Notice of Privacy Practices

Bianca Technologies Inc. Healthcare Communication Services

Effective Date: June 16, 2026

Last Revised: June 16, 2026

YOUR INFORMATION. YOUR RIGHTS. OUR RESPONSIBILITIES.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

YOUR RIGHTS

You have the right to:

Get a copy of your health information
Correct your health information
Request confidential communication
Ask us to limit the information we share
Get a list of those with whom we've shared your information
Get a copy of this privacy notice
Choose someone to act for you
File a complaint if you believe your privacy rights have been violated

YOUR CHOICES

You have some choices in how we use and share information as we:

Answer questions from your family and friends about your care
Provide information about you in disaster relief situations
Market our services and communicate with you about products and services

OUR USES AND DISCLOSURES

We may use and share your information as we:

Provide healthcare communication services to you
Run our organization
Bill for our services
Help with public health and safety issues
Conduct research
Comply with the law
Respond to requests for information and health oversight
Address workers' compensation, law enforcement, and other government requests
Respond to lawsuits and legal actions

YOUR RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get a Copy of Your Health Information

You can ask to see or get a copy of your health information and other information we have about you.

What you can request:

Call recordings and transcriptions
Wellness summaries and AI analysis results
Medical alerts generated by our system
Emergency notifications
Account information and preferences

How to request:

Email: privacy@biancawellness.com
Mail: Bianca Technologies Inc. Privacy Office, 2955 Elbow Place, Port Coquitlam, BC V3B 7T3
Phone: +1-604-562-4263

Our response:

We will respond within 30 days of your request
We may charge a reasonable, cost-based fee for copies
We may deny your request in certain limited circumstances
If we deny your request, we'll explain why and your rights to appeal

Ask Us to Correct Your Health Information

You can ask us to correct health information about you that you think is incorrect or incomplete.

How to request:

Submit correction request via email or mail (see contact info above)
Explain what information you believe is incorrect and why
Provide correct information

Our response:

We will respond within 60 days
We may deny your request if:
The information was not created by us
The information is accurate and complete
The information is not part of your medical record
If we deny your request, you may submit a statement of disagreement that we'll add to your record

Request Confidential Communications

You can ask us to contact you in a specific way or at a specific location.

Examples:

"Please email me instead of calling"
"Please mail information to my work address instead of home"
"Please only contact me on my cell phone"

How to request:

State your preference in writing or via email
Provide alternative contact method

Our response:

We will accommodate all reasonable requests
We may ask how you will pay for services if restriction affects billing

Ask Us to Limit What We Use or Share

You can ask us not to use or share certain health information.

Examples:

"Don't share my information with specific family members"
"Don't use my data for research or quality improvement"

Our response:

We are not required to agree to your request
We will agree if:
The disclosure is not required by law, AND
The disclosure is not for treatment, payment, or healthcare operations
We must agree if:
You paid for a service out-of-pocket in full, AND
You ask us not to share with your health plan for payment/operations

Get a List of Those We've Shared Information With

You can ask for an "accounting of disclosures" – a list of times we've shared your health information.

What's included:

Disclosures for purposes other than treatment, payment, and healthcare operations
Disclosures to government agencies or law enforcement
Past 6 years of disclosures

What's excluded:

Disclosures for treatment, payment, and operations (unless you specifically request)
Disclosures made to you or with your authorization
Disclosures for national security purposes

How to request: Email or mail (see contact information)

Our response: Within 60 days, we'll provide the list

Get a Copy of This Privacy Notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically.

How to get a copy:

Download from our website: www.biancawellness.com/privacy-practices
Email us at privacy@biancawellness.com
Call +1-604-562-4263
We'll mail you a copy

Choose Someone to Act for You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

Requirements:

We will verify the person's authority before giving them access
Provide documentation of power of attorney or guardianship
Contact us to set up authorized representative access

File a Complaint if You Feel Your Rights Are Violated

You can file a complaint if you believe your privacy rights have been violated.

File with us:

Email: privacy@biancawellness.com
Mail: Bianca Technologies Inc. Privacy Office, 2955 Elbow Place, Port Coquitlam, BC V3B 7T3
Phone: +1-604-562-4263

File with the U.S. Department of Health and Human Services (HHS):

Online: https://www.hhs.gov/hipaa/filing-a-complaint
Phone: 1-800-368-1019
Mail: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201

We will not retaliate against you for filing a complaint.

YOUR CHOICES

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In These Cases, You Have Both the Right and Choice to Tell Us to:

Share information with your family, close friends, or others involved in payment for your care:

[ ] Yes, please share
[ ] No, please don't share
Specific people only: _______________

Share information in a disaster relief situation:

[ ] Yes, share to help locate me
[ ] No, don't share

Contact you for fundraising efforts (we don't currently do this):

Not applicable – we do not conduct fundraising

If you are not able to tell us your preference (for example, if you are unconscious), we may go ahead and share your information if we believe it's in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In These Cases, We Never Share Your Information Unless You Give Us Written Permission:

Marketing purposes (we don't do this)
Sale of your information (we don't do this)
Most sharing of psychotherapy notes (we don't have these)

Written Authorization Required:

If you give us permission to share your information, you can change your mind at any time by submitting a written revocation. We won't share your information after receiving your revocation, except for actions already taken based on your permission.

OUR USES AND DISCLOSURES

How Do We Typically Use or Share Your Health Information?

We typically use or share your health information in the following ways:

Help Manage the Healthcare You Receive

We can use your health information and share it with healthcare professionals who are providing care coordination for you.

Example:

We share call transcripts and wellness alerts with your assigned caregivers
We provide AI-generated health summaries to your care team
We alert your healthcare provider about concerning patterns detected

Legal Basis: Treatment, Payment, and Healthcare Operations (TPO)

Run Our Organization

We can use and disclose your information to run our organization and contact you when necessary.

Examples:

Improve our AI analysis algorithms
Train our system to better detect emergencies
Manage our business operations
Provide customer service
Quality improvement initiatives

We are not allowed to use genetic information to decide whether we will give you coverage and the price of that coverage.

Bill for Our Services

We can use and share your health information as we bill for services.

Examples:

Bill your healthcare organization for calls made
Collect payment for services
Share billing information with your organization's administrator
Process payments and invoices

Note: We bill healthcare organizations, not individual patients directly (in most cases)

How Else Can We Use or Share Your Health Information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

Help with Public Health and Safety Issues

We can share health information about you for certain situations such as:

Preventing disease
Helping with product recalls
Reporting adverse reactions to medications
Reporting suspected abuse, neglect, or domestic violence
Preventing or reducing a serious threat to anyone's health or safety

Examples in Our Service:

Emergency alerts (fall detection, distress calls)
Reports of suspected elder abuse
Immediate danger situations

Conduct Research

We can use or share your information for health research.

Our Practice:

Research data is de-identified whenever possible (all 18 HIPAA identifiers removed)
We do not conduct pharmaceutical or clinical trials
AI model improvement is considered research/quality improvement
If identifiable data needed: We'll get your authorization first

Current Research Activities:

Improving emergency detection algorithms
Enhancing wellness monitoring accuracy
Sentiment analysis improvements

Comply with the Law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we're complying with federal privacy law.

Respond to Organ and Tissue Donation Requests

We can share health information about you with organ procurement organizations.

Note: Not applicable to our service (we don't have this information)

Work with a Medical Examiner or Funeral Director

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Note: Generally not applicable to our service

Address Workers' Compensation, Law Enforcement, and Other Government Requests

We can use or share health information about you:

For workers' compensation claims
For law enforcement purposes or with a law enforcement official
With health oversight agencies for activities authorized by law
For special government functions such as military, national security, and presidential protective services

Example:

Police request recordings in connection with investigation of crime
Court order requiring production of records
HHS audit of our HIPAA compliance

Respond to Lawsuits and Legal Actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Our Practice:

Verify legal order is valid
Notify you when possible (unless prohibited)
Provide minimum information necessary
Document all disclosures

Our Responsibilities

We are required by law to:

Maintain the privacy and security of your protected health information
Notify you promptly if a breach occurs that may have compromised the privacy or security of your information
Follow the duties and privacy practices described in this notice and give you a copy of it
Not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

Changes to This Notice:

We can change the terms of this notice, and the changes will apply to all information we have about you
The new notice will be available upon request, on our website, and in our app
We will post the effective date on the first page

SPECIFIC USES AND DISCLOSURES FOR OUR SERVICE

Healthcare Communication Services

What We Do

Bianca Technologies Inc. provides AI-powered communication services to help caregivers monitor and communicate with patients (elderly individuals, healthcare facility residents, etc.). Our services include:

Voice Calls: Phone calls between patients and AI assistant or human caregivers
Conversation Recording: Call recordings for quality and safety
AI Transcription: Converting voice to text using AI services
Wellness Analysis: AI analysis of conversations to detect health concerns
Emergency Detection: Automated detection of distress, falls, or medical emergencies
Alerts and Notifications: Notifying caregivers of concerning patterns
Medical Analysis: Sentiment analysis and health trend tracking

Health Information We Collect

During Use of Our Services:

Patient name, phone number, date of birth
Call recordings and transcriptions
Health-related information discussed in calls (symptoms, medications, mood, etc.)
Emergency alerts and incidents
Wellness trends and patterns
Caregiver notes and observations
Medical analysis results generated by AI

How We Use This Information

For Treatment:

Provide AI wellness summaries to your caregivers
Generate emergency alerts for urgent situations
Enable caregivers to monitor your wellbeing
Facilitate communication with your care team

For Payment:

Bill your healthcare organization for services
Process invoices for call time and analysis
Verify insurance or payment information (if applicable)

For Healthcare Operations:

Improve our AI detection algorithms
Quality assurance and improvement
Training our systems to better serve patients
Business analytics and reporting
Compliance and risk management

Who We Share With

Your Healthcare Organization:

The facility or organization that subscribed to our service for you
Your assigned caregivers and care coordinators
Organization administrators for billing and reporting

Business Associates (Service Providers):

AI Services (Azure OpenAI): For transcription and analysis (under BAA)
Voice Services (Twilio): For phone call handling (under BAA)
Cloud Hosting (AWS): For secure data storage (under BAA)
Database (MongoDB Atlas): For data management (under BAA)

All business associates are required to protect your information under signed Business Associate Agreements.

As Required by Law:

Emergency services (911) if emergency detected
Public health authorities (reporting of abuse, neglect)
Law enforcement (with valid legal order)
HHS (if they audit our HIPAA compliance)

We Do NOT:

❌ Sell your health information
❌ Share with marketers or advertisers
❌ Use for marketing without your authorization
❌ Share on social media
❌ Disclose to employers (unless you're an employee)

DETAILED EXPLANATION OF YOUR RIGHTS

Right to Inspect and Copy

What: You can review and get copies of your health information

What's Included:

Call recordings (audio files)
Conversation transcripts
Wellness summaries and AI analysis
Emergency alerts
Caregiver notes
Account information

How to Request:

Submit written request to privacy@biancawellness.com
Specify what information you want (date range, type, etc.)
Specify format (electronic preferred, paper if requested)

Our Response:

Within 30 days (may extend 30 more days if needed, with written explanation)
Provide in format requested if readily producible
Electronic format preferred (we'll provide secure download link)

Fees (if any):

Reasonable cost-based fee for labor and materials
No fee for electronic copies (first copy)
We'll provide fee estimate before proceeding

Denials:

We may deny your request in limited circumstances, such as:

Information compiled for legal proceedings
Information obtained under promise of confidentiality
We'll explain why and your right to review

Right to Amend

What: Request corrections to inaccurate or incomplete health information

How to Request:

Submit amendment request in writing
Explain what's incorrect and why
Provide correct information

Our Response:

Within 60 days (may extend 30 more days if needed)
We may accept, partially accept, or deny
If denied, you may submit disagreement statement

We may deny if:

Information is accurate and complete
Information was not created by us
You wouldn't be permitted to inspect the information
Information is not part of our records

If we deny: Your disagreement statement will be included in your record

Right to an Accounting of Disclosures

What: Get a list of certain disclosures we've made

Covers: Past 6 years (or less if you specify)

Included in Accounting:

Disclosures to public health authorities
Disclosures to law enforcement
Disclosures due to legal orders
Disclosures for research (if not authorized)
Disclosures reported to HHS

NOT included (excluded by HIPAA):

Disclosures for treatment, payment, and operations (unless you request)
Disclosures made to you or with your authorization
Disclosures to family/friends you approved
For facility directory or disaster relief
Incident to permitted use/disclosure
For national security or intelligence

How We Provide:

We maintain comprehensive audit logs of all system access. For each disclosure, we'll provide:

Date of disclosure
Name (and address if known) of recipient
Brief description of information disclosed
Brief statement of purpose

First accounting is free; may charge reasonable fee for additional within 12 months

Right to Request Restrictions

What: Ask us to limit how we use or share your information

Examples:

"Don't share my mental health information with my primary care doctor"
"Don't include this information in disclosures to my health plan"

Our Response:

We are not required to agree, except in one case:
We must agree if you paid out-of-pocket in full and ask us not to share with your health plan

If we agree:

We'll follow your restriction
Exception: Emergency situations where restriction could endanger you

Right to Request Confidential Communications

What: Ask to be contacted in a specific way or at a specific place

Examples:

"Email me at work, not home"
"Call my cell, not home phone"
"Mail to PO Box, not street address"

How to Request: In writing or via email

Our Response:

We'll accommodate all reasonable requests
No explanation needed from you
We may condition on how you'll pay for services

Right to a Paper Copy of This Notice

What: You can get a paper copy, even if you agreed to receive electronically

How:

Request via email, phone, or mail
Download and print from website
We'll mail you a copy

Right to Be Notified of a Breach

What: If your health information is improperly accessed or disclosed, we'll notify you

Our Responsibilities:

Investigate all suspected breaches
Assess risk of harm to you
Notify you within 60 days if reportable breach
Explain what happened and what we're doing about it

You do not need to request this – we're required to notify you.

OUR USES AND DISCLOSURES DETAILED

Treatment

We use and share your information to provide healthcare communication services.

Examples:

Care Coordination: Share wellness summaries with your caregivers
Emergency Response: Alert 911 if emergency detected in conversation
Continuity of Care: Provide conversation history to new caregivers
Consultation: Share AI analysis with healthcare providers for their review

Who we share with:

Your assigned caregivers
Healthcare organization administrators
Emergency services (if needed)
Consulting healthcare providers

Authorization: Not required for treatment purposes

Payment

We use and share your information to bill for our services.

Examples:

Bill your healthcare organization for call minutes
Process payments and invoices
Verify payment arrangements
Collection activities (if applicable)

What we share:

Services provided (date, time, duration of calls)
Number of calls
Features used (AI analysis, emergency detection)
Amount owed

Who we share with:

Your healthcare organization's billing department
Payment processors
Collection agencies (minimum necessary only)

Authorization: Not required for payment purposes

Healthcare Operations

We use and share your information to run our organization and improve care quality.

Examples:

Quality Improvement: Review calls for quality assurance
Training: Improve AI models (using de-identified data when possible)
Business Analytics: Understand service usage patterns
Compliance: Ensure we're meeting legal requirements
Customer Service: Respond to your questions and concerns

Specific to Our Service:

AI Model Training: We use conversation data to improve our AI's ability to:
Detect emergencies more accurately
Understand speech patterns better
Provide better wellness summaries
Reduce false alarms
De-identification: We remove names, dates, and identifiers when possible
Security: We use anonymized data for testing security controls

Authorization: Not required for healthcare operations

Other Uses and Disclosures

Business Associates

We share information with vendors who help us provide services.

All business associates:

Sign Business Associate Agreements (BAAs)
Must protect your information
Can only use information for stated purposes
Must report security incidents to us
Must return or destroy information when done

Current Business Associates:

Azure OpenAI (AI processing)
Twilio (voice communications)
AWS (cloud hosting)
MongoDB Atlas (database)

As Required by Law

We will disclose your information when required by law.

Examples:

Court orders or subpoenas
HHS compliance reviews
State health department requests
Law enforcement with valid legal process

Our Practice:

Verify legal requirement is valid
Disclose minimum necessary
Notify you when legally permitted
Document all required disclosures

Public Health Activities

We may share information for public health purposes:

Prevent or control disease, injury, or disability
Report disease or infection as required
Report to FDA for quality, safety, or effectiveness issues
Notify persons of recalls
Notify public health authority if we believe person has been exposed to communicable disease

Example for Our Service:

If our AI detects patterns suggesting outbreak of illness in facility
Report suspected elder abuse or neglect

Health Oversight Activities

We may share information with health oversight agencies for:

Audits
Investigations
Inspections
Licensure

Example: HHS Office for Civil Rights auditing our HIPAA compliance

Lawsuits and Disputes

We may share information in response to:

Court orders
Subpoenas
Discovery requests
Other lawful processes

Our Practice: Notify you when possible, provide minimum necessary

Law Enforcement

We may share information with law enforcement:

As required by law
In response to court order, subpoena, warrant
To identify or locate a suspect, fugitive, witness
About crime victim (in limited circumstances)
About death we believe may be result of criminal conduct
About crime on our premises
In emergency to report a crime

Example: Police investigating incident involving patient

Coroners, Medical Examiners, Funeral Directors

We may share information with:

Coroners or medical examiners (to identify deceased, determine cause of death)
Funeral directors (to carry out their duties)

Example: If patient passes away and coroner requests call records

National Security and Intelligence

We may share information with authorized federal officials:

For intelligence and national security activities
For protection of the President or foreign heads of state
To help in investigations

Inmates

If you are an inmate of a correctional institution, we may share your information with the institution or law enforcement as necessary:

For your healthcare
For health and safety of others
For safety and security of correctional institution

Workers' Compensation

We may share information for workers' compensation or similar programs that provide benefits for work-related injuries or illnesses.

When Authorization is Required

We will ask for your written authorization before using or sharing your information for:

1. Marketing

We don't currently do marketing communications
If we ever do, we'll get your permission first

2. Sale of Information

We will never sell your information
If we ever did (we won't), we'd need your authorization

3. Psychotherapy Notes

We don't maintain formal psychotherapy notes
Casual conversation content is not psychotherapy notes

4. Other Purposes

Uses not described in this notice
Uses that require authorization by law
Research using identifiable information

You can revoke authorization at any time by writing to us. Revocation doesn't affect information already shared based on your authorization.

SPECIAL SITUATIONS

Emergency Situations

If you're unable to agree or object (unconscious, emergency), we may share information if we believe it's in your best interest.

Example:

You collapse and can't respond
Our AI detects emergency in call
We call 911 and share relevant information with paramedics

Minors and Guardians

If you are a minor (under 18):

Parent/guardian generally has access to your information
Exceptions: When minor consents to care and law doesn't require parental consent

If you are a guardian:

Provide documentation of guardianship
We'll verify authority before granting access

Deceased Individuals

Information about deceased individuals:

Protected for 50 years after death
Personal representative or estate executor may access
Documentation of authority required

ADDITIONAL INFORMATION

Notice Distribution

You'll receive this notice:

At first use of our service
Posted on our website: www.biancawellness.com/privacy-practices
Available in app: Settings → Legal → Privacy Practices
Paper copy upon request at any time

Healthcare organizations: May provide this notice to patients on our behalf

Changes to This Notice

We may change this notice:

Changes effective immediately upon posting
New notice posted on website
New notice available in app
You can request paper copy at any time

We will not:

Use or share information in ways not described here without your authorization
Make significant changes without notification

Contact Information

For Questions About This Notice

Privacy Officer:

Email: privacy@biancawellness.com
Phone: +1-604-562-4263
Mail: Bianca Technologies Inc. Privacy Office, 2955 Elbow Place, Port Coquitlam, BC V3B 7T3

Hours: Monday-Friday, 9 AM – 5 PM PST

To Exercise Your Rights

To request:

Access to your information
Amendments or corrections
Accounting of disclosures
Restrictions on use/disclosure
Confidential communications
Copy of this notice

Contact:

Same as above: privacy@biancawellness.com

Response Time: 30-60 days (depending on request type)

To File a Complaint

File with Us:

Email: privacy@biancawellness.com
Mail: Address above
Phone: +1-604-562-4263

File with Federal Government:

Office for Civil Rights (OCR)
Website: https://www.hhs.gov/hipaa/filing-a-complaint
Phone: 1-800-368-1019
Mail: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201

We will not retaliate against you for filing a complaint.

Acknowledgment of Receipt

If you are a patient, you will be asked to acknowledge receipt of this Notice of Privacy Practices:

Electronic acknowledgment in app
Or sign paper acknowledgment form
We'll keep record of your acknowledgment

If you decline to acknowledge: We'll document your refusal and still provide services (unless required by healthcare organization)

Questions?

If you have questions about this Notice of Privacy Practices or want to exercise any of your rights, please contact our Privacy Officer:

Email: privacy@biancawellness.com

Phone: +1-604-562-4263

Mail: Bianca Technologies Inc. Privacy Office, 2955 Elbow Place, Port Coquitlam, BC V3B 7T3

Language Assistance

English: If you need help understanding this notice, please contact us at privacy@biancawellness.com

Español: Si necesita ayuda para comprender este aviso, comuníquese con nosotros al privacy@biancawellness.com

Other Languages: Language assistance available upon request

Effective Date: June 16, 2026

Version: 1.1

This Notice of Privacy Practices complies with HIPAA Privacy Rule (45 CFR §164.520)