MoCA Solo Privacy Policy (U.S.) 

Effective Date: October 7, 2025 

1. Purpose and Scope 

This Privacy Policy describes how MoCA Test Inc., doing business as MoCA Cognition ("we," "our," or "us"), collects, uses, and protects information processed through the MoCA Solo mobile application ("App"). 

MoCA Solo is an investigational digital cognitive assessment tool used only within an Institutional Review Board (IRB)–approved clinical validation study conducted in the United States. It is not a commercially available medical device and is not intended for clinical diagnosis, treatment, or direct-to-consumer use. 

2. Definitions 

For purposes of this Policy: 

• "Personal data" means information that can identify an individual directly or indirectly, including coded data when linked to a study participant. 
• "De-identified data" means data that have been processed so that they can no longer be linked to a specific individual. 
• "Processing" means any operation performed on data, including collection, storage, analysis, or deletion. 

3. Information We Collect 

When a study participant uses the App, the following categories of information are collected for research purposes: 

• Study and Participant Identifiers: A coded Study ID and Participant ID assigned by the study team. The App does not collect names, emails, or other direct identifiers. 
• Audio Recordings: Voice responses captured during the test to enable automated speech recognition and scoring. 
• Drawings: Visual responses drawn on-screen as part of the assessment. 
• Test Responses and Scores: Answers and automatically generated cognitive performance scores. 
• Device and Technical Data: Device model, operating system, app version, and basic network logs. Although an IP address may be recorded automatically, all tablet devices used in this study are owned and managed by MoCA Cognition and not linked to participant accounts or personal networks. 

4. How We Use the Information 

We process collected data only for legitimate research and operational purposes, including to: 

• Conduct and analyze the clinical validation of the MoCA Solo tool 
• Enable automated scoring of responses through AI-based voice and image recognition algorithms 
• Monitor App performance, quality, and security 
• Produce aggregated and de-identified research data for scientific and regulatory reporting 

Participants do not receive individual MoCA results through the App. 

5. Use of Artificial Intelligence and De-Identification 

Audio recordings and drawings are processed automatically by secure AI-based algorithms for scoring purposes. We do not use identifiable participant data to train AI models. Any data used for model improvement or research are first de-identified or aggregated so that individuals cannot be identified. 

6. Data Sharing 

We may share data only as follows: 

• With the Study Sponsor and Authorized Personnel: Data are securely transmitted to the study sponsor, MoCA Cognition, and authorized individuals involved in the conduct or oversight of the study, under the IRB-approved protocol and participant consent. 
• With Contract Research Organizations (CROs) and Service Providers: We engage specialized vendors and research partners, including Contract Research Organizations, to support secure data hosting, processing, statistical analysis, and system maintenance. These parties act solely on behalf of MoCA Test Inc. under written agreements requiring confidentiality, limited use, and compliance with applicable research and privacy regulations. 
• No Sale or Marketing Use: We do not sell, rent, or use any participant data for advertising, marketing, or analytics. 

7. HIPAA and Research Compliance 

Where the study involves healthcare institutions or covered entities, data handling complies with the Health Insurance Portability and Accountability Act (HIPAA) and applicable data use or business associate agreements. All participants are enrolled under IRB-approved informed consent procedures, which specify how data will be used and protected. 

8. Data Retention and Deletion 

The data collected through the App are coded and do not contain direct identifiers. Following completion of the study, the coded data set may be retained for analysis and regulatory documentation. If all links to participant identities are permanently removed, the data will be considered de-identified. Backup and technical logs are periodically purged, and any remaining data are maintained only in aggregated or non-identifiable form. 

9. Security Measures 

We apply industry-standard administrative, technical, and physical safeguards to protect data, including: 

• Encryption in transit (TLS/HTTPS) and at rest (AES-256 or equivalent) 
• Secure authentication and access controls 
• Role-based access for authorized study personnel only 
• Continuous monitoring, audit logging, and device management for MoCA-supplied tablets 

While no system is perfectly secure, these measures are designed to minimize the risk of unauthorized access, alteration, or loss. 

10. Participant Eligibility 

MoCA Solo is used exclusively by adult participants enrolled in the clinical validation study. 

Children and minors are not eligible to participate. The App is not intended for, directed to, or available to the general public. 

11. Participant Rights and Requests 

Because the App processes coded data without direct identifiers, MoCA Cognition cannot identify or respond to individual participants directly. Participants who wish to access, correct, or delete their information should contact their study coordinator or principal investigator, as described in the study’s consent form. Requests will be addressed within 30 days where possible and in accordance with research and data integrity requirements. 

12. Data Location and Jurisdiction 

Although the study is conducted in the United States, data may be stored or processed by service providers located in the U.S. or other jurisdictions with comparable privacy and security safeguards. All service providers are contractually bound to maintain data protection standards consistent with applicable U.S. privacy and research laws. 

13. Changes to This Policy 

We may update this Privacy Policy from time to time. The “Effective Date” above reflects the most recent version. Material changes will be communicated to study sponsors or sites prior to implementation. 

14. Contact Us 

MoCA Test Inc. / MoCA Cognition 

4896, Taschereau boulevard, suite 230 

Greenfield Park, Quebec, J4V 2J2 

Canada 

Email: privacy@mocacognition.com 

Website: www.mocacognition.com