HANDYMETRICS CORPORATION | PRIVACY POLICY

Last Updated: April 29, 2026

1. Introduction and Scope

This Privacy Policy applies to handymetrics.com, handyaudit.com, qipaudit.com, speedyaudit.com, our mobile applications, and all other services operated by HandyMetrics Corporation ("HandyMetrics," "we," "us," or "our").

HandyMetrics acts as a "Data Controller" for visitors to our public websites and a "Data Processor" for our institutional clients (e.g., health systems) who utilize our auditing platforms. If you use our Services through your employer, their privacy policy also governs your data.

2. Consent and Legal Basis for Processing

We process personal data under the following legal frameworks:

• Contractual Necessity: To provide auditing services, manage accounts, and provide technical support.
• Consent: For marketing communications and non-essential cookies.
• Legitimate Interests: For platform security, fraud prevention, and the generation of de-identified, aggregate hand-hygiene benchmarks for public health improvement.
• Legal Obligation: To comply with regulatory, tax, or law enforcement requirements.

3. Information We Collect

We adhere to "Data Minimization" principles, collecting only what is necessary:

• Identifiers: Name, professional email, phone number, and facility affiliation.
• Usage & Device Data: IP addresses, browser types, and device identifiers.
• Audit Metadata: Timestamps and performance metrics (e.g., hygiene compliance scores).

Sensitive Data Statement: HandyMetrics does not collect "Sensitive Personal Information" as defined by the CPRA/GDPR (e.g., biometrics, health records of individuals, or precise geolocation) from our website visitors.

4. Cookies and Tracking Technologies

We use cookies and similar technologies (web beacons, pixels) to ensure site security and analyze traffic.

• Essential Cookies: Necessary for the technical operation of our auditing suite (e.g., maintaining your secure login). These are active by default.
• Non-Essential Cookies: Analytics and functional cookies are deployed only if you provide explicit consent via our banner.
• Your Choices: You can manage or revoke consent at any time via our Cookie Preference Center.

For a comprehensive list of specific cookies, their providers, and their lifespans, please see our [Link to Standalone Cookie Policy].

5. No Sale or Sharing of Personal Information

HandyMetrics does not sell your personal information for monetary value, nor do we "share" it for cross-contextual behavioral advertising. As we do not engage in these activities, we do not provide a "Do Not Sell or Share" link. We do not use your personal data to build marketing profiles for third parties.

6. Global Privacy Control (GPC) Recognition

In accordance with 2026 standards, our websites are configured to automatically detect and honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, our systems will treat it as a valid request to opt-out of all non-essential tracking and data sharing.

7. Content and Data License (Anonymization)

Our auditing platforms generate data used for hygiene behavior analysis. Users grant HandyMetrics a license to use this data for aggregate analysis. We ensure that such data is fully anonymized (meeting the "high-bar" standards of GDPR and PIPEDA) before it is used for longitudinal research or derivative works. Once anonymized, the data is no longer "personal information."

8. Automated Processing and AI

We may use automated systems to generate performance reports and identify hygiene trends. However, HandyMetrics does not use automated decision-making or AI profiling that produces legal or similarly significant effects on individuals without human oversight.

9. How We Disclose Information

We disclose data only to the following categories of service providers, who are contractually restricted from using your data for any other purpose:

• Infrastructure: Cloud hosting (e.g., AWS/Azure) and database management.
• Operations: Customer support tools and secure email delivery services.
• Professional Services: Legal, financial, and security auditors.
• Legal: When required by a valid subpoena or to protect the rights and safety of our users.

10. Your Global Privacy Rights

We provide a unified set of rights to all users globally:

• Access & Portability: Request a machine-readable copy of your data.
• Correction: Correct inaccurate or outdated professional information.
• Deletion: Request erasure of your data (The "Right to be Forgotten"), subject to legal retention duties.
• Right to Object/Opt-Out: Object to processing based on "Legitimate Interests" or withdraw consent.
• Right to Appeal: If we deny a rights request, you may appeal the decision by contacting our Privacy Office. We will respond within 45 days.

11. International Data Transfers

HandyMetrics is based in Toronto, Canada.

• EU/UK Transfers: Canada is recognized by the European Commission as providing "adequate" protection.
• US/Global Transfers: For jurisdictions without an adequacy decision, we utilize Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption at rest and in transit) to ensure equivalent protection.

12. Data Security and Retention

We maintain SOC2-aligned physical and electronic safeguards. Personal data is retained only for as long as necessary to fulfill the service or as required by law (e.g., 7 years for certain financial/tax records).

13. Children's Privacy

Our Services are strictly B2B and are not intended for children under 16. If we discover we have inadvertently collected data from a minor, we will delete it immediately.

14. Contact and Dispute Resolution