Privacy Policy

Privacy Policy

Last updated: January 31st, 2026

WELLBLOC Inc., is committed to protecting your privacy and handling your personal information with transparency, care, and respect.

This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information. It applies to clients, patients, website visitors,

therapists and providers, corporate clients, and anyone else whose information we handle in connection with our services.

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Ontario's Personal Health Information Protection Act (PHIPA),

Canada's Anti-Spam Legislation (CASL), and other applicable Canadian federal and provincial privacy laws.
Please read this policy together with our Terms & Conditions

---

We do not sell your personal information.

WELLBLOC does not sell, rent, or trade your personal or health information to third parties for their own marketing or commercial purposes.

---

1. Who We Are

WELLBLOC Inc. is a corporation incorporated under the laws of Ontario. We operate a multi-brand wellness platform that connects clients with regulated health professionals for in-home, corporate, hotel, residential, event-based, and MVA (motor vehicle accident) rehabilitation services in the Canadian markets we serve.

Privacy Officer and contact:

Email: privacy@wellbloc.ca

Websites: wellbloc.ca

---

2. What Information We Collect

We collect different types of information depending on your relationship with us.

2.1 Clients and Patients

When you book or receive services, we may collect:

  • Contact information: name, email address, phone number, home or service address

  • Date of birth and government-issued identification (where required)

  • Health information: health history, medical conditions, injuries, medications, treatment notes, consent forms, and clinical records relevant to your care

  • Payment information: credit or debit card details (processed through our payment partners; we do not store full card numbers)

  • Booking and session history

  • Insurance and benefits information: extended health provider, policy number, coordination of benefits details

  • MVA and claim information: accident details, insurer name, adjuster contact, claim number, legal representative and HCAI-related documentation

  • Communication history: messages, support requests, feedback, and reviews

  • Marketing preferences: email and SMS consent status

If you book services for another person — including a family member, guest, or gift recipient, you represent that you have that person's permission to share

their information with us. We will handle their information in accordance with this Privacy Policy.

2.2 Therapists and Providers

When you onboard as a therapist or provider, we may collect:

  • Contact information: name, address, email, phone number

  • Professional credentials: college registration number, designation, registration date, and college standing confirmations

  • Credential verification and background screening records

  • Insurance: professional liability insurance certificates

  • Banking and tax information: bank institution, transit number, account number, void cheque, HST or business number, SIN (where required for CRA T4A reporting for unincorporated contractors with no business number), date of birth

  • Vehicle information: make, model, and licence plate (for client site coordination)

  • Emergency contact information

  • Profile photo and shirt size (for operational and branding purposes)

  • HCAI registration and consent

    Signed agreements and onboarding documentation

2.3 Corporate Clients and Event Contacts

When arranging corporate wellness events, we collect:

  • Organization name, contact name, role, email, and phone number

  • Event and site details: address, access instructions, scheduling information

  • Billing information: invoicing contacts, payment methods, purchase order details

2.4 Website Visitors

When you visit our websites, we may collect:

  • IP address and approximate location

  • Browser type, operating system, and device information

  • Pages visited, time spent, links clicked, and referring URLs

  • Cookie identifiers and tracking data (see Section 9)

---

3. How We Collect Your Information

We collect personal information:

Directly from you: through our booking pages, intake forms, consent forms, onboarding forms, email, SMS, phone, and in-person interactions

From third parties: from insurers, occupational therapists, case managers, legal representatives, referral partners, and credential verification or screening services involved in your care, claim coordination, or provider onboarding, with your authorization or as permitted by law

Automatically: through cookies, analytics tools, and website tracking technologies when you visit our sites

---

4. Why We Use Your Information

We use personal information for the following purposes or as otherwise described at the time we collect it:

Service delivery: to schedule, coordinate, and deliver wellness services,

  events, and MVA rehabilitation programs

Clinical care: to support regulated health professionals in delivering

  safe, appropriate, and informed treatment

Payment processing: to bill clients, process payments, issue receipts,

  and manage refunds and credits

Insurance and claims: to submit treatment plans, invoices, and claim-related documentation to insurers and HCAI on your behalf, as authorized

Provider management: to onboard, pay, and manage our network of therapists and providers, including credential and background verification, college standing checks, and T4A issuance as required by CRA

Account and booking management: to manage memberships, gift cards, promotional credits, and booking histories

Communications: to send booking confirmations, reminders, intake forms, receipts, and service-related updates

Platform communications monitoring: where WELLBLOC provides messaging or communication features between clients and providers, we may review, scan, or analyze those communications for purposes of safety, fraud prevention, regulatory compliance, and enforcement of our Terms & Conditions. We do not review communications for the purpose of sending third-party marketing messages and do not sell communication data

Marketing: to send promotional emails, newsletters, and SMS messages where you have provided consent in accordance with applicable CASL requirements

Aggregated and anonymized insights: we may create aggregated, de-identified, or anonymized data from the personal information we collect by removing information that makes it personally identifiable. We may use and share this anonymized data for lawful business purposes, including service improvement, research, reporting, and marketing — for example, to describe general trends in how clients use wellness services, without identifying any individual

Legal and regulatory compliance: to meet our obligations under PIPEDA, PHIPA, CRA, CASL, and applicable professional standards

Safety and fraud prevention: to verify credentials, detect fraud, protect our clients and providers, and ensure platform integrity

Service improvement: to analyze usage, improve our platforms, and develop new offerings

---

5. Health Information and PHIPA

Some of the information we handle is personal health information ("PHI") as defined under PHIPA, including treatment records, health histories, clinical notes, and MVA-related documentation.

Where WELLBLOC collects, maintains, or controls personal health information in connection with services coordinated through our platform, WELLBLOC acts as the health information custodian or as otherwise permitted under applicable health privacy laws. Therapists and providers may also have independent professional and regulatory obligations regarding records, consent, documentation, and privacy. Where applicable, therapists and providers may act as agents of WELLBLOC for the purpose of collecting, using, and documenting personal health information required to deliver care.

We collect, use, and disclose PHI only: with your express consent, or as required for the provision of care; as authorized by you for insurance billing, claim coordination, or referral purposes; as required by law, regulatory authority, or court order; or in a medical emergency where consent cannot reasonably be obtained.

Therapist and provider access to client information. Therapists and providers may receive access to client intake forms, consent forms, booking information, or health information only where reasonably necessary to assess, prepare for, or deliver services. If a therapist or provider receives access to information for a client they do not ultimately treat, they remain required to keep that information confidential and may not copy, retain, use, disclose, or contact the client using that information except as directed by WELLBLOC, required by law, or required by applicable professional obligations.

PHI is not used for marketing purposes. You may withdraw consent for the

collection and use of PHI at any time, subject to legal and regulatory

obligations that may require us to retain certain records. Withdrawal of consent

may affect our ability to provide some or all services.

Clinical records are retained in accordance with applicable professional standards

and regulatory requirements. See Section 10 for retention periods.

---

6. Sharing Your Information

We share personal information only as necessary to provide services, comply with

the law, or as otherwise described in this policy. We do not sell personal

information.

We may share your information with the following categories of recipients:

Service providers and technology partners: companies that help us operate our

platforms, process payments, manage bookings, send communications, and store data.

These include payment processors, CRM providers, booking and scheduling platforms,

form and survey tools, accounting software, and communication tools. These

partners are contractually required to protect your information and use it only

for the purposes we specify.

Healthcare and claims partners: insurers, adjusters, occupational therapists,

case managers, and legal representatives involved in your care coordination or MVA

claim, as authorized by you.

HCAI: where you have consented to MVA billing through HCAI, we share treatment

plans, provider information, and billing data as required for claims processing.

Credential and screening providers: third-party services used to verify

provider credentials, college registration, and professional standing.

Regulatory bodies and professional colleges: where required to verify provider

credentials, respond to complaints, or comply with professional oversight

obligations.

Law enforcement and government authorities: where required by law, court order,

or to prevent or investigate fraud, safety risks, or other unlawful activity.

Business successors: in connection with a merger, acquisition, financing, or

sale of substantially all of our business or assets, subject to appropriate

confidentiality and privacy protections.

---

7. Cross-Border Transfers

Some of our service providers and technology partners are located outside Canada,

including in the United States. Your personal information may be transferred to,

stored in, or processed in a jurisdiction other than Canada.

When your information is handled outside Canada, it is subject to the laws of that

jurisdiction, which may differ from Canadian privacy law. We take reasonable steps

to ensure that cross-border transfers are governed by contractual protections

consistent with PIPEDA.

Our key technology partners that may process data outside Canada include

(representative, not exhaustive): payment processing, CRM, marketing

communications, form and survey tools, accounting and payroll, and scheduling and

automation platforms. Where specific partners are material to your use of our

services, we will disclose them on request.

Where personal health information is collected or stored in connection with

clinical services, WELLBLOC takes reasonable steps to ensure that such

information is stored on servers located in Canada where practicable.

---

8. Marketing and CASL

We send two types of communications:

Transactional messages: booking confirmations, reminders, receipts, intake

forms, support responses, and service-related updates. These are sent as necessary

to provide services and do not require separate marketing consent.

Marketing messages: promotional offers, newsletters, seasonal campaigns,

membership updates, and new service announcements. These are sent only where you

have provided consent in accordance with applicable CASL requirements.

You may withdraw consent to marketing messages at any time by:

- clicking the unsubscribe link in any marketing email;

- replying STOP to any marketing SMS; or

- contacting us at support@wellbloc.ca.

Withdrawal of marketing consent does not affect your ability to receive

transactional messages related to active bookings, memberships, or claims.

---

9. Cookies and Tracking

Our websites use cookies and similar tracking technologies to operate and improve

our platforms.

Types of cookies we use:

- Essential cookies: required for basic website functionality, session

  management, and security. Cannot be disabled without affecting core features.

- Analytics cookies: used to understand how visitors use our sites, which

  pages perform well, and how to improve the experience. We use tools such as

  Google Analytics for this purpose.

- Marketing cookies: used to measure the effectiveness of our marketing

  campaigns and to deliver relevant content. These may be set by third-party

  platforms such as Google and Meta.

- Functionality cookies: used to remember your preferences, such as language

  or location settings.

You can manage cookie preferences through your browser settings. Disabling certain

cookies may affect the functionality of our websites. Where required by applicable

law, we will seek your consent before placing non-essential cookies.

We do not use cookies to collect personal health information.

Do Not Track. Our websites do not currently respond to "Do Not Track" browser

signals. You can manage your preferences through your browser's cookie settings

as described above.

---

10. Data Retention

We retain personal information only as long as necessary to fulfill the purposes

for which it was collected, comply with legal and regulatory obligations, and

resolve disputes.

General retention guidelines:

- Client booking and account data: retained for the duration of your

  relationship with us and for a reasonable period thereafter for dispute

  resolution and legal compliance

- Clinical and health records: retained in accordance with the standards of

  the applicable regulatory college (such as CMTO, CPO, CCO, CONO, or other

  applicable body), which generally require a minimum of ten (10) years from

  the date of last treatment; records involving minors are retained until the

  patient reaches the age of majority plus ten (10) years, or as otherwise

  required by the applicable college's standards — WELLBLOC will follow the

  longer of the applicable college standard or any legal requirement

- MVA and insurance records: retained for the duration of the claim and for

  a minimum of seven (7) years thereafter, or as required by applicable law

- Financial and tax records: retained for a minimum of seven (7) years as

  required by CRA

- Marketing preferences and consent records: retained for three (3) years

  after last interaction, as required under CASL

- Therapist and provider records: retained for the duration of the

  engagement and for seven (7) years thereafter

When information is no longer required, it is securely deleted or anonymized.

---

11. Protecting Your Information

We implement reasonable administrative, technical, and physical safeguards to

protect your personal information, including:

- encrypted transmission of sensitive data (SSL/TLS)

- access controls and authentication requirements

- restricted access to personal information on a need-to-know basis

- secure storage for banking, tax, and health-related data

- regular review of our security practices

No method of transmission or storage is completely secure. We cannot guarantee

absolute security, but we are committed to protecting your information to the

best of our ability and will respond promptly to any security incident.

---

12. Breach Notification

In the event of a privacy breach that creates a real risk of significant harm to

an individual, we will:

- notify the affected individual(s) as soon as reasonably possible;

- report the breach to the Office of the Privacy Commissioner of Canada as

  required under PIPEDA;

- maintain a record of all privacy breaches, whether or not notification is

  required; and

- take reasonable steps to contain and remediate the breach.

For health information breaches involving PHI, we will also comply with applicable

PHIPA notification obligations to the Information and Privacy Commissioner of

Ontario. Where required, we may also notify the applicable professional college

or regulatory body.

Reporting obligations for therapists and providers. Therapists, providers,

contractors, and service partners who become aware of an actual or suspected

privacy incident involving WELLBLOC client information — including incidents

involving intake forms, consent forms, booking data, health records, or any

personal information received through WELLBLOC systems or communications — must

notify WELLBLOC promptly at privacy@wellbloc.ca and must cooperate with

containment, investigation, notification, and remediation steps as directed

by WELLBLOC.

To report a suspected breach or privacy concern, contact us at privacy@wellbloc.ca.

---

13. Your Privacy Rights and Choices

Under PIPEDA and PHIPA, you have the following rights and choices with respect

to your personal information:

- Access: request a copy of the personal information we hold about you

- Correction: request that inaccurate or incomplete information be corrected

- Withdrawal of consent: withdraw consent to our collection, use, or

  disclosure of your information, subject to legal and contractual limitations

- Opt-out of marketing: unsubscribe from marketing emails using the link in

  any email, or reply STOP to any marketing SMS at any time

- Cookie preferences: manage cookie settings through your browser at any time

- Anonymity: where lawful and practicable, you may contact us anonymously or

  using a pseudonym for general inquiries. However, we will usually need to

  identify you to process bookings, payments, insurance claims, health records,

  access requests, correction requests, or privacy complaints connected to a

  specific account or service

- Complaint: file a complaint with us or with the Office of the Privacy

  Commissioner of Canada if you believe your privacy rights have been violated

No penalization for privacy requests. We will not penalize you for making a

privacy request or complaint. However, certain requests — such as withdrawal of

consent or deletion requests — may affect our ability to provide services, process

claims, or maintain records where information is required for clinical, legal,

regulatory, or operational purposes. Where a request affects your services, we

will explain the consequences before proceeding.

To exercise any of these rights, contact our Privacy Officer at

privacy@wellbloc.ca. We will respond within 30 days of receiving a written

request. We may require verification of your identity before processing a request.

---

14. Children and Minors

Our services are available to individuals aged 16 and over, with parental or

guardian consent required for those under 18 as set out in our Terms & Conditions.

We do not knowingly collect personal information from children under 16 without

parental consent.

If you believe we have collected information from a minor without appropriate

consent, please contact us at privacy@wellbloc.ca and we will address it promptly.

---

15. Links to Third-Party Sites

Our websites may contain links to third-party websites or platforms. This Privacy

Policy does not apply to those sites. We encourage you to review the privacy

policies of any third-party platforms you visit. WELLBLOC is not responsible for

the privacy practices, content, or security of any third-party sites or services.

---

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our

practices, technology, legal requirements, or business operations. The updated

version will be posted on our websites with a revised "Last updated" date.

For material changes that affect how we handle your personal information, we will

provide notice by email or by prominent notice on our websites where required

by law.

---

17. Contact Us

For questions, access requests, correction requests, or concerns about this 

Privacy Policy or our privacy practices:

Privacy Officer — WELLBLOC Inc.

Email: privacy@wellbloc.ca

Websites: wellbloc.ca

For general support or booking questions:

support@wellbloc.ca

For our Terms & Conditions: https://wellbloc.ca/terms-conditions

For Frequently Asked Question please visit our FAQs.
For more details on Terms & Conditions please visit Terms and Conditions

For questions or concerns regarding this Privacy Policy, please contact us:

  • WELLBLOC: privacy@wellbloc.ca

Thank you for trusting us with your wellness journey.

+ GIFT CARDS

MASSAGE & WELLNESS TAILORED FROM THE COMFORT OF HOME

https://squareup.com/gift/8RWJ109B9H671/order
https://squareup.com/gift/8RWJ109B9H671/order
SCHEDULE & SEND NOW