Privacy Policy

MediNote Telehealth Inc. ("MediNote", "we", "us", or "our") is committed to protecting your privacy and the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telehealth platform and services.

Applicable Laws

We comply with all applicable Canadian privacy legislation, including:

• Personal Health Information Protection Act, 2004 (PHIPA) – Ontario's health privacy law governing the collection, use, and disclosure of personal health information by health information custodians.
• Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada's federal private sector privacy law.
• Provincial health information legislation – We comply with applicable provincial privacy laws in all provinces where we provide services.

Where we provide services to patients in the United States or store data on US-based servers, we also comply with the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect

We collect the following categories of information:

Personal Identification Information

• Full name, date of birth, gender
• Email address, phone number, mailing address
• Provincial health card number (where applicable)
• Government-issued identification (for identity verification)

Personal Health Information (PHI)

• Medical history, current symptoms, and health conditions
• Medications, allergies, and immunizations
• Consultation notes, diagnoses, and treatment plans
• Prescriptions and referral information
• Medical certificates and documentation
• Secure chat messages with healthcare providers

Technical and Usage Information

• IP address, browser type, device information
• Pages visited, time spent on platform
• Appointment booking and scheduling data

Payment Information

• Payment card information (processed securely by Stripe – we do not store full card numbers)
• Billing address and transaction history

How We Use Your Information

We use your information for the following purposes:

Providing Healthcare Services

• Facilitating telehealth consultations with licensed healthcare providers
• Generating medical documents such as sick notes, prescriptions, and referrals
• Maintaining your electronic health record within our platform
• Communicating with you about your care through secure messaging

Platform Operations

• Processing payments and issuing receipts
• Sending appointment reminders and confirmations
• Responding to your inquiries and support requests
• Improving our services and user experience

Legal and Regulatory Compliance

• Complying with healthcare regulations and professional standards
• Responding to lawful requests from regulatory bodies
• Fulfilling mandatory public health reporting requirements

Disclosure of Your Information

We may disclose your personal health information in the following circumstances:

• With your consent – To other healthcare providers, pharmacies, or third parties as you direct.
• For treatment purposes – To specialists, laboratories, or other healthcare providers involved in your care.
• To pharmacies – To fulfill prescriptions prescribed during your consultation.
• Service providers – To trusted third-party vendors who assist in operating our platform (e.g., Stripe for payments, secure cloud hosting providers), bound by confidentiality agreements.
• Legal requirements – When required by law, court order, or to comply with mandatory reporting obligations (e.g., public health reporting, child protection).
• Emergency situations – To prevent or reduce risk of serious harm to you or others.

We will never sell your personal health information to third parties for marketing purposes.

Data Security

We implement comprehensive technical and organizational measures to protect your information:

• Encryption – All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access controls – Role-based access ensuring only authorized personnel can view your information
• Secure authentication – Strong password requirements and session management
• Audit logging – Complete logs of all access to your health information
• Secure hosting – Data stored on SOC 2 Type II certified infrastructure
• Regular security assessments – Ongoing vulnerability scanning and security reviews

Your Rights

Under PHIPA and PIPEDA, you have the following rights:

• Access – Request a copy of your personal health information
• Correction – Request corrections to inaccurate information in your record
• Withdrawal of consent – Withdraw consent for certain uses of your information (subject to legal limitations)
• Complaints – File a complaint with the Information and Privacy Commissioner of Ontario or the Office of the Privacy Commissioner of Canada
• Accounting of disclosures – Request a record of who has accessed your information

To exercise these rights, contact our Privacy Officer at [email protected].

Data Retention

We retain your personal health information in accordance with applicable laws and professional standards:

• Medical records are retained for a minimum of 10 years from the date of last entry, or 10 years after the patient reaches age 18 (whichever is longer), as required by the College of Physicians and Surgeons of Ontario.
• Payment records are retained for 7 years for tax and audit purposes.
• Account information is retained for as long as your account remains active.

Cookies and Tracking

We use essential cookies to operate our platform securely. These cookies are necessary for authentication, session management, and security features. We do not use tracking cookies for advertising purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email notification. Your continued use of our services after such changes constitutes acceptance of the updated policy.