top of page
Privacy Policy | D2Type
Privacy Policy | D2Type
Privacy Policies | D2Type Health Inc.
Privacy Policy | D2Type

D2Type Health, Inc. (“D2Type,” “we,” “us,” or “our”) provides a website, mobile application, and related digital health services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, store, retain, and protect personal information and health-related information when you use our Services.

At this stage, D2Type operates primarily as a digital health app and service provider.

By creating an account, using the Services, connecting an integration, uploading information, enabling notifications, or otherwise providing information to us, you acknowledge that your information will be handled as described in this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to information we collect:

  • directly from you;

  • automatically when you use the Services;

  • from connected devices, operating-system health platforms, and approved integrations you authorize;

  • from clinicians, referrers, or authorized partners involved in your program, where applicable; and

  • from records of your consents, permissions, policy acceptance, and service interactions.

This Privacy Policy does not apply to third-party websites, apps, devices, or services that we do not own or control, even if they link to or integrate with our Services. Those third parties have their own privacy practices and terms.

2. Information We Collect

We collect the minimum information reasonably necessary to operate the Services, provide support, personalize the experience, maintain security, support clinical workflows, and meet legal and compliance obligations.

A. Identity and Account Information

We may collect:

  • full name;

  • preferred name;

  • date of birth or age;

  • gender, where you choose to provide it;

  • email address;

  • phone number;

  • address, where needed;

  • account identifiers, user IDs, patient IDs, or partner-issued identifiers.

We use this information to create and administer accounts, authenticate access, communicate with you, match records across systems, provide support, and deliver the Services.

B. Clinical and Health Information

We may collect health-related information that you provide or authorize us to receive, including:

  • medical conditions;

  • comorbidities or risk factors;

  • medications;

  • lab results;

  • vital signs;

  • referral information;

  • physician notes, clinical notes, provider-authored observations, and related attachments or summaries, where available in the Services; and

  • lab result files that you upload through in-app features.

We use this information to support program delivery, clinician workflows, personalization, monitoring, care coordination, summaries, follow-up, and authorized service functions.

C. Lifestyle and Behavioral Information

We may collect information such as:

  • food and nutrition data;

  • physical activity;

  • sleep data;

  • stress, mood, or wellness inputs;

  • habit tracking entries;

  • survey responses;

  • progress information; and

  • user responses to coaching or clinical prompts.

We use this information to support personalized recommendations, habit-building, progress tracking, summaries, reminders, and service improvement.

D. Device, Sensor, and Integration Information

If you choose to enable integrations or device permissions, we may collect or receive information such as:

  • steps;

  • exercise and activity data;

  • distance;

  • calories burned;

  • sleep metrics;

  • heart rate;

  • weight;

  • blood glucose;

  • blood pressure; and

  • other health-related metrics made available through approved integrations you authorize.

These data may come from services or integrations such as Apple Health and Google Health Connect, as well as other approved sources you authorize.

E. Communications and Service Interaction Information

We may collect information related to your interactions with us, including:

  • messages between you and coaches, clinicians, support staff, or authorized personnel;

  • service-related emails;

  • account-setup emails;

  • account-related emails;

  • SMS confirmation codes;

  • push notifications delivered through systems built by our team;

  • messages exchanged through in-app chat or inbox features built by our team;

  • attachments you upload or send through in-app chat features;

  • support emails; and

  • support tickets, inquiries, and feedback.

We use this information to provide support, deliver requested messages, verify access, coordinate care and service workflows, and maintain records of service interactions.

F. Technical, Device, and Usage Information

When you use the Services, we may automatically collect technical and operational information such as:

  • IP address;

  • device type;

  • operating system;

  • browser type;

  • app version;

  • login timestamps;

  • session activity;

  • system logs;

  • usage logs; and

  • error logs and crash-related records.

We use this information for security, fraud prevention, troubleshooting, reliability, performance monitoring, internal analytics, and service improvement.

G. Consent, Legal, and Compliance Records

We may maintain records of:

  • your consent choices;

  • your acceptance of our Terms and Privacy Policy;

  • permissions granted for integrations or data sharing;

  • communications about privacy choices;

  • records of withdrawal, revocation, or changes to permissions; and

  • audit and compliance logs related to access and use.

We use these records to demonstrate what you agreed to, manage permissions, investigate issues, respond to requests, and meet legal and compliance obligations.

H. Food Images and Related Inputs

If you use food intake features, we may collect food images and related user inputs that you submit through the Services for lifestyle-management purposes.

We use this information to support food intake logging, lifestyle coaching, and food-image analysis features.

Food/nutrition lookup or recipe-related functionality may be supported by FatSecret where enabled. FatSecret is used for food/nutrition information and recipe-related support, and is not used for diagnosis, treatment, medication review, lab-result interpretation, emergency triage, or clinician replacement.

I. Billing and Transaction Information

If you purchase paid services, we may collect billing and transaction-related information necessary to process payment, maintain transaction records, provide customer support, and meet legal, accounting, and compliance obligations.

This may include billing contact details, payment status, transaction identifiers, plan or subscription details, invoices, receipts, and related account records.

3. How We Collect Information

We collect information in several ways:

  • when you enter it into registration, onboarding, intake, profile, clinical, survey, messaging, or billing features;

  • when you communicate with us through the Services;

  • when clinicians, referrers, or authorized partners submit information through approved workflows;

  • when you connect Apple Health, Google Health Connect, or another approved integration;

  • when you upload lab results through in-app features;

  • when you upload attachments through in-app chat features;

  • when you submit food images or related inputs through the Services; and

  • when our systems generate logs, access records, and technical metadata as part of operating the Services.

Some information is required to create and operate your account and core service features. Other information is optional and collected only if you choose to provide it or enable a feature that depends on it.

4. How We Use Information

We may use personal information and health-related information to:

  • create, maintain, and secure your account;

  • authenticate access and verify identity;

  • provide the Services and features you request;

  • support lifestyle coaching, educational support, summaries, and workflows;

  • support clinician review and program delivery;

  • receive, display, sync, and analyze device and integration data you choose to connect;

  • process lab result uploads you submit in-app;

  • store and manage chat attachments you submit through in-app features;

  • analyze food images and related inputs for food intake and lifestyle-management features;

  • support food/nutrition lookup, nutrition information, and recipe-related functionality where enabled;

  • communicate with you about your account, support, service operations, and requested notifications;

  • send one-time passcodes, push notifications, and service-related confirmations;

  • send account-setup, account-related, and service-related emails;

  • process billing and maintain transaction records where paid services are offered;

  • maintain records of your permissions, notices, and consent choices;

  • detect fraud, investigate misuse, and monitor system security;

  • troubleshoot errors and improve reliability and performance;

  • improve our Services, workflows, and user experience; and

  • comply with applicable law, contractual obligations, audits, regulatory requests, and legal claims.

We do not collect information simply because it is available. Our intention is to limit collection to information that has a real operational, support, clinical-workflow, security, compliance, or service-related purpose.

5. Consent and User Choice

We collect, use, and disclose information with your consent and as otherwise permitted or required by applicable law.

Some information is necessary to provide the Services, such as core account, authentication, security, support, and program-operation information. Other information is optional, including many profile fields, lifestyle entries, connected integrations, food-image features, push notifications, and certain data-sharing features.

For more sensitive information, including health-related information, connected-device data, clinician-shared data, and authorized disclosures, we rely on clear notices and consent flows where appropriate.

You may withdraw certain optional consents or permissions going forward, subject to legal, contractual, clinical-record, safety, audit, backup, and record-integrity limitations. If you disable a permission or withdraw consent, some features may stop working.

6. OpenAI Chatbot and Food Image Analysis

D2Type currently uses OpenAI to support:

  • chatbot-based question-and-answer interactions;

  • lifestyle-management coaching; and

  • food intake imaging and analysis features.

At this time, D2Type does not use OpenAI for lab-result analysis, diagnosis, physician-note review, medication review, health-related clinical support, final clinical decisions, triage, escalation, or clinician replacement functions.

Users should avoid submitting information through these features that is not reasonably necessary for the lifestyle coaching, question-and-answer, or food intake interaction they are requesting.

7. Clinician Notes and Records Notice

D2Type supports clinician-related workflows that may include physician notes, clinical notes, provider-authored observations, related attachments or summaries, and lab result files uploaded through in-app features.

These records may be collected, used, and disclosed as part of service delivery, coordination, review, follow-up, documentation, and authorized clinical workflows. Access to these records is limited based on role, need-to-know, and system permissions.

Where permitted by law and appropriate to the nature of the record, individuals may request access to or correction of personal information contained in these records. In some cases, maintaining record integrity may require that a record be supplemented, annotated, or corrected through an addendum rather than deleted or rewritten.

At this stage, D2Type remains primarily a digital health app and service provider. If D2Type later expands into more formal clinical-record custody or regulated provider-record management workflows, we may issue an additional clinician or records notice and update this Privacy Policy accordingly.

8. How We Share Information

We do not sell your personal information. We disclose information only as reasonably necessary for the purposes described in this Privacy Policy, with your consent, or as permitted or required by law.

We may share information with the following categories of recipients:

A. Internal Personnel

Authorized employees, contractors, clinicians, coaches, support personnel, operations staff, and privacy/compliance personnel may access information based on role, need-to-know, and system permissions.

B. Service Providers and Infrastructure Vendors

We may share information with service providers that help us operate the Services, including providers of hosting, storage, backup, messaging, AI processing, authentication infrastructure, logging, communications, and payment support. Based on the information currently provided, these may include:

  • Google Cloud Provider (GCP) for hosting, storage, database, backups, authentication infrastructure, and logging/crash infrastructure in Canada;

  • Google / Gmail for sending account-setup emails, account-related emails, and certain service-related emails;

  • Plivo for SMS confirmation codes;

  • Mailgun for support-email delivery workflows;

  • OpenAI for chatbot-based Q&A, lifestyle-management coaching, and food intake image analysis; and

  • Apple Health and Google Health Connect in connection with user-authorized integrations.

  • FatSecret for food/nutrition lookup, nutrition information, and recipe-related functionality where enabled.

The patient support chat, push notification systems, and in-app inbox features are built internally by D2Type.

Lab result files uploaded in-app and attachments submitted through in-app chat are not shared with third parties except as necessary to store, secure, back up, process, or operate the Services through D2Type’s infrastructure and service providers.

C. Clinicians, Referrers, and Authorized Partners

Where applicable to your program and appropriately authorized, we may share relevant information with clinicians, referrers, and authorized partners involved in your service or care workflow.

D. Legal, Safety, and Compliance Disclosures

We may disclose information when necessary to:

  • comply with applicable law, regulation, court order, or lawful request;

  • respond to regulators or government authorities;

  • enforce our agreements;

  • investigate fraud, misuse, or security incidents; or

  • protect the rights, safety, property, or security of D2Type, our users, or others.

E. Corporate Transactions

We may disclose information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction, subject to appropriate confidentiality and legal safeguards.

9. Data Location, Storage, and Cross-Border Processing

D2Type’s primary production environment, database/storage environment, backup environment, authentication/account-access infrastructure, logging/crash infrastructure, and internal notification/chat systems are operated on GCP in Canada.

However, some information may be processed, transmitted, or accessed outside Canada when certain third-party services or integrations are used. Based on the information currently provided:

  • Apple Health and Google Health Connect may process or transmit health-related information you choose to connect;

  • Google / Gmail may process personal information used for account-setup, account-related, and certain service-related emails;

  • Plivo may process personal information used for SMS confirmation codes;

  • Mailgun may process personal information used for support-email delivery workflows; and

  • OpenAI may process information that users submit through chatbot-based Q&A, lifestyle-management coaching, and food intake image analysis features.

  • FatSecret may process information used for food/nutrition lookup, nutrition information, and recipe-related functionality where enabled.

As a result, some information may be subject to the laws of jurisdictions outside your province or country of residence.

10. Authentication, Access Controls, and Security

Authentication and account-access controls are operated internally by D2Type on GCP.

We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. These safeguards may include:

  • access controls and role-based permissions;

  • authentication and session controls;

  • encryption in transit;

  • encryption at rest where implemented;

  • logging and monitoring of system activity;

  • access review processes;

  • vendor controls and security practices; and

  • incident response and remediation measures.

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11. Internal Analytics, Cookies, and Similar Technologies

We may use cookies, local storage, session tools, push-notification settings, and similar technologies necessary to operate, secure, and improve the Services.

D2Type currently performs analytics internally rather than using a third-party analytics vendor for general product analytics. Technical logs and usage data may be used for internal analytics, performance monitoring, troubleshooting, and service improvement.

We do not currently state in this Privacy Policy that we use third-party advertising cookies or third-party advertising partners.

12. Retention

We retain information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, provide the Services, maintain required records, resolve disputes, enforce agreements, and satisfy legal, security, audit, and operational requirements.

Unless a longer period is required by law, or a shorter period is operationally appropriate for a specific category of data:

  • health and program records are retained for 3 years after the end of the service period;

  • security and audit logs are retained for 12 months;

  • application, debug, and crash logs are retained for 90 days;

  • consent records are retained for the life of the account plus 3 years; and

  • where information is no longer required, D2Type will securely delete it or irreversibly de-identify it within approximately 30 to 60 days, except where information must be retained for backups, legal obligations, security purposes, fraud prevention, audits, or record-integrity needs.

13. Your Rights and Choices

Subject to applicable law, you may have the right to:

  • request access to your personal information;

  • request correction of inaccurate or incomplete information;

  • withdraw certain optional consents going forward;

  • manage communication preferences;

  • disable optional integrations or device permissions;

  • manage notification preferences, where available;

  • request deletion, subject to legal and operational limits; and

  • request information about how we collect, use, or disclose your information.

Some information cannot be fully deleted on demand. For example, we may need to retain certain records for legal compliance, fraud prevention, security, dispute resolution, backups, auditability, or clinical/program record integrity.

Requests may be submitted to the Privacy Officer via email (mehdi@d2type.com).

14. Communications

We may send you service-related communications necessary to operate your account, provide support, deliver requested features, send confirmation codes, send push notifications you enable, maintain program operations, or protect the security of the Services.

At present, D2Type sends service-related communications only and does not currently send promotional marketing communications.

15. Children

The Services are intended only for individuals 18 years of age or older. We do not knowingly collect personal information from individuals under 18 in a manner not permitted by law. If we learn that information has been collected from a person under 18 contrary to this policy or applicable law, we will take appropriate steps to review and address the issue.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version in the Services and revise the “Last Updated” date above. Where required, we will provide additional notice.

17. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your information, contact:

Privacy Officer
D2Type Health, Inc.
Email: mehdi@d2type.com
Rights request channel: support@d2type.com
Mailing address: 522-3563 Ross Drive, Vancouver, BC, Canada, V6S 0L3

Last Revised: May 2026

bottom of page