Mesa de trabajo – 25 (1)
Log in
Book a demo
Learn More
Mesa de trabajo – 25 (1)
Log in

Salus Platform Privacy Policy

1. Introduction

Welcome to Salus. This Privacy Policy explains how Staffy Health Inc. (“Staffy”, “we”, “our” or “us”) collects, uses, discloses, and protects personal information of individuals (“users” or “you”) who use the Salus platform. Salus is a secure online platform provided to client companies (your employer or contracting company) for managing employee onboarding, credential verification, and compliance documentation. By using Salus, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. This policy is designed to be clear and transparent, reflecting our commitments under Canadian privacy law and industry best practices.

Scope: This Privacy Policy applies to all personal information collected through the Salus platform or related services. It covers employees and other authorized users of Salus who access the platform as part of their engagement with a client company. It does not cover information collected by your employer outside of Salus or any third-party services not controlled by Staffy (though we explain how Salus integrates with third-party systems below).

2. Personal Information We Collect

We limit our collection of personal information to what is necessary for the purposes of providing and operating the Salus platform and related services. The types of information we may collect include:

  • Identification and Contact Information: Full name, email address, phone number, date of birth, home address, and other basic contact details. This allows us and your employer to identify you and communicate with you about onboarding or compliance tasks.
  • Employment Details: Information about your role or employment status with the client company, such as job title, department, employee ID, start date, work location, and manager/supervisor name. This helps tailor the onboarding and compliance requirements to your position.
  • Credentials and Compliance Documents: Personal information related to your professional credentials, certifications, licenses, and other qualifications. This may include license or registration numbers, expiration dates, copies of certificates or degrees, training completion records, and similar documentation. We also collect compliance documents required for your role, which could include proof of immunizations or health screenings (for healthcare roles), background check results, work permits, or signed policy acknowledgments. Some of these documents may contain sensitive information (e.g. health or background data); we treat this with extra care as described in this Policy.
  • Government Identifiers (if required): In some cases, we might collect government-issued identification numbers or documents for verification purposes (for example, a professional license number, Social Insurance Number, or a copy of a photo ID/passport if needed to confirm your identity or eligibility). Such information is used strictly for verification and compliance with legal requirements.
  • Authentication Information: If the platform uses login credentials, we will collect your username and password (stored in an encrypted form), and any multi-factor authentication tokens. If single sign-on or corporate login is used, we may receive confirmation of your identity from your employer’s identity provider instead. We may also log security questions or other info used to help verify your identity for account recovery.
  • Communications and Support: Any communications you send to us (for example, support requests or feedback) or communications sent through the platform (such as messages or notifications) may be collected. This includes your interactions with Salus support and any survey responses or feedback you provide about the service.
  • Usage Data: We automatically collect certain technical information about how you access and use Salus. This can include log data like your IP address, device type, browser type, operating system, dates/times of access, pages or features used, and other usage metrics. We collect this to monitor system performance, maintain security, and improve the user experience. This data is generally aggregated and does not identify you personally; however, it may be linked to your account for security auditing or troubleshooting purposes.
  • Cookies and Similar Technologies: The Salus web application may use essential cookies or similar technologies to maintain your session (for example, keeping you logged in or remembering your settings). These are used only for functionality and security, not for advertising. You may control cookies through your browser settings, but core features of Salus may require them to function properly. (Salus does not use third-party advertising or social media tracking cookies.)

How We Collect Information: Most of the personal information we collect is provided directly by you or by your employer in the course of setting up and using your Salus account. For example, you (or your employer on your behalf) enter your information and upload documents during onboarding. We may also receive information from third-party sources integrated with Salus: for instance, if Salus connects to a professional licensing database or background check service, we might receive confirmation of your license status or a background screening report. In all cases, we only collect data from third parties that is necessary for the verification and onboarding services. We will not collect personal information from third-party sources without your or your employer’s knowledge and any required consent.

3. How We Use Your Information

Staffy uses your personal information only for legitimate, identified purposes related to the Salus platform. The main purposes for which we process personal information include:

  • Providing the Salus Service: We use your information to set up and administer your account, and to enable you to complete onboarding or credentialing tasks. For example, we use your contact information to create your user profile and send you login details, and we use your submitted documents to verify that you meet your employer’s requirements (such as holding necessary certifications).
  • Credential Verification and Compliance: Your information is used to verify the authenticity and validity of the credentials and documents you provide. This can include cross-checking license numbers with licensing bodies, confirming course completions with training providers, or coordinating background checks with accredited third-party agencies. We also use your data to track compliance (e.g. reminding you and your employer when a certification is expiring or if an update is needed).
  • Communication: We use contact details (email, phone number) to communicate with you about the onboarding process, upcoming requirements, platform updates, and support. For example, Salus might send automated email or SMS notifications to remind you to upload a document or to inform you of a successful verification. We may also respond to any inquiries or support requests you submit. All communications will be professional and focused on Salus service delivery or your compliance requirements. (We do not send marketing emails to end users, as you are not a direct customer; you will not receive promotional messages from Salus.)
  • Integration with Third-Party Services: Where Salus integrates with third-party systems on your employer’s behalf (such as HR databases, identity verification services, or messaging platforms), we use your information as needed to facilitate those integrations. For example, if your employer uses an HR system that feeds data into Salus, we’ll use your employee ID or email to match records; or if Salus uses an SMS gateway to send you a code, we’ll use your phone number for that purpose. These uses are strictly to enable the functionalities you or your employer choose to use on the platform.
  • Service Improvement and Analytics: We may analyze usage data and feedback (in an aggregated and anonymized manner) to understand how Salus is performing and where improvements are needed. This helps us troubleshoot issues, optimize user interface and workflows, and develop new features. For instance, we might look at statistics like the average time to complete an onboarding checklist, or the frequency of certain support questions. These analytics do not identify individual users, and any personal identifiers are removed or masked. We also may use anonymized examples of user interactions (e.g. a generic scenario of how a user uploads a credential) for internal training or product development.
  • Security and Fraud Prevention: Your information, including usage logs and authentication data, may be used to monitor and maintain the security of the platform. This includes verifying your identity when you log in, detecting suspicious or unauthorized activity on your account, and enforcing our platform rules. For example, we may use IP address logs to spot unusual login patterns that could indicate a compromised account. We also may use certain data to prevent fraud or impersonation, such as confirming that a photo ID matches the profile of the user submitting it.
  • Legal and Regulatory Compliance: We may process and retain certain personal information to comply with applicable laws and regulations. For example, we might need to keep records of training certifications for a period of time due to health and safety regulations, or we may collect information required by labor or immigration laws as part of onboarding. Additionally, if law enforcement or a regulatory authority lawfully requires information, we may use and disclose data as needed to cooperate (after verifying the request and only to the extent required by law).
  • Enforcement of Terms and Rights: We use information as necessary to enforce our User Agreement and policies, and to protect the rights, property, or safety of Staffy, our client companies, our users, or others. For instance, if we detect a violation of the Acceptable Use rules (such as someone uploading offensive content or fraudulent documents), we may use personal information to investigate and address the issue (which could include reporting the misconduct to the employer or authorities). We also may use your information to resolve disputes, collect any fees (if ever applicable to the client company, though not to you as an employee user), or to defend ourselves in legal proceedings.

We will not use your personal information for purposes unrelated to the Salus service without informing you and obtaining appropriate consent. We do not sell or rent your personal data to third-party marketers. All uses of personal information are based on either your consent (such as the consent you give by using the platform and submitting your info), the fulfillment of our contractual obligations to your employer, our legitimate interests in operating a safe and effective service (balanced with your rights), or compliance with legal obligations.

4. Disclosure of Your Information

Staffy will share or disclose your personal information only in the ways described here, in order to deliver the Salus service and comply with law. Key instances in which information may be shared include:

  • With Your Employer (Client Company): Salus is a platform used by your employer (or the company engaging you) to manage your onboarding and compliance. Therefore, any information you provide on Salus is generally accessible to authorized personnel at your employer (such as HR managers, compliance officers, or administrators responsible for onboarding). They will use this information to verify your credentials, monitor compliance, and maintain internal records. For example, your manager or HR might review the status of your submitted documents, see your training completion dates, or be notified if something is missing or expiring. Your employer’s use of the information is governed by their agreement with us and by their own internal policies. If you have questions about how your employer handles your information, please contact your employer’s HR or privacy office as well.
  • With Third-Party Verification and Credentialing Services: A core feature of Salus is integration with external services to verify and validate information. We may share relevant personal information with third-party providers that offer identity verification, professional license verification, background checks, credential issuing, or similar services. For example:
  • If Salus integrates with a professional licensing database, we might send your name and license number to that service to confirm your license is in good standing.
  • If a background check is required, we will share your necessary details (such as full name, date of birth, address, and consent form) with a trusted background check agency that will perform the screening and return the result to Salus.
  • If training or certification data is pulled from a third-party learning management system or certification body, we will use identifying information (like your email or member ID for that system) to retrieve your records.
  • These third-party services will only use your information for the purpose of providing the verification or related service, and they are not permitted to use it for other purposes. We perform due diligence on such providers to ensure they meet security and privacy standards, and we require them to safeguard your data and handle it in accordance with applicable laws.
  • With Service Providers (“Subprocessors”): Staffy uses reputable third-party service providers to operate the Salus platform. This includes services such as cloud hosting infrastructure, data storage, email/SMS delivery platforms, analytics or logging tools, customer support ticketing systems, and other IT services. These providers may process your data on our behalf for the purposes described in this policy. For instance, Salus may be hosted on a secure cloud server infrastructure (with providers like Amazon Web Services or Microsoft Azure), and your data will be stored in their data centers. We may use an email service to send notification emails, which means your email address and the content of the notification will pass through that service. We contractually require all such service providers to protect your personal information with stringent safeguards and to use it only to provide services to us (not for their own purposes). Staffy remains responsible for the handling of your personal information by any service provider working on our behalf.
  • In Business Transfers: If Staffy undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, personal information may be transferred as part of that transaction. For example, if another company acquires Salus or Staffy’s business, your information would likely be one of the transferred assets so that the service can continue. In such cases, we will ensure that the new owner continues to be bound by privacy safeguards equivalent to those in this policy, and we will provide notice (for example, via the platform or email) if your personal data becomes subject to a new privacy policy as a result of a change in ownership.
  • For Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement agencies, regulators, or others) when we believe in good faith that such disclosure is required to:
  • Comply with a law, regulation, or compulsory legal request (such as a subpoena, court order, or search warrant).
  • Cooperate with an investigation of suspected or actual illegal activity, fraud, or security issues.
  • Enforce our User Agreement or other applicable contracts and policies, including investigation of potential violations thereof.
  • Protect the rights, safety, and property of Staffy, our users, your employer, or the public. For example, if a user were to threaten violence or engage in criminal harassment via the platform, we might notify law enforcement and share relevant data.

In any such case, we would only provide the minimum information necessary and only upon proper authority. Whenever feasible and lawful, we would also notify you and/or your employer of the request (for example, if a regulator requests records related to your credentials) so that you are aware of the disclosure.

  • With Your Consent: Aside from the situations above, if we ever need to share your information for any other purpose, we will ask for your consent (or ensure your employer has obtained your consent if appropriate). You have the right to grant or withhold such consent. For example, if in the future Salus offered an optional integration with a new third-party app for your convenience (outside of core onboarding requirements), we would explain what information would be shared and ask you to opt-in. We will not surprise you with data sharing that you did not expect under the purposes listed in this policy.

Importantly, we do not sell your personal information to third parties, and we do not share your information with any third-party advertisers. Any third parties who receive your data are either doing so to help provide the Salus service (under strict contracts) or as required by law or your employer’s legitimate needs.

5. Third-Party Integrations and Services

Salus is designed to work seamlessly with various third-party systems as part of the onboarding and verification process. Because these integrations are foundational to the platform’s functionality, it’s important to understand how they work and what they mean for your data:

Integration with Employer Systems: In some cases, Salus may connect with your employer’s own systems (such as an HR information system or payroll system) to exchange information. For example, your employer might choose to sync basic employee information from their system into Salus to save time on data entry. Or Salus might send updates back to an HR system (e.g., marking that you have completed your onboarding checklist). These integrations operate under the direction of your employer, and your data is only shared in ways that assist with your employer’s internal processes. By using Salus, you acknowledge that such data exchanges will occur as part of your employer’s use of the platform.

Use of External Verification Services: Salus may rely on external services to perform specific checks – for instance, identity verification providers, professional associations, government registries, educational institutions, or certification databases. When you use Salus, you grant us permission to send your information to these external services and retrieve relevant data, on your behalf and for your benefit (and your employer’s). For example, if Salus needs to verify a nursing license, by using the platform you authorize us to query the nursing board’s database with your details. If Salus needs to confirm a background check, you authorize us to submit your information to the background check agency. We will always handle this in a secure manner, and only with reputable third parties. In many cases, you will be aware of these processes (for instance, you may be asked to sign a consent form for a background check, or you’ll see an indicator that your license was verified through an API). We want to be clear that these integrations are a deliberate part of the service – without them, Salus could not easily validate credentials or streamline onboarding.

Communication Tools: Salus may use third-party communication tools to reach you (for example, an SMS service to send text message codes or a email service to send notifications). By providing your phone number or email and using the platform, you consent to the use of these channels for Salus-related communications. Standard messaging or data rates (from your carrier) may apply for SMS. The content of messages will only pertain to your onboarding, credentials, or account security (no marketing spam). These communication providers act on our behalf to deliver messages and are not permitted to use your contact info for other purposes.

Third-Party Terms: When Salus connects to a third-party system, those systems may have their own terms of use or privacy policies that apply to the data retrieved or the interaction. For example, if Salus uses a government open-data API to verify a license, that API might have terms saying the data can only be used for legitimate verification. We ensure that any such terms are respected and that integrating with them does not diminish your rights under this Privacy Policy. In the event that a third-party service requires you to agree to its terms (for instance, perhaps you need to log in to a training provider to import your certificates), we will let you know and you can choose whether to proceed. Rest assured, we do not hand over your data to any third-party service unless it is necessary for a function you or your employer have chosen to use.

Liability for Third-Party Services: While we carefully select our integration partners and strive to ensure your data is handled securely, it’s important to note that third-party services are independent entities. Staffy is not responsible for the acts or omissions of third parties that are not under our control. However, if you have concerns about any particular integration, please notify us (or your employer) – we will work to address any issues, and if needed, we can disable certain integrations. Generally, though, these third-party connections are essential for verifying credentials and making the onboarding process efficient. By continuing to use Salus, you acknowledge and accept that your information may be shared with and obtained from these third-party systems as outlined.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. In practice, this means:

  • During Your Employment/Engagement: For the duration that you are employed by or engaged with the client company and actively using Salus, we will retain your personal information so that the platform can continue to serve its functions. Your data will be available to you and your employer throughout your tenure for ongoing compliance management.
  • Account Inactivity or Termination: If you stop using Salus (for example, if you leave the company or your role changes and Salus is no longer needed), your account may be deactivated either by your employer or by us upon notice. At that point, your personal information will enter an archived state. We will retain the archived data for a period determined in conjunction with your employer’s policies and our legal obligations. Typically, employers have retention requirements (for example, keeping certain employment or compliance records for a number of years). We assist in meeting those requirements by securely storing the data on their behalf.
  • Retention for Legal Obligations: Even after you are no longer an active user, we may need to retain certain information for a defined time to comply with laws (e.g., occupational health and safety regulations might require keeping proof of certain trainings or vaccinations for a set number of years). We will also retain whatever information may be necessary to resolve any disputes, enforce our agreements, or protect our legal rights. For instance, if there was an investigation or audit relating to credentials, we might need to keep related data until it is fully resolved.
  • Deletion and Anonymization: When personal information is no longer needed for the identified purposes and legal requirements, we will either destroy it securely or anonymize it (remove personal identifiers) so that it can no longer be linked to you. For example, if, after a certain number of years, an ex-employee’s data is not legally required, we may delete the account and all documents. In some cases, rather than complete deletion, we might retain aggregate statistics or anonymized records (for instance, “how many users had a certain certification” but without names attached) for historical analysis. Such aggregated data will contain no personally identifiable information.
  • Handling Deletion Requests: If you request deletion of your data (see Your Rights below), we will review the request in conjunction with your employer. If deletion is permitted and does not conflict with any legal obligations or the employer’s needs, we will proceed to delete the information as requested. If we must retain some data (for example, to comply with law), we will inform you of that and will delete all other data that is not necessary to keep. We always aim to honor deletion requests to the fullest extent possible.

In summary, we aim not to keep personal data longer than necessary. Our retention practices are aligned with the principle of limiting retention under Canadian privacy standards. We have internal schedules that govern how long different categories of data are kept. If you have specific questions about how long certain information is retained, you can contact us for more details.

7. Your Rights and Choices

We are committed to upholding your rights over your personal information. As a user of Salus (and as an individual in Canada, in most cases), you have several important rights and choices:

  • Access Your Information: You have the right to access the personal information we hold about you. This means you can request a copy of the data associated with your Salus account and an explanation of how it has been used or disclosed. Much of your information is accessible directly by logging into Salus (you can see your profile details, uploaded credentials, status of each item, etc.). If you require a more comprehensive export or have trouble accessing your account, you can submit a request to us. We will provide you with your information in a plain format, generally within 30 days as required by law (and at no or minimal cost, as permitted).
  • Correct or Update Your Information: We strive to keep your personal information accurate and up to date. The Salus platform allows you (and/or your employer’s administrators) to edit certain profile information and to upload new documents when old ones expire. If you find any inaccuracies in your personal data within Salus (such as a misspelled name, incorrect contact info, or an out-of-date certification record), you have the right to request correction. In many cases, you can make the change yourself through the interface. If not (for example, if a field is locked or managed by your employer), you can contact your employer or us to rectify the issue. We may need to verify the correct information (for instance, seeing an official document to confirm a change in date of birth), but we will work with you to amend any mistakes.
  • Withdraw Consent: In situations where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. By using Salus and submitting information, you are giving consent for us to collect, use, and share it as described. We understand that circumstances can change. If you no longer want us to process certain information, you can withdraw your consent for that specific processing. For example, if you previously consented to Salus connecting to a third-party service to import data and you change your mind, you can disconnect that integration (if user-controlled) or ask us to disable it. Please note: withdrawing consent may affect your ability to continue using the platform. Some processing of your data is integral to delivering the service (and to your employer’s requirements). We will inform you if a withdrawal of consent will mean we can no longer provide you with parts of the service. Withdrawal of consent does not retroactively undo any processing that has already occurred while consent was in place, but we will cease the specified future processing.
  • Deletion (Right to Erasure): You may request that we delete your personal information from Salus. This is sometimes known as the “right to be forgotten.” Upon such request, we will delete or anonymize your data to the extent that we are able to and as required by law. However, this right is subject to certain limitations. If your employer still requires the data for legal compliance or if we are legally mandated to retain it, we may not be able to delete immediately. We will explain any such requirements if they apply. For instance, if you leave your job and ask us to delete your profile, we might need to keep certain records for a few years due to regulatory audits or to support your employer’s record-keeping. In that case, we might deactivate your profile but keep the data internally until the retention period expires. We will always endeavor to fulfill deletion requests to the fullest extent and will confirm with you once we have deleted the requested information.
  • Account Deactivation: If you simply wish to stop using the platform, you can stop logging in or ask your employer to deactivate your account. You can also contact us to deactivate your access. Deactivation means your account will no longer be accessible or visible on Salus, but your data may still be stored as per retention policy (see above). If you later need to access it (for example, to get a copy of a certificate you had uploaded), you can contact your employer or us.
  • Objection to Processing: In certain scenarios, you have the right to object to our processing of your personal information. Under Canadian law, this is closely related to withdrawing consent. If you believe we are processing some information in a way that you do not agree with (and that is not covered by a consent you gave or a legal obligation), you can raise an objection. We will review and if your objection is valid, we will cease the disputed processing. As an example, if we were to use your data for a research project unrelated to the core service (we are not currently doing this), you could object and opt out. Currently, we do not engage in such secondary uses without consent.
  • Challenging Compliance and Filing Complaints: We take your privacy rights seriously. If you have any concerns about our privacy practices or wish to challenge our compliance with applicable laws or this policy, you have the right to do so. We encourage you to contact us first (see Contact Us below) so we can attempt to resolve the issue. We will investigate and respond to any complaint or concern in a timely manner. If you are not satisfied with our response, you also have the right to escalate your privacy concerns to the relevant authorities. In Canada, this would be the Office of the Privacy Commissioner of Canada (for PIPEDA matters) or possibly a provincial privacy commissioner if provincial laws apply. We will provide you with the contact information for the appropriate regulator upon request.
  • Preferences and Opt-Outs: As noted, Salus does not send marketing communications to individual users. But if at any time we communicate with you and you prefer not to receive certain types of messages (for example, optional email newsletters or tips, if we ever offer those), you can opt out. Required communications, such as security alerts or essential onboarding notifications, will not generally have an opt-out (because they are part of the service you use), but we will keep those to a necessary minimum.

How to Exercise Your Rights: You can exercise many of the above rights directly through the Salus platform or by contacting your employer’s administrator. For example, updating your profile or downloading copies of documents might be available in-app. For rights that require our assistance (such as obtaining a full data report, or deleting data from our backups), please reach out to us at our privacy contact. We may require some verification of identity before fulfilling sensitive requests, to ensure we are protecting your data from unauthorized access (for instance, we wouldn’t want to give your data to someone impersonating you). We will respond within a reasonable timeframe and in accordance with applicable law (usually within 30 days).

We are committed to respecting your choices and rights. There is no penalty or reduced service for exercising any privacy right – we will never discriminate against a user for making a privacy request. Our goal is to be transparent and helpful in enabling you to maintain control over your personal information.

8. Security Measures and Data Protection

Protecting your personal information is a top priority for us. We employ stringent security safeguards to ensure that data in Salus is stored and handled safely, in accordance with industry best practices and standards like SOC 2. Here are some key measures we have in place:

  • Encryption: All data transmitted between your device and the Salus platform is encrypted using HTTPS/TLS protocols. This means that when you upload documents or view information on Salus, the data is scrambled in transit to prevent eavesdropping. Additionally, sensitive personal data and documents are encrypted at rest on our servers. Encryption at rest adds an extra layer of protection, so that even in the unlikely event of unauthorized access to the storage, the data would be unreadable without the proper keys.
  • Access Controls: We restrict access to personal information strictly to those who need it to perform their job duties. Within Staffy, only authorized personnel (such as engineers or support staff with specific clearance) can access user data, and even then, it’s on a need-to-know basis tied to their role (for example, for troubleshooting an issue). Access to administrative tools requires strong authentication and is logged and audited. Likewise, within your employer’s side, Salus provides role-based access controls – meaning, for instance, that only HR administrators or designated managers can see your full details, whereas other employees cannot access your profile.
  • Authentication Security: We encourage strong passwords for all user accounts. The platform may enforce password complexity rules to help you create a secure password. We also support (and strongly recommend) two-factor authentication (2FA) for Salus accounts. 2FA (such as a code sent to your phone or an authenticator app) helps ensure that even if a password is compromised, an attacker cannot access the account without the second factor. If your account is set up with single sign-on through your employer, then the security of that login is handled by your employer’s identity provider (which likely has its own multifactor authentication).
  • Monitoring and Auditing: Our systems are monitored for unusual behavior and potential threats. We employ firewalls, intrusion detection systems, and automated alerts to keep watch for any unauthorized access attempts or suspicious activities. All access to the system (including by our own team) is logged. We perform regular audits of these logs to ensure nothing improper is happening. If something does occur, we have incident response plans to address and mitigate any security issues swiftly.
  • Testing and Assessments: We regularly test the Salus platform for vulnerabilities. This includes conducting security assessments, code reviews, and occasionally third-party penetration testing to identify and fix potential weaknesses. We also adhere to the principles of secure software development. Updates and patches are applied to our infrastructure and application as needed to address new security threats.
  • Organizational Policies: Staffy has internal policies and training in place to ensure all employees and contractors understand how to protect personal data. We follow confidentiality obligations and every team member is trained on privacy and security awareness (for example, being careful with email, avoiding social engineering, etc.). We also have a designated security and privacy team (or officer) who oversees compliance with standards like SOC 2 and relevant regulations.
  • Data Minimization: As part of security, we practice data minimization – we only collect the information we need, as described earlier, and we don’t keep extraneous data. This reduces the risk of harm in case of any issue, because less unnecessary personal data is stored on our systems at any given time.
  • Subprocessor Safeguards: As mentioned, we use reputable third-party service providers for certain functions. We carefully vet these providers for strong security practices. We also ensure that any data we store with them (e.g., on cloud servers) is protected by encryption and contractual privacy commitments. For example, if we use a cloud storage, it is likely in a state-of-the-art data center with robust physical security measures (guards, surveillance, etc.), and our data is segregated and protected from other customers’ data.
  • Backups: We maintain secure backups of data to prevent accidental loss or corruption. These backups are encrypted and stored separately. In the event of data loss or a disaster scenario, we can restore information from backups. Backup data is treated with the same level of security and is only retained for defined periods.
  • Incident Response: Despite all precautions, no system can be 100% immune to issues. We have an incident response plan that outlines steps we will take if we suspect or confirm any data breach or security incident. This includes notifying affected clients and users promptly, taking immediate action to contain and investigate the incident, and cooperating with any required notifications to authorities or regulators. Our plan is designed to meet the requirements of Canadian law in terms of breach notification (for example, if a breach poses a real risk of significant harm, we will notify individuals and the Privacy Commissioner as required).

In plain language, we do everything we reasonably can to protect your data – using modern encryption, strict access rules, and continuous monitoring. We also expect you to play a role in security: please keep your login credentials confidential, use a strong password, and enable two-factor authentication if available. If you ever suspect that your account or data might be compromised (for instance, if you lose your device or notice suspicious account activity), notify us or your employer immediately so we can help secure your account.

While we cannot promise absolute security (no platform can), we commit that we will respond quickly and transparently to any security issues and that we continually work to strengthen the protection of your personal information. Our approach is aligned with industry standards and frameworks for security and privacy to ensure a high level of trust.

9. International Data Storage and Transfers

Staffy is a Canadian company, and we endeavor to store and process personal information in Canada whenever feasible. However, depending on the technologies and third-party services we use, your data may be transferred to or stored in other jurisdictions. We want to be transparent about these possibilities:

  • Primary Data Location: The Salus platform’s primary servers are [in Canada], and as such, your data is initially stored on Canadian soil. (If Staffy uses a Canadian data center, we state this; if not, adjust accordingly.*)
  • Cloud Infrastructure: We utilize cloud service providers that may have data centers in the United States or other countries. For example, if we use Amazon Web Services or another cloud host, backups or certain processing may occur in U.S. regions. Similarly, our email or SMS providers might route communications through servers in various countries. When your personal information is transferred outside of Canada, it may become subject to the laws of the destination jurisdiction. For instance, data in the U.S. can be subject to lawful access requests by U.S. authorities under U.S. law.
  • Safeguards for International Transfers: Regardless of where your data is stored or transferred, we apply the same high standards of protection. We have agreements in place with our service providers to ensure they protect your data to the same level as required in Canada. When required, we will use contractual clauses (such as standard data protection clauses) or other legally recognized transfer mechanisms to ensure that cross-border data flows meet privacy requirements. We also carefully choose vendors in countries with robust data protection regimes where possible.
  • Access by Our Team: Staffy’s team may include personnel or support providers located in other countries (for example, developers or customer support on call). Any such personnel are bound by strict confidentiality and security obligations, and any remote access to data is done through secure channels. Our internal policies ensure that even if a team member is traveling or working abroad, all the data handling complies with our Canadian privacy commitments.
  • User Acknowledgment: By using Salus and submitting information, you acknowledge that your personal information may be transferred to and processed in countries outside your home jurisdiction, including the United States. You understand that while those countries may have different privacy or data protection laws than Canada, we will take appropriate measures to protect your information in those locations.
  • Local Storage by Employer: Note that in some cases your employer might download or export some of your information from Salus for their own records (for example, saving copies of certificates or reports). In such scenarios, once the data is in your employer’s custody, its storage location and protection fall under your employer’s policies. Typically, employers will also store data on secure systems, but if you have concerns about that, you should discuss with your employer.

If we change our data hosting arrangements in the future (for instance, migrating to servers in a different country), we will update this Privacy Policy accordingly and notify our clients. Our goal is to be open about where data resides so you can be aware of any implications.

10. Children’s Privacy

Salus is not intended for use by individuals under the age of majority. Our platform is designed for workforce management, meaning users are generally adult employees or contractors of our client companies. We do not knowingly collect personal information from children. If you are under the age of 16 (or minor in your jurisdiction), you should not use Salus, unless it is authorized by a parent/guardian and permissible by applicable labor laws (which would be an unusual scenario, such as an internship with parental consent).

In the unlikely event that we discover we have collected personal information from a minor without proper consent, we will delete that information promptly. If you believe a minor’s information is being handled through Salus mistakenly, please contact us immediately.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the bottom of this document. If the changes are significant, we will provide a more prominent notice of the update. For example, we might notify you via email (if we have your email on file) or through an in-app notification/banner on Salus.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Salus platform after any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with any update, you should stop using the platform and you may contact us or your employer regarding your concerns.

In the event of any discrepancy between an older version of the policy and the updated version, the terms of the most recent policy will apply to information collected after the update. We will keep prior versions of this policy archived and available upon request if you wish to see what has changed.

12. Contact Us

Staffy is accountable for the personal information under its control and has designated a Privacy Officer (or team) to oversee privacy compliance. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please reach out to us. We are here to help and will respond as promptly as possible.

Privacy Contact Information:

  • Email: [email protected]
  • Mailing Address: Attn: Privacy Officer, Staffy Health Inc. (Salus Platform), 485 Queen Street West, Suite 200, Toronto, ON, M5V 2A9, Canada
  • Phone: (If a phone line is provided, list it here, or state email is preferred for privacy inquiries.)

When contacting us, please include your name and the company you are associated with (your employer) so we can locate your records, and clearly state your question or request. For security, we may need to verify your identity before providing certain information.

We will address all privacy inquiries in accordance with applicable law. If you contact us with a complaint about our handling of your personal information, we will do our best to resolve it. As noted above, if you feel your issue is unresolved, you may also contact the Office of the Privacy Commissioner of Canada or your provincial privacy regulator.

Thank you for trusting Salus with your personal information. We are committed to keeping that trust by protecting your privacy every step of the way.

Last Updated: January 8, 2026


    Book a demo