Privacy Policy

Medinote Technologies Inc. ("MediNote", "we", "us", or "our") is committed to protecting your privacy and the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telehealth platform and services.

Applicable Laws

We comply with all applicable Canadian privacy legislation, including:

• Personal Health Information Protection Act, 2004 (PHIPA) – Ontario's health privacy law governing the collection, use, and disclosure of personal health information by health information custodians.
• Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada's federal private sector privacy law.
• Provincial health information legislation – We comply with applicable provincial privacy laws in all provinces where we provide services.

Information We Collect

We collect the following categories of information:

Personal Identification Information

• Full name, date of birth, gender
• Email address, phone number, mailing address
• Provincial health card number (where applicable)
• Government-issued identification (for identity verification)

Personal Health Information (PHI)

• Medical history, current symptoms, and health conditions
• Medications, allergies, and immunizations
• Consultation notes, diagnoses, and treatment plans
• Prescriptions and referral information
• Medical certificates and documentation
• Secure chat messages with healthcare providers

Technical and Usage Information

• IP address, browser type, device information
• Pages visited, time spent on platform
• Appointment booking and scheduling data

Payment Information

• Payment card information (processed securely by Stripe – we do not store full card numbers)
• Billing address and transaction history

How We Use Your Information

We use your information for the following purposes:

Providing Healthcare Services

• Facilitating telehealth consultations with licensed healthcare providers
• Generating medical documents such as sick notes, prescriptions, and referrals
• Maintaining your electronic health record within our platform
• Communicating with you about your care through secure messaging

Platform Operations

• Processing payments and issuing receipts
• Sending appointment reminders and confirmations
• Responding to your inquiries and support requests
• Improving our services and user experience

Legal and Regulatory Compliance

• Complying with healthcare regulations and professional standards
• Responding to lawful requests from regulatory bodies
• Fulfilling mandatory public health reporting requirements

Use of Artificial Intelligence

MediNote uses AI-assisted technology to help gather and organize your health information during the intake process. This technology helps structure your symptoms and medical history for physician review.

• AI is used during intake to organize your symptoms and medical history
• All clinical decisions, diagnoses, and medical documentation are made by a licensed human physician who independently reviews your information
• AI is not used to make diagnostic, treatment, or prescribing decisions
• You may request a fully human-conducted intake by contacting support before your appointment

Our use of AI is subject to the same privacy protections described throughout this policy. AI-processed data is not shared with third parties for training or model improvement purposes.

Disclosure of Your Information

We may disclose your personal health information in the following circumstances:

• With your consent – To other healthcare providers, pharmacies, or third parties as you direct.
• For treatment purposes – To specialists, laboratories, or other healthcare providers involved in your care.
• To pharmacies – To fulfill prescriptions prescribed during your consultation.
• Service providers – To trusted third-party vendors who assist in operating our platform (e.g., Stripe for payments, secure cloud hosting providers), bound by confidentiality agreements.
• Legal requirements – When required by law, court order, or to comply with mandatory reporting obligations (e.g., public health reporting, child protection).
• Emergency situations – To prevent or reduce risk of serious harm to you or others.

We will never sell your personal health information to third parties for marketing purposes.

For detailed information about how our third-party service providers handle personal health information, including vendor compliance certifications and data residency details, please review our Vendor Privacy Compliance page.

Data Security

We implement comprehensive technical and organizational measures to protect your information:

• Encryption – All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access controls – Role-based access ensuring only authorized personnel can view your information
• Secure authentication – Strong password requirements and session management
• Audit logging – Complete logs of all access to your health information
• Secure hosting – Data stored on SOC 2 Type II certified infrastructure
• Regular security assessments – Ongoing vulnerability scanning and security reviews

Your Rights

Under PHIPA and PIPEDA, you have the following rights:

• Access – Request a copy of your personal health information
• Correction – Request corrections to inaccurate information in your record
• Withdrawal of consent – Withdraw consent for certain uses of your information (subject to legal limitations)
• Complaints – File a complaint with the Information and Privacy Commissioner of Ontario or the Office of the Privacy Commissioner of Canada
• Accounting of disclosures – Request a record of who has accessed your information

To exercise these rights, contact our Privacy Officer at privacy@medinote.ca.

Data Retention

We retain your personal health information in accordance with applicable laws and professional standards:

• Medical records are retained for a minimum of 10 years from the date of last entry, or 10 years after the patient reaches age 18 (whichever is longer), as required by the College of Physicians and Surgeons of Ontario.
• Payment records are retained for 7 years for tax and audit purposes.
• Account information is retained for as long as your account remains active.

Cookies and Tracking

We use essential cookies to operate our platform securely. These cookies are necessary for authentication, session management, and security features. We do not use tracking cookies for advertising purposes.

SMS Communications

With your explicit consent, MediNote may send you SMS (text) messages to the phone number you provide. These messages are used for healthcare-related purposes only.

Types of SMS Messages

When you opt in to SMS communications, you may receive:

• Appointment Reminders – Notifications 24 hours and 1 hour before your scheduled appointments
• Appointment Confirmations – Confirmation of new appointments and changes to existing appointments
• Care-Related Notifications – Important updates from your healthcare provider regarding your care
• Account Security – Authentication codes and security alerts (if enabled)

Consent and Opt-Out

• SMS consent is optional and collected during registration or in your account settings. You must affirmatively check the SMS consent box to receive text messages. –
• You can opt out of SMS messages at any time by:
  • Replying STOP to any SMS message you receive
  • Updating your preferences in your account settings
  • Contacting us at support@medinote.ca
• Reply HELP to any SMS message to receive support information –

Message Frequency and Costs

• Message frequency varies based on your appointment schedule and healthcare needs
• Standard message and data rates from your mobile carrier may apply
• MediNote does not charge for sending SMS messages

Carrier Compliance

Our SMS services are provided in compliance with applicable telecommunications regulations and carrier requirements. We use Twilio as our SMS service provider. Carriers are not liable for delayed or undelivered messages.

Privacy of SMS Data

Your phone number and SMS consent status are stored securely. We do not share your phone number with third parties for marketing purposes. SMS message logs are retained for operational and compliance purposes in accordance with our data retention policies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email notification. Your continued use of our services after such changes constitutes acceptance of the updated policy.