada, including in the United States. When personal information is transferred outside Canada, we take steps to ensure that it receives a comparable level of protection, including by entering into data processing agreements with our service providers.

By using our Services, you acknowledge that your personal information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, which may have different data protection rules. We will always handle your information in accordance with this Privacy Policy regardless of where it is processed.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as for tax, accounting, or other legal requirements). No purpose described in this notice will require us to keep your personal information longer than the period of time in which users maintain an active account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if deletion is not immediately possible (for example, because your information has been stored in backup archives), we will securely store your personal information and isolate it from further processing until deletion is possible.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption, access controls, and regular security assessments.

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that unauthorized third parties will not defeat our security measures. You should only access the Services within a secure environment.

Under PIPEDA, we are required to notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals of any breach of security safeguards involving personal information that poses a real risk of significant harm. In the event of such a breach, we will:

• Notify the OPC as soon as feasible.

• Notify affected individuals directly as soon as feasible.

• Maintain records of all security breaches involving personal information for a minimum of two years.

If you have reason to believe that your personal information has been compromised, please contact us immediately at support@simu.health.

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent minimum age as specified by applicable law in your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age, or that you are the parent or guardian of a minor user and consent to such minor’s use of the Services.

If we learn that personal information from users under 18 years of age has been collected without verified parental or guardian consent, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from individuals under 18, please contact us at support@simu.health.

Under PIPEDA and applicable provincial privacy legislation, you have the following rights with respect to your personal information:

• Right of Access: You may request access to the personal information we hold about you, and obtain an account of how it has been used and disclosed.

• Right of Correction: You may request that we correct inaccurate or incomplete personal information.

• Right to Withdraw Consent: You may withdraw your consent to our processing of your personal information at any time, subject to legal or contractual restrictions.

• Right to Lodge a Complaint: If you are dissatisfied with our handling of your personal information, you may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca, or with your applicable provincial privacy commissioner.

Residents of Québec may also exercise rights under Law 25, including the right to de-indexation, and the right to be informed of automated decision-making that produces legal or similarly significant effects.

If you are located in the EEA, UK, or Switzerland, you have the right to: (i) request access to and obtain a copy of your personal information; (ii) request rectification or erasure; (iii) restrict the processing of your personal information; (iv) data portability where applicable; (v) object to processing; and (vi) not be subject to automated decision-making. Where a decision producing legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a way to request human review.

Residents of certain US states (including California, Colorado, Connecticut, Virginia, and others) may have additional rights under applicable state privacy laws, including the right to access, correct, delete, or obtain a copy of personal information we hold about you, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under applicable US state laws.

To exercise any applicable rights, please contact us at support@simu.health. We will respond in accordance with the requirements of applicable law.

If you would like to review, update, or terminate your account at any time, please contact us using the information in Section 14. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain certain information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, and/or comply with applicable legal requirements.

Most web browsers and some mobile operating systems and applications include a Do-not-track (“DNT”) feature or setting that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this Privacy Notice.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Last Updated” date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice periodically to stay informed of how we are protecting your information.

If you have questions or comments about this notice, or to exercise any of your privacy rights, you may contact us at:

Simuhealth Technologies Inc.
777 Hornby Street, Suite 1500
Vancouver, British Columbia  V6Z 1S2
Canada
Email: support@simu.health

To lodge a complaint with the federal privacy regulator:‍

Office of the Privacy Commissioner of Canada (OPC)
30 Victoria Street
Gatineau, Québec  K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

To lodge a complaint with the BC provincial privacy commissioner:

Office of the Information and Privacy Commissioner for BC (OIPC)
PO Box 9038, Stn Prov Govt
Victoria, British Columbia  V8W 9A4
Website: www.oipc.bc.ca

Based on the applicable laws of your country or province/state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, corrections to inaccuracies, or deletion of your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in certain circumstances by applicable law.

To request to review, update, or delete your personal information, please contact us at support@simu.health. We will respond within 30 days of receiving your request, or such other period as required by applicable law.