Legal

Privacy Policy

Effective date: May 22, 2026

About This Policy

Clinics Unlocked provides a secure software platform that medical clinics use to manage appointments, communications, records, and related services. This policy describes how we handle information, including the personal health information that we process on behalf of the clinics we serve.

Our Role

For the personal health information of patients, the clinic is the party legally responsible for that information under Ontario's Personal Health Information Protection Act, 2004 (PHIPA). Clinics Unlocked acts as a service provider and agent of each clinic, processing personal health information only as instructed by, and on the authority of, the clinic. We do not use patient personal health information for our own purposes, and we do not sell information.

Information We Process

On behalf of the clinics we serve, the platform processes patient information such as identifiers and demographics, clinical and appointment information, and communications. We also process limited information about clinic staff who use the platform, such as account and access details. For our own website and business operations, we may process basic contact and usage information.

Automated Phone (IVR) Services

Where a clinic uses our automated phone (IVR) service, the platform helps process simple appointment-related calls. The IVR is designed to minimize the information it handles. Where a caller is asked to enter the last four digits of a health card by keypad, those digits are not recorded and are not stored in the platform's records. The platform retains only an indication that the digits were provided. The phone service and its supporting technology are operated within Canada.

How We Protect Information

We use technical and administrative safeguards to protect the information we process, including:

Encryption of sensitive information in transit and at rest, using AES-256-GCM.
Signed, verified communication between platform components.
Role-based access control, multi-factor authentication, and separation of each clinic's data.
Virus scanning of uploaded files, monitoring, security alerting, and regular encrypted backups.
Hosting within Canada, in the AWS Canada (Central) region, under an AWS Business Associate Addendum.

Data Location

The personal health information processed by the platform is stored and processed within Canada.

Patient Rights

Patients have rights regarding their personal health information, including access and correction, under PHIPA. Because the clinic is responsible for patient information, patients should direct requests about their personal health information to their clinic. We support clinics in responding to such requests.

How to Contact Us

If you have questions about this policy or about how Clinics Unlocked handles information, please contact us:

Email: [email protected]

Patients with questions about their own personal health information should contact their clinic directly.

Changes to This Policy

We may update this policy from time to time. The effective date above shows when it was last updated.

Clinics Unlocked, Canada. Hosted in Canada (AWS ca-central-1). PHIPA compliant.