ForaHealthyMe Inc. Privacy Policy

By accessing this web and mobile application, you acknowledge and consent to the Terms of Use and Privacy Guidelines. If you do not wish to consent, please do not proceed with creating an account. You can, at any point, delete the account created. Your site administrator will be notified of your choice.

The platform and all mobile applications are developed and operated by ForaHealthyMe Inc. ForaHealthyMe Inc., a registered corporation in Ontario, Canada. The company delivers Digital, Virtual & Artificial Intelligence Simulation technologies to treat & manage patients with complex chronic, acute & mental health care issues.

Risks and Benefits


The information and tools on the platforms are designed to be used based on a recommendation from your health provider. The tools are intended to complement, NOT replace your required interactions with your health provider. Always listen to the advice and recommendations given by your health provider.

ForaHealthyMe Inc. is a Microsoft partner. The company stores all data and assets on Microsoft Azure Cloud service. Azure is a cloud computing platform that helps secure data, protects data privacy and support compliance with global standards. ForaHealthyMe Inc. uses Azure to manage all applications, data content, virtual machines, access credentials, and compliance with regulatory requirements applicable to Canadian privacy laws including the seven foundational principles Privacy by Design (PbD) document laid out under the Information Privacy Commission of Ontario.

Information on Microsoft Azure, its security and privacy framework can be found at the Microsoft Trust Center.

ForaHealthyMe Inc. uses Microsoft’s Kinect sensor in combination with its camera, microphone, and infrared sensor to enable motion tracking in its pre/post-op exercise protocols.

To learn more about Kinect, for Xbox 360, see Kinect and Xbox 360 privacy . For Xbox One, see Kinect and Xbox One Privacy.

This policy and the ForaHealthyMe platform have been modified (April 15, 2017) to reflect the 10 privacy principles of the Canadian Standards Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96) and the Personal Health Information Protection Act (Canada) and its regulations as well as the United States of America Health Insurance Portability and Accountability Act of 1996 (HIPAA), which was enacted August 21, 1996 to protects personal health information (PHI).

This Act was modified in 2000 by the US Department of Health and Human Services (HHS) to include the “Privacy Rule,” to address the use and disclosure of individuals’ health information, and provides standards for individuals’ privacy rights under HIPAA.

Changes to Policy

On an ongoing basis, site modifications are made to reflect best practice and guidelines from Privacy Commissioner of Canada, with respect to emerging Consumer Health Applications (CHA) and Consumer Health Platforms (CHP). Consumer Health Applications (CHA) and Consumer Health Platforms (CHP) are categorized under a broad range of health IT systems that serve the patient or individual, and allow them to access the health system via some computing device. The device could be a person’s/patient’s home computer, laptop, tablet, mobile phone or other networked computing device.

Any changes to the way that data is handled by ForaHealthyMe Inc., or new data collected, as ForaHealthyMe Inc’s. functionality develops and the applications grow, will be posted here. Appropriate notifications will be posted when modifications are made. It is the intention that ForaHealthyMe Inc. will always hold true to its principal objective regarding data privacy, as detailed above. If the ownership or management of the organization changes, every effort will be made to ensure that the principles outlined above are adhered to.

Site Security

Our storage devices are protected behind firewalls. Security and boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.

We use the same SSL protocol used by millions of e-Business providers to protect their customers, ensuring their online transactions remain confidential. As a security protocol, SSL encryption is utilized to transmit confidential data, passwords or any personal information.

Microsoft Azure employs a risk-management model of shared-responsibility between ForaHealthyMe Inc. and Microsoft. Microsoft is responsible for the platform including services offered, and seeks to provide a cloud service that can meet the security, privacy, and compliance needs of its customers. Microsoft Azure services are audited by independent external auditors under industry standards, including ISO 27001. Microsoft’s ISO 27001 audit scope includes controls that address HIPAA security practices as recommended by the U.S. Department of Health and Human Services.

To protect the confidential information of our users, the platform was built using technology and certifications used by international health systems. The standards include HL7. HL7 is the standard for the exchange, integration, sharing, and retrieval of electronic health information.

Our video and voice streams employ Advanced Encryption Standard (AES) end-point encryption to secure data as it travels over the network infrastructure. AES is a symmetric key algorithm that is an accepted encryption standard in North America.

With the creation of an account, an email address is entered and stored in ForaHealthyMe Inc. virtual machines. In addition, a password is kept in an encrypted format in the ForaHealthyMe Inc. database. Personal data collected by ForaHealthyMe under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

Restricted Data

Information that Members enter into certain fields when registering to use or using the Site will not be shared (“Restricted Data”). The type of Restricted Data that Members may submit at the Site may include:
  • Name, location as collected as part of registration or in a Member’s Account Information;
  • Access Number issued by researchers and clinical support teams
  • Email address, as collected and verified as part of registration or in a Member’s Account Information;
  • Password, as collected as part of registration or in a user’s Account Information;
  • Date of birth, as collected in My Profile; and
  • Private messages.
  • Video Chats and group discussions with a health provider.

When a Member enters Personal Information, including name and email address, as part of registering to use, that Personal Information is treated as Restricted Data.

Email addresses are used to help you maintain your own account on It serves as a unique identifier to log in and out of your account, and for communications with our site administrators where necessary to help with the maintenance of your account.

As the creator and owner of that information, you are responsible for any information transmitted or shared. Our privacy policy requires that you consent to sharing this information prior to linking individuals. Our privacy policy also requires that the individual receiving this information consent to sharing & receiving this information.

You may also opt to have data sent to you via email should you wish, and may at some time in Email addresses and names are not shared with, or sold to any third party provider. Email addresses and names are not used for marketing purposes, except in instances where a user may opt in to receive additional information or register for products and services offered by a third party.

Examples of Shared Data that Members may submit to the Site, including through their health profile (“My Profile”), may include:
  • Demographic data gender, age
  • Online Assessment Results, Height, Weight
  • Treatment information e.g. treatment option, treatment interventions & evaluations
  • Communications with a health provider or patient
  • Information gathered from virtual rehab assessments

None of your identifiable personal information will be associated with the aggregated data. To protect the privacy of our Members, we have taken all reasonable and technological possible steps to de-identify information used for research purposes. Steps include Data Suppression, i.e. Removing directly identifying fields; Using Filters; Pseudonymization i.e. Replacing direct identifiers with unique keys that cannot be reversed and Randomization i.e. Replacing direct identifiers with random values (e.g. random names).

The data will be determined using specific metrics to find trends and patterns in usage, frequency of use etc...

Use of Cookies

If a Member creates a account said Member may choose to be automatically logged on to when their return to the site. This functionality utilizes a cookie which is stored on the Member's local computer.

It is not advised that a user select the check box for automatic log on when using publicly available computers. The cookie is not used for any other purpose other than the automatic log on to accounts.