Last Updated: December 4th, 2023

Power Over Pain Privacy Policy

This privacy policy outlines how the Power Over Pain (“POP”) project handles your personal information when you use the POP website (the “Portal”). Your "personal information" is any information that identifies you directly or indirectly, like your name, email, address, and phone number. The Portal is run by by the Ottawa Hospital Research Institute ("OHRI" or "we"), the independent research arm of The Ottawa Hospital ("TOH"). Power Over Pain ("POP") is a project under OHRI's purview, funded by Health Canada, and therefore has specific reporting and performance obligations to Health Canada.

Collection and Use of Personal Information

The following table describes the type of personal information we collect, the legal grounds and explanation for processing and if processing is optional.


Type of information

Legal grounds for processing


Is it optional

Creation of and access to a Portal account

Email address and password or authentication via existing platform

Your consent.

This information is collected when you create a Portal account and when you log in.

If the user leverages an existing single sign on account, the originating site will log the user’s initial account activity but cannot view or track information entered into the Portal.

You can opt out of these activities, although You will have access to the areas of the Portal that do not require an account. Without an account, you cannot complete self-assessments and track your progress, or access self-directed courses.

Analyze and enhance user experience using demographic information.

Province/territory of residence, approximate age, ethnicity and gender.

Your consent.

This information is only collected if you choose to provide it to POP.

You are not required to provide age category, ethnicity, gender province/territory of residence, and can opt out of this activity.

Allow you to monitor your pain, mood, well-being, functionality, and substance use a using self-assessment.

Self-assessment responses and scores

Your consent.

This information is only collected if you decide to complete the self-assessment and is only collected and maintained on the Portal for your own use. POP does not use or disclose this information for any other purpose.

You are not required to complete the self-assessment and can opt out of this activity.

Engage in communication with you for multiple reasons , including: reminders to complete your self-assessment; requests to respond to surveys; updates about the Portal and POP, terms of use and the privacy policy, other purposes required for achieving the POP goal.

Email address

Your consent and to comply with our obligations to inform you about updates to the Portal, POP, our terms of use and privacy policy.

Your email address is collected when you create a Portal account.


You may opt out of most communications through preferences in your account. You cannot opt out of some communications we need to send you.

Email reminders to complete self-assessments.

Email address

Your consent.

We only gather your email if you voluntarily provide it, so that you can receive self-assessment reminders by email.

You may opt out of receiving reminders by email.

Manage and safeguard POP and the Portal, including resolving issues, data analysis and system testing

IP address, device information.

This information is collected when you access the Portal.

This information is necessary to protect and ensure the Portal operates as intended.

You cannot opt out of these activities, otherwise we will be unable to provide the services to you.

Examine the usage of the Website and Portal to detect patterns, pinpoint user locations, address problems, and implement enhancements.

IP address, device and browser type, referring website, website activity such as click rate and bounce rate

Your consent.

This information is automatically collected when you use the Portal.

You cannot opt out of the collection of web log files.

Quality improvements and for any Research Ethics Board (“REB”) approved studies

Any personal information provided for the purposes identified above.

Your consent.

REB-approval is required for any REB-approved studies

You cannot opt out of these activities.

We only ask for the personal information we need to run the Portal. Your personal data will solely be employed for the original purpose(s) for which it was provided, unless we have believe that an alternative purpose is consistent with the initial one(s) and necessitates the use of your personal information for that reason. If any modifications in the handling of your personal information arise and consent is necessary, we will notify you and obtain your explicit agreement.

We may also collect, use and share “Aggregated Data” for any purpose. Aggregated Data, including statistical and demographic data, is built by combining different users’ personal information, but Aggregate Data itself is not personal information. We use Aggregate Data for many reasons. For instance, we use Aggregate Data to fulfill our obligations to Health Canada with reports on the Portal. These reports are required to fullfil our obligations and maintain funding. These reports do not include any identifiable information about individual users.

In specific situations,, where permitted or required by law, we may process your personal information without your knowledge or consent, including to ensure the security or accessibility of POP, to safeguard or uphold our legal entitlements, or to ensure the well-being and safety of individuals..

In the case that your personal information is used for an REB-approved research study, the study will first have to be approved by a duly authorized REB in accordance with Ontario laws. Any personal information shared with third parties for the purposes of such a research study will only be shared with external parties exclusively as permitted by the REB, and all direct identifiers (such as your name and email address) will be removed. In no case will POP attempt to link your information with any other information in an attempt to re-identify you.

Disclosures of Personal Information

We maintain the confidentiality of your personal information, unless you have explicitly requested us to disclose it or if legal obligations necessitate such disclosure. This includes situations like:

  • If you use the POP ‘single sign-on’ to access services from a service provider. We will share your email address only.
  • When a court order or another legally binding requirement has been issued for information concerning your Portal usage. To ensure the security of the Portal.
  • To safeguard the well-being or safety of individuals.

In each instance we will share the minimum amount of personal information required for the purpose.

POP Service Providers

We engage service providers to assist in delivering and supporting the Portal. There are several service providers who provide pain management, mental health and substance use support services accessible through the Portal.

Mental Health and Substance Use Support Providers

The Portal provides access to self-guided tools, peer-to-peer support and coaching, and one-to-one counselling to provide pain management, promote and support mental health and substance use. The Portal is not a health care provider. While some of the entities offering self-guided tools, peer-to-peer support, coaching, and counseling via the Portal might need to gather and utilize your personal information for service provision, it's not universal. For instance, certain providers might necessitate you to create an account on their website, while other services such as coaching, counseling, and crisis support could require more comprehensive information sharing about yourself.

Upon utilizing any of these providers, you establish a direct connection with the respective provider. These providers are responsible for the personal information they gather from you, and your utilization of their services is subject to the terms of use and privacy policies outlined by those providers. Neither the Portal nor the OHRI will disclose any additional personal information to the service providers available through the POP site.

Ottawa Hospital Research Institute ("OHRI")

OHRI provides the technology that powers the Portal. OHRI collects, manages, and protects personal information of Portal users on behalf of POP, and OHRI is only legally authorized to process your personal information as authorized herein and as required to operate the Portal.

OHRI has established agreements with specific technology-oriented service providers who might handle personal information on behalf of TOH to facilitate the Portal's delivery. These service providers are granted access only to the minimum essential information required exclusively for executing their assigned tasks. They are not permitted to utilize or expose personal information for their own marketing or any alternative motives. As an illustration, OHRI might engage service providers to host the Portal, manage specific Portal functionalities, transmit emails or other forms of communication, and oversee data management and analysis.

Single Sign On Providers

Certain providers, such as Thinkific, Pain+, may allow you to log on to their website using your Portal log on credentials to provide for a simpler, “single sign-on” experience. If you choose to use your Portal log on credentials to access those sites, The Portal will share your email address with the provider. The Portal does not share any other personal information with any of the service providers accessible through the Portal.

Other Service Providers

The Portal uses other service providers who may also require access to your personal information. These providers may assist with such things as conducting surveys and research on how the Portal is used, communicating with Portal users, and providing guidance on how to improve the services.

Analytics and Other Technologies

Web log files, analytics tools, web beacons and similar technologies are used to deliver the Portal, remember user preferences and obtain information about how the Portal is used.

Web Log Files

Log files are automatically created logs that document every instance of visiting the Website. These logs are harnessed to analyze trends on the website and to recognize and address any problems that may arise. Log files encompass the subsequent details:

  • The user’s operating system (example: AOSP, iOS 16),
  • IP address,
  • The date and time,
  • Duration of time for each website visit,
  • The pages and documents accessed, and
  • Previous site accessed (for example, the search engine that referred the user to the Website).
Analytics Tools

We use of analytics software, which entails the utilization of specialized programs to discern patterns, enhance the Website's quality, and address potential technical complications. Among the array of tools we deploy, you can find Google Analytics and Microsoft Clarity. These tools serve the purpose of offering insights into the utilization patterns of the Website, aiding us in refining its performance. These tools share common technologies for collecting specific data, outlined below:

  • IP address,
  • Device or browser type, and
  • Activity on the Website such as click rates, dead clicks, quick backs and bounce rates

This information is used to present statistical information regarding user engagement with the Website. about how users interact with the Website. The instruments enable us to generate reports and detect patterns. It's important to note that we don't utilize this information to personally identify you.

Find out more information about analytic tools at the links below.

We may run ads on services such as Facebook and additional social media platforms in order to expose the application to more people. By clicking on the ads within the social media platforms, you will be bound by their privacy policies. The Portal does not share usage or personal information with these platforms once the user.

We use pixel tags, web beacons, clear GIFs or similar tools to operate or oversee specfiic pages of the Portal and HTML-formatted email communications. These tools do the following:

  • Track the actions of users and email recipients,
  • Measure the success, including reach, of advertising campaigns, and
  • Gather data on the usage of the the Website usage and the rates of response to email communications.


We use reasonable administrative, technical and physical safeguards to protect personal information against theft, loss, and unauthorized access, use, modification and disclosure. These measures align with our institutional policies. Our safeguard measure include:

  • Data is encrypted at rest and in transit with at least AES 256-bit encryption. Transport Layer Security (TLS) 1.2 or higher is used for information transmitted over the internet;
  • Employees are granted access to data based on necessity and their access is both tracked and limited; and
  • We utilize network surveillance and intrusion detection mechanisms to deter unauthorized entry into systems containing personal information.

Notwithstanding our efforts, complete elimination of security risks isn't possible. To enhance the security of your personal information, please consider taking the subsequent precautions: Install the latest security updates and anti-virus software on your device to help prevent malware and viruses;

  • Make sure your browser is up to date;
  • Use complex passwords to lock your device and mobile applications;
  • Do not use the same password for multiple sites; and
  • Never share your password with others

In case there is a privacy or security breach, we will address the breach in accordance with our internal procedures and we will inform you of such breach as required under Ontario law.

Data Retention

We will store your personal information solely for the duration needed to accomplish the intended objectives of its collection, and as necessary to adhere to relevant laws. Once we no longer need your personal information, we will take appropriate measures to securely erase and irreversibly remove all electronic and physical records of such information from our systems, conforming to industry standards. Nevertheless, if your information has been shared with third parties for the aforementioned purposes, they might retain the data in alignment with their individual retention policies.If your personal information is used in an REB-approved research project, then your personal information will be kept for the retention period required by the REB.

Storage of Personal Information

The majority of the data managed on the Portal is securely stored on servers located in Canada, which are supplied by Amazon Web Services (AWS). Most of your personal information, which encompasses your profile and self-assessment outcomes, is kept within Canada. Nevertheless, certain service providers involved in offering the Portal may process specific personal information outside of Canada. It's crucial to emphasize that information regarding your pain, ability, mental health and personal well-being status will never be included in this data processed outside Canada. Due to this arrangement, your personal information could be subjected to the regulations of those particular jurisdictions. Moreover, authorities such as courts, law enforcement, and national security entities in those jurisdictions might have access to your information without prior notification to you.

Accessing Your Personal Information

The majority of the personal information pertaining to you is accessible through your Portal account on the Website. You possess the capability to modify this personal information within your account. In the event that you suspect we hold personal information not visible within your account and wish to obtain access or rectify such details, kindly get in touch with the POP Personnel for assistance. POP Personnel for assistance.

Deleting Your Account

You can delete your Portal account at any time. To delete your account please contact the POP Personnel.

Personal information might be requested to confirm your identity prior to account deletion.We are committed to ensuring the complete and secure destruction of all electronic and physical records of your information. This involves the permanent removal of your personal data from our active systems at the earliest opportunity. Additionally, any backup copies of your personal information will be expunged within 90 days, following our retention protocols

On occasion, we are bound by legal mandates that require us to keep your personal information, for instance, if your personal information has been previously used in an REB-approved study. In such scenarios, we retain your personal data only for the duration it is required. It's essential to emphasize that the Portal does not oversee any personal information gathered by providers offering pain management, mental health, or substance use services. If you wish to erase all your information, you will need to establish contact with each individual service provider you have engaged with.

Changes to this Privacy Policy

We may update this Privacy Policy at any time. We will notify you by email of any material updates.

For Further Information

If you have any complaints or questions about this Privacy Policy or our personal information handling practices, please contact the POP Personnel.