Wollem

Privacy Notice

Last updated: May 25, 2026

Wollem ("we", "us") is a foot care practice based in Nova Scotia, Canada. This Privacy Notice explains how we collect, use, disclose, and safeguard personal information in connection with our software application (the "Service"), in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Nova Scotia's Personal Health Information Act (PHIA).

1. Our role

  • For our subscribers (foot care nurses using the Service): we are the data controller of your account information.
  • For the personal health information that subscribers upload about their clients: the subscriber is the custodian under PHIA and the controller under PIPEDA; we act as their information manager / processor and handle the information only on their documented instructions.

2. Categories of personal information we collect

From subscribers (account holders)

  • Identity and contact data: name, email, phone, business name, professional licence number;
  • Billing data: billing address, tax number; payment card details are collected and processed by Paddle and never reach our servers;
  • Usage and technical data: log-in timestamps, device and browser information, IP address.

From clients of subscribers (personal health information)

  • Identity and contact data: name, date of birth, address, phone, email;
  • Health-related notes and observations entered by the subscriber;
  • Billing records: services rendered, invoices, quotes, amounts.

3. Purposes and legal basis

  • Providing the Service (performance of contract) — account creation, storing client records, generating invoices and quotes;
  • Billing and tax (legal obligation, contract) — collecting subscription fees through Paddle, issuing receipts, complying with Canadian sales tax laws;
  • Security and fraud prevention (legitimate interest) — detecting unauthorized access, maintaining audit logs;
  • Customer support (contract) — responding to inquiries;
  • Service improvement (legitimate interest) — aggregated, de-identified analytics;
  • Marketing (consent, CASL) — only with your express opt-in; you can withdraw consent at any time using the unsubscribe link in any commercial email.

4. Sharing and disclosure

We do not sell personal information. We share it only with:

  • Subprocessors who host or operate parts of the Service (cloud database and application hosting). They are bound by written agreements to keep information confidential and process it only on our instructions;
  • Paddle.com Market Ltd., our Merchant of Record, for processing subscription payments, calculating and remitting Canadian sales taxes (GST/HST), invoicing, and handling chargebacks and refunds;
  • Professional advisors (accounting, legal) bound by duties of confidentiality;
  • Authorities when required by law, court order, or to protect rights or safety.

5. International transfers and data residency

The Service's database and application servers may be hosted in or outside of Canada. When personal information is transferred outside of Canada, it may be subject to lawful access requests by foreign authorities. We use contractual safeguards with our hosting providers to protect the information. If you require Canadian-only data residency for your clinical records, please contact us before subscribing.

6. Security safeguards

  • Encryption of data in transit (TLS) and at rest;
  • Row-Level Security in our database so each subscriber can only access their own account and client data;
  • Access controls, secure password storage, and session management;
  • Regular review of access permissions and security configurations.

7. Retention

Account and billing records are retained for as long as your account is active and for up to seven (7) years after closure to meet Canadian tax and accounting requirements. Personal health information uploaded by subscribers is retained for as long as the subscriber's account is active; on account closure, subscribers have thirty (30) days to export the data before it is permanently deleted.

8. Your rights

Under PIPEDA and PHIA, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Withdraw consent (subject to legal and contractual obligations);
  • Lodge a complaint with our office or with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Nova Scotia Information and Privacy Commissioner (oipc.novascotia.ca).

Clients of subscribers: please direct access, correction, or breach-related requests to the foot care nurse who collected your information. They are the custodian of your record under PHIA.

9. Breach notification

We will notify affected subscribers without unreasonable delay of any breach of security safeguards affecting their account or client data, and we will cooperate with subscribers in meeting their own breach notification obligations under PHIA and PIPEDA.

10. Cookies

We use only strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising or third-party tracking cookies.

11. Contact

Privacy questions, access requests, or complaints:
Wollem · Mellowpeachfootcare@gmail.com