Pilot testing in progress.This site is under active development and data may be reset without notice. Please don't submit real care requests yet.
Skip to main content

Legal

Privacy policy

Last updated: April 3, 2026

Building in public. This document is part of a technology demonstration. It has not been reviewed or approved by legal counsel and does not constitute legal advice, a binding agreement, or a final policy. Polymorphism is an Alberta home-care marketplace prototype built to showcase platform architecture โ€” not a live service accepting clients or caregivers at this time.

Polymorphism Agency ("Polymorphism," "we," "us," or "our") explains in this policy how we collect, use, disclose, and protect personal information when you visit polymorphism.agency, use our online intake forms, or otherwise interact with our services described on this site.

This document is not legal advice. Privacy rules depend on what we actually do, where our customers and users are located, and how courts and regulators interpret the law over time.

Who we are

The organization responsible for personal information under this policy is Polymorphism Agency. For privacy requests, contact privacy@polymorphism.agency.

Which laws may apply

Canada โ€” federal: The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to many commercial activities in provinces that do not have substantially similar private-sector legislation. We describe our practices in a way that is generally consistent with PIPEDA themes (accountability, identifying purposes, consent, limiting collection, limiting use, accuracy, safeguards, openness, individual access, and challenging compliance).

Alberta โ€” private sector:Where our collection, use, or disclosure of personal information falls under Alberta's Personal Information Protection Act (PIPA), we aim to meet those requirements. PIPA applies to some organizations and activities; whether it applies to a given processing activity is a legal determination. Where PIPA applies, you may have rights to access or correct your information and to complain to the Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta) about how we handle your personal information in appropriate circumstances.

If other provincial or federal rules apply to specific programs or relationships (for example health information custodians or public bodies), those rules are in addition to this policy and will be addressed in separate agreements or notices where required.

Information we collect

We collect only what we reasonably need for the purposes below. Categories include:

  • Contact and identity โ€” name, email address, telephone number, job title (for business contacts), and organization name when you provide them (for example through intake forms or email).
  • Intake and coordination details โ€” information you type into our multi-step intake flows, which may include municipality or city, postal code, high-level description of care or operational needs, timelines, service categories, and similar fields. Do not submit detailed clinical or diagnostic information through these forms unless we explicitly design a workflow for that with appropriate safeguards and consent.
  • Consent choices โ€” whether you accept this policy for the submission, and whether you opt in to optional marketing or newsletter communications.
  • Technical and security data โ€” IP address, browser type, device characteristics, timestamps, and server logs used for security, abuse prevention, and service reliability. We use a minimal approach to cookies; see below.
  • Anti-spam signals โ€” hidden form fields and rate limits used to detect automated abuse (we do not use these fields for profiling individuals).

Purposes of collection and use

We use personal information to:

  • Respond to intake submissions and route inquiries to the appropriate internal mailbox.
  • Operate, secure, and improve the website and our underlying infrastructure.
  • Communicate with you about the request you initiated.
  • Where you opt in, send newsletters or marketing we believe may interest you; you may withdraw that consent later.
  • Meet legal, regulatory, and professional obligations and enforce our terms.

Consent

Where required, we rely on express consent (for example checking a box to submit an intake form after linking to this policy). In limited cases, we may rely on implied consent (for example when you email us and we reply about the same subject). You may withdraw consent for non-essential uses where withdrawal is practical, subject to legal or contractual restrictions.

Disclosure to service providers and partners

We use subprocessors to host the site, send transactional email, and similar functions. Examples may include hosting (e.g. Vercel), transactional email (e.g. Resend), and domain/DNS providers. A production deployment should list current subprocessors with counsel approval. We require contractual protections appropriate to the service.

We do not sell your personal information. We may disclose information to partner agencies or payers when you ask us to facilitate an introduction or matching and such disclosure is part of delivering that request โ€” in that case the agency or organization becomes responsible for its own use of the information under its policies.

We may disclose information when required by law or to protect rights, safety, and security.

International processing

Our service providers may process or store information in Canada, the United States, or other countries. Where personal information is transferred across borders, we aim to use contractual or other measures required by applicable law. Details should be confirmed with your counsel and vendor documentation.

Retention

We retain personal information only as long as necessary for the purposes above, including reasonable backup and legal hold periods. Exact retention schedules should match your records management program and be listed in an internal data inventory after review.

Safeguards

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information. No method of transmission over the Internet is completely secure.

Cookies and similar technologies

Today the marketing site uses cookies and storage primarily for essential operation and security. If we introduce analytics or advertising cookies, we will update this policy and, where required, obtain consent before non-essential cookies run.

Your rights โ€” access, correction, and questions

You may request access to or correction of personal information we hold about you, subject to exceptions in law. Contact privacy@polymorphism.agency. We may need to verify your identity before responding.

If you believe we have mishandled personal information and PIPA applies to our handling of your information, you may contact OIPC Alberta as described on their official website. For matters under PIPEDA, you may contact the Office of the Privacy Commissioner of Canada (OPC) where applicable.

Health information (Alberta โ€” HIA context)

If Polymorphism or a partner organization acts as a health information custodian under Alberta's Health Information Act (HIA) for specific programs, processing rules may differ from this general marketing policy. In those cases, we provide program-specific notices and agreements (for example consent to disclose or care-plan approvals). See also our health data handling procedures for vendor packets.

Children

Our public marketing and intake flows are not directed at children. Do not submit a child's personal information except as part of a lawful caregiving relationship and with appropriate authority.

Changes

We may update this policy from time to time. The "Last updated" date at the top will change when we publish a new version. Material changes may require additional notice under applicable law.