Privacy Policy

Privacy Policy

Your privacy is fundamental to everything we build. This policy explains how we collect, use, and protect your personal and health information.

Last updated: April 2026

Minimal Collection

We only collect what is necessary to provide and improve our services.

Encrypted by Default

All data is encrypted at rest and in transit using industry-standard AES-256 encryption.

Consent-Driven

You control who accesses your data. We never share without your explicit consent.

Data Residency

Your data stays in your region. Canadian data in Canada, US data in the US, EU data in the EU.

1

Information We Collect

We collect information you provide directly to us, information generated through your use of our services, and limited information from third-party sources when you authorize integrations.

  • Account information: name, email address, professional credentials, and practice details
  • Health records: clinical notes, treatment plans, medications, and diagnostic data entered by authorized practitioners
  • Usage data: how you interact with the platform, features used, and session duration
  • Device information: browser type, IP address, and operating system for security and troubleshooting
2

How We Use Your Information

We use the information we collect to provide, maintain, and improve our healthcare collaboration platform, and to comply with applicable healthcare regulations.

  • Providing core services: facilitating practitioner-patient connections, managing health records, and enabling collaborative care
  • Safety and compliance: monitoring for unauthorized access, ensuring HIPAA/PIPEDA/GDPR compliance, and maintaining audit trails
  • Product improvement: analyzing aggregated, de-identified usage patterns to improve platform features and performance
  • Communications: sending service notifications, security alerts, and updates you have opted into
3

How We Share Your Information

We do not sell your personal information. We do not share your health data for advertising purposes. Information is only shared in the following limited circumstances:

  • With your consent: health records are shared between practitioners only when patients grant explicit, revocable consent
  • Service providers: trusted third parties who help us operate the platform (hosting, analytics) under strict contractual obligations
  • Legal requirements: when required by law, court order, or to protect the safety of our users
  • Emergency access: break-glass protocols for medical emergencies, with full audit logging and patient notification
4

Data Storage and Security

We implement rigorous security measures to protect your data, meeting or exceeding requirements set by healthcare regulations worldwide.

  • AES-256 encryption at rest and TLS 1.3 in transit for all data
  • Regional data centers: Canadian data stored in AWS Canada (ca-central-1), US data in AWS US, EU data in AWS EU
  • Regular penetration testing, vulnerability assessments, and SOC 2 Type II audited infrastructure
  • Automated backups with point-in-time recovery and disaster recovery across multiple availability zones
5

Your Rights

Depending on your jurisdiction, you have specific rights regarding your personal data. We honor these rights regardless of where you are located.

  • Access and portability: request a copy of all personal data we hold about you in a machine-readable format
  • Correction: request that we correct inaccurate or incomplete personal information
  • Deletion: request deletion of your personal data, subject to legal retention requirements for health records
  • Consent withdrawal: revoke consent for data sharing at any time through your account settings
6

Cookies and Tracking

We use a minimal set of cookies necessary for the platform to function. We do not use advertising cookies or sell cookie data to third parties.

  • Essential cookies: authentication tokens, session management, and security cookies required for the platform to operate
  • Preference cookies: your language selection and display preferences
  • Analytics: aggregated, anonymized usage data to understand how the platform is used (no personal identifiers)
  • We do not use third-party advertising trackers, social media pixels, or cross-site tracking cookies
7

Children's Privacy

Our platform is designed for use by healthcare practitioners and their patients. We take additional precautions with data belonging to minors.

  • Minor patient records require parental or guardian consent before being created or shared
  • Enhanced access controls apply to all records belonging to patients under 18
  • We comply with COPPA, PIPEDA, and other applicable regulations regarding children's data
  • Practitioners must verify guardian authorization before granting access to minor patient records
8

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through email or a prominent notice on our platform at least 30 days before they take effect.

  • Material changes will be communicated via email to all registered users
  • A summary of changes will be posted on our platform with the effective date
  • Continued use of the platform after changes take effect constitutes acceptance
  • Previous versions of this policy are available upon request

Questions About Your Privacy?

Our privacy team is here to help. Contact us with any questions about how we handle your data.

Contact Privacy Team