1. Introduction

This Privacy Policy describes how we collect, use, and protect information within our medical scribe platform. Our services are designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial legislation, including Ontario’s Personal Health Information Protection Act (PHIPA).

By using our platform, you acknowledge that we act as a "service provider" or "health information network provider," processing data on behalf of healthcare professionals who remain the "health information custodians."

2. Information Collection

2.1. Information you provide to us

We collect information necessary to facilitate medical documentation and account management:

• Professional Data: Name, professional credentials, and clinic contact information.
• Audio Data: Temporary audio recordings of clinical encounters for the purpose of real-time transcription and summarization.
• Clinical Summaries: AI-generated drafts based on the audio provided during your sessions.

2.2. Automatic data collection

We collect limited technical data to ensure system stability and security, including IP addresses, browser types, and access timestamps. This data is used solely for audit logs and system performance monitoring.

3. Data Residency and Sovereignty

To comply with Canadian health privacy standards, all Personal Health Information (PHI) is processed and stored exclusively on servers located within Canada (via Azure Canada Central). No clinical data is transferred across international borders for processing.

4. How We Use Information

Information is used strictly to provide the medical scribe service. We do not use PHI to train our machine learning models or for any secondary marketing purposes.

4.1. Transcription and AI Processing

Audio data is processed through Azure AI Speech to generate text. This data is handled in an ephemeral manner—recordings are deleted immediately after the clinical note is generated and confirmed by the user.

5. Security Measures

We employ industry-standard administrative, technical, and physical safeguards. This includes end-to-end encryption for data in transit (TLS 1.2+) and encryption at rest (AES-256). Access to data is restricted to authorized personnel only for the purpose of technical support or legal compliance.

6. Data Shared with Third Parties

We do not sell or rent patient data. Data is only shared with essential sub-processors (e.g., Microsoft Azure Canada) required to deliver the service. These partners are contractually bound to maintain stringent privacy standards consistent with Canadian law.

7. Changes in the Privacy Policy

We may update this policy to reflect changes in our practices or legal obligations. Users will be notified of significant changes via the email address associated with their account.

8. How to Contact Us

If you have any questions regarding your data or our compliance with PIPEDA/PHIPA, please contact our Privacy Officer at support@listenmd.ai