Québec

Collection of Mobile Apps for Mental Health and Well-Being

FrançaisContact Us
AppMentalHealth

Privacy Policy

Last updated: June 3, 2025

The AppSanteMentale.ca / AppMentalHealth.ca platform (the "Platform") was designed and is operated by AppGuide Inc., on behalf of the CIUSSS de l’Est-de-Montréal (CIUSSS-EMTL), in collaboration with the Centre of Expertise in Information Technology for Mental Health, Addiction and Homelessness (CETI-SMDI). The Platform aims to guide citizens toward digital mental health and well-being resources, in a framework that respects fundamental rights to privacy and the protection of personal information.

The term "We" in this policy refers to AppGuide Inc., unless CETI-SMDI or CIUSSS-EMTL are explicitly mentioned.

Our Commitment to Your Privacy

The right to privacy is a fundamental right. As such:

  • We never sell your personal information.

  • We only collect what is strictly necessary for the functioning, improvement, and security of the site, and retain it only for the minimum time required.

  • We apply a "Privacy by Design" approach: data protection is integrated into the Platform’s design, processes, systems, and governance.

  • You remain in control of your data at all times.

Data Collected

No personal or medical data is collected on this site.
We only collect personal information in contexts where it is necessary to provide a service. This may include:

  • Anonymized usage data (e.g., navigation, clicks, searches, IP address, device information, and the pages/content you view)

Purposes of Data Collection

We collect this data to:

  • Enable access to and proper functioning of the Platform

  • Improve your experience and provide personalized services when required

  • Ensure the site’s security, performance, and continuous improvement

  • Produce aggregated and anonymized statistical analyses

No data is used for advertising, marketing, or profiling purposes. There are no third-party cookies — we do not engage in retargeting or covert tracking.

Your Rights and Our Compliance

Law 25 (Québec)

In accordance with Québec’s Act to modernize legislative provisions as regards the protection of personal information (Law 25), we have designated a Privacy Officer (RPRP). They ensure that data collection, retention, communication, and destruction are managed and documented. Privacy Impact Assessments (PIAs) are conducted.

Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

AppGuide adheres to the ten principles of PIPEDA, including consent, collection limitation, transparency, secure retention, and data access. Our Privacy Officer ensures compliance with PIPEDA, although CIUSSS-EMTL and CETI-SMDI are not private-sector entities and therefore not subject to PIPEDA.

General Data Protection Regulation (GDPR) (European Union)

For users residing in the EU, GDPR principles apply. These include explicit consent, data minimization, rights to erasure, rectification, portability, and objection. In accordance with Article 37 of the GDPR, a Data Protection Officer (DPO) has been appointed. The DPO acts independently, ensures regulatory compliance, and is involved in all matters relating to EU users' personal data.

Health Insurance Portability and Accountability Act (HIPAA) (United States)

The Platform is not subject to HIPAA, as it does not collect, store, or process personal health information as defined under the law. No diagnostics, treatments, or identified medical records are collected. Therefore, HIPAA-specific obligations do not apply.

Security Standards: SOC 2 Type II and ISO/IEC 27001

AppGuide uses Google Cloud Platform (GCP) for secure cloud infrastructure. GCP is certified under various international security and compliance standards, including:

  • SOC 1, SOC 2, SOC 3

  • ISO/IEC 27001, 27017, 27018

  • HITRUST, HIPAA, PIPEDA, PCI DSS, among others

AppGuide also applies its own Information Security Management System (ISMS) and adheres to the strict controls of the SOC 2 Type II framework, including:

  • Data encryption in transit and at rest

  • Logging, monitoring, and anomaly detection

  • Role-based granular access controls

  • Ongoing staff training in security and confidentiality

  • Regular internal audits and continuous improvement of practices

This integrated approach ensures a high level of personal data protection in compliance with applicable regulations.

Data Retention and Location

Where possible, all data is stored in Québec or elsewhere in Canada, in cloud environments that meet security and privacy standards. However, some of our technology providers may be based in the United States.

In such cases, we implement standard contractual clauses, conduct privacy impact assessments, and apply legal and technical safeguards to ensure proper regulation of cross-border data transfers, in accordance with Law 25, the GDPR, and other applicable laws. Data retention is limited to the duration needed to fulfill its intended purposes unless otherwise required by law.

Your Rights

In accordance with applicable laws, you have the right to:

  • Request access to your personal information

  • Request its correction, portability, or deletion

  • Withdraw your consent at any time

  • Object to non-essential processing

  • File a complaint with the appropriate regulatory authority

To exercise your rights, please refer to the “Contact Us” section below.

Access to External Applications

The Platform guides users to digital mental health and well-being applications. Links are provided in good faith.

Before being listed, digital tools are evaluated through a rigorous process that includes:

  • Automated assessments of security, accessibility, and transparency

  • Reviews by clinicians and patient partners, led by CETI-SMDI. Details of the evaluation process are available in the "About" section here: URL

However, these applications remain third-party services over which CIUSSS-EMTL, CETI-SMDI, and AppGuide have limited or no control. Each application has its own privacy policy, which we encourage you to read carefully before use.

Use by Children Under 14

The Platform is not intended for children under the age of 14. If we have reason to believe that a child under 14 has used the Platform without parental or legal guardian consent and that personal information has been collected, that information will be deleted promptly.

Contact Us

The Privacy Officer at AppGuide serves as the official representative for all obligations listed above.

For questions, requests, or complaints:
Privacy Officer – AppGuide
✉️ [email protected]

For any inquiries about the AppSanteMentale.ca / AppMentalHealth.ca platform, including strategic questions or those related to digital tool evaluation, you may also contact CETI-SMDI via the CIUSSS de l’Est-de-l’Île-de-Montréal. Contact details for CETI-SMDI are available at:
https://ciusss-estmtl.gouv.qc.ca/propos/centre-dexpertise-en-technologie-de-linformation-en-sante-mentale-dependance-et-itinerance-ceti-smdi/joindre-le-ceti-smdi

Updates

This policy may be updated due to technological, regulatory, or organizational changes. Any significant changes will be clearly communicated on the site.

Was the information on this page helpful?

Need to talk to someone quickly?

Counselors are available to help you 24 hours a day, 7 days a week. Reach out to them.

Info-Social 811

Dial 811 and select option 2 to quickly talk with a professional in psychosocial intervention. It's free and confidential.

Suicide help and prevention

Are you thinking about suicide? Are you worried about a loved one? Visit suicide.ca, call 1 866 APPELLE (1 866 277-3553) or text 535353 to get support.

EMERGENCY 911

If you or a loved one is in immediate danger, dial 911.

Québec

© Government of Quebec, 2025