Updated on Nov 6, 2025
Updated on Nov 6, 2025
BioQuiz Privacy Policy for Enterprise Users
This Privacy Policy (“Policy”) explains how AI-MD Inc. (“AI-MD,” “we,” “our,” or “us”) collects, uses, and protects information related to our enterprise partners — including supplement brands, wellness providers, and corporate clients — who use the AI-MD BioQuiz platform and related services (the “Enterprise Services”).
If you’re a consumer taking a BioQuiz on one of our partners’ sites, your information is governed by our Consumer Privacy Policy.
This Policy applies only to organizations that use BioQuiz or related AI-MD tools as part of their business operations.
This Privacy Policy (“Policy”) explains how AI-MD Inc. (“AI-MD,” “we,” “our,” or “us”) collects, uses, and protects information related to our enterprise partners — including supplement brands, wellness providers, and corporate clients — who use the AI-MD BioQuiz platform and related services (the “Enterprise Services”).
If you’re a consumer taking a BioQuiz on one of our partners’ sites, your information is governed by our Consumer Privacy Policy.
This Policy applies only to organizations that use BioQuiz or related AI-MD tools as part of their business operations.
Who this policy applies to
This Policy covers the data we handle from enterprise customers — companies, their authorized team members, and business contacts — as part of our partnership.
AI-MD acts as:
A data controller for enterprise account information (billing, contacts, usage data), and
A data processor for consumer data that flows through your implementation of BioQuiz.
If there’s ever a conflict between this Policy and your Data Processing Addendum (DPA) or Master Service Agreement (MSA), the contractual terms will take precedence.
This Policy covers the data we handle from enterprise customers — companies, their authorized team members, and business contacts — as part of our partnership.
AI-MD acts as:
A data controller for enterprise account information (billing, contacts, usage data), and
A data processor for consumer data that flows through your implementation of BioQuiz.
If there’s ever a conflict between this Policy and your Data Processing Addendum (DPA) or Master Service Agreement (MSA), the contractual terms will take precedence.
Information we collect
We collect information that helps us operate, secure, and improve the Enterprise Services. This may include:
Business details: Company name, address, and billing information.
Account information: Administrator names, contact emails, and role assignments.
Technical data: IP addresses, browser type, device information, and API usage logs.
Service analytics: Feature usage, performance metrics, and error reports to improve stability.
Support interactions: Messages, tickets, or call notes from our support and success teams.
Aggregated insights: De-identified quiz and performance data used for benchmarking or analytics.
We do not ask for, or store, identifiable consumer health data unless it’s part of a contracted processing arrangement covered by your DPA and our Consumer Privacy Policy.
We collect information that helps us operate, secure, and improve the Enterprise Services. This may include:
Business details: Company name, address, and billing information.
Account information: Administrator names, contact emails, and role assignments.
Technical data: IP addresses, browser type, device information, and API usage logs.
Service analytics: Feature usage, performance metrics, and error reports to improve stability.
Support interactions: Messages, tickets, or call notes from our support and success teams.
Aggregated insights: De-identified quiz and performance data used for benchmarking or analytics.
We do not ask for, or store, identifiable consumer health data unless it’s part of a contracted processing arrangement covered by your DPA and our Consumer Privacy Policy.
How we use enterprise information
We use enterprise data to deliver value, maintain reliability, and strengthen security. Specifically:
To provide and maintain the Enterprise Services you subscribe to.
To administer accounts, billing, and access controls.
To respond to support requests and technical inquiries.
To improve performance and guide product development through aggregate analytics.
To protect integrity through monitoring, fraud prevention, and system security.
To send service updates or product communications, when consented to or permitted by law.
To meet legal obligations such as recordkeeping and audit compliance.
We use enterprise data to deliver value, maintain reliability, and strengthen security. Specifically:
To provide and maintain the Enterprise Services you subscribe to.
To administer accounts, billing, and access controls.
To respond to support requests and technical inquiries.
To improve performance and guide product development through aggregate analytics.
To protect integrity through monitoring, fraud prevention, and system security.
To send service updates or product communications, when consented to or permitted by law.
To meet legal obligations such as recordkeeping and audit compliance.
Our legal and regulatory commitments
AI-MD operates under Canadian law and complies with:
PIPEDA (Canada)
GDPR (EU/UK) where applicable
CCPA/CPRA (California) for covered business data
Our legal bases for processing include fulfilling contracts, maintaining legitimate business interests (security, analytics, product improvement), complying with legal duties, and, when applicable, obtaining consent.
AI-MD operates under Canadian law and complies with:
PIPEDA (Canada)
GDPR (EU/UK) where applicable
CCPA/CPRA (California) for covered business data
Our legal bases for processing include fulfilling contracts, maintaining legitimate business interests (security, analytics, product improvement), complying with legal duties, and, when applicable, obtaining consent.
When and why we share information
We only share enterprise information in limited, transparent ways:
With service providers who host, support, or analyze our systems under strict confidentiality.
As part of corporate changes, such as mergers or acquisitions, with appropriate safeguards.
We never sell or trade enterprise or consumer information.
We only share enterprise information in limited, transparent ways:
With service providers who host, support, or analyze our systems under strict confidentiality.
As part of corporate changes, such as mergers or acquisitions, with appropriate safeguards.
We never sell or trade enterprise or consumer information.
Data transfers across borders
AI-MD operates in Canada and the United States.
When data moves across borders, we use Standard Contractual Clauses (SCCs) and comparable safeguards to maintain compliance with international privacy standards.
AI-MD operates in Canada and the United States.
When data moves across borders, we use Standard Contractual Clauses (SCCs) and comparable safeguards to maintain compliance with international privacy standards.
How we keep your data secure
We take security seriously. Our systems use:
Encryption at rest and in transit
Role-based access controls
Continuous monitoring and logging
Regular vulnerability assessments
SOC-2-aligned security practices and vendor due diligence
Your organization also plays a part in maintaining security — such as controlling who has access to your dashboards and credentials.
We keep enterprise data for two years after your agreement ends, unless the law requires otherwise.
After that, we securely delete or anonymize information following our retention schedule. Backups and logs follow rolling deletion cycles to ensure complete removal over time.
We take security seriously. Our systems use:
Encryption at rest and in transit
Role-based access controls
Continuous monitoring and logging
Regular vulnerability assessments
SOC-2-aligned security practices and vendor due diligence
Your organization also plays a part in maintaining security — such as controlling who has access to your dashboards and credentials.
We keep enterprise data for two years after your agreement ends, unless the law requires otherwise.
After that, we securely delete or anonymize information following our retention schedule. Backups and logs follow rolling deletion cycles to ensure complete removal over time.
Cookies and tracking on enterprise portals
We use cookies and similar tools to:
Keep you signed in securely
Remember preferences
Analyze usage and improve functionality
You can adjust browser settings to manage or block non-essential cookies. Some features may not function properly without them.
We use cookies and similar tools to:
Keep you signed in securely
Remember preferences
Analyze usage and improve functionality
You can adjust browser settings to manage or block non-essential cookies. Some features may not function properly without them.
How we handle consumer data on behalf of enterprises
If your customers take a BioQuiz through your website or promotional campaigns, their personal and health information is processed under the AI-MD Consumer Privacy Policy and your data processing addendum with us.
AI-MD handles such data only on your behalf and according to your instructions.
If your customers take a BioQuiz through your website or promotional campaigns, their personal and health information is processed under the AI-MD Consumer Privacy Policy and your data processing addendum with us.
AI-MD handles such data only on your behalf and according to your instructions.
Our trusted service providers (subprocessors)
We work with carefully vetted vendors who assist in delivering infrastructure, analytics, storage, and customer support.
Each vendor signs binding data-protection agreements and meets strict security standards.
A current list of subprocessors is available upon request, and we’ll provide advance notice of material changes where required.
We work with carefully vetted vendors who assist in delivering infrastructure, analytics, storage, and customer support.
Each vendor signs binding data-protection agreements and meets strict security standards.
A current list of subprocessors is available upon request, and we’ll provide advance notice of material changes where required.
If a security incident occurs
If a breach or unauthorized access involving enterprise data occurs, AI-MD will:
Notify affected customers promptly,
Share details of the scope and impact, and
Cooperate to meet any legal notification requirements.
If a breach or unauthorized access involving enterprise data occurs, AI-MD will:
Notify affected customers promptly,
Share details of the scope and impact, and
Cooperate to meet any legal notification requirements.
Data processing adendum (DPA) and HIPAA compliance
When enterprise customers process consumer data through BioQuiz, AI-MD will sign a Data Processing Addendum (DPA) that sets out data-handling terms, responsibilities, and safeguards consistent with global privacy laws.
If the partnership involves U.S. healthcare entities or data subject to HIPAA, AI-MD will also execute a Business Associate Agreement (BAA) and follow HIPAA’s privacy and security standards, including breach reporting and the “minimum necessary” rule.
When enterprise customers process consumer data through BioQuiz, AI-MD will sign a Data Processing Addendum (DPA) that sets out data-handling terms, responsibilities, and safeguards consistent with global privacy laws.
If the partnership involves U.S. healthcare entities or data subject to HIPAA, AI-MD will also execute a Business Associate Agreement (BAA) and follow HIPAA’s privacy and security standards, including breach reporting and the “minimum necessary” rule.
Updates to this policy
We occasionally update this Policy to reflect product changes or legal updates.
Revisions will appear on our website with a new effective date.
When material updates occur, we’ll notify enterprise contacts by email or dashboard message.
We occasionally update this Policy to reflect product changes or legal updates.
Revisions will appear on our website with a new effective date.
When material updates occur, we’ll notify enterprise contacts by email or dashboard message.
Contact us
If you have questions or privacy concerns, please contact:
AI-MD Inc.
Attention: Data Protection Officer
Email: info@ai-md.com
For consumer privacy matters, visit the AI-MD Consumer Privacy Policy.
If you have questions or privacy concerns, please contact:
AI-MD Inc.
Attention: Data Protection Officer
Email: info@ai-md.com
For consumer privacy matters, visit the AI-MD Consumer Privacy Policy.
Power Your Growth with Results Your Customers Can Feel
Growth Powered by Results Your Customers Can Feel
Turn measurable health improvements into lasting loyalty.