Privacy Policy
Effective Date: December 10, 2025
Last Updated: December 23, 2025
Operated by: Strong Ventures Inc. ("we", "us", "our")
Privacy Policy v1.0
At a Glance
- What we collect: Contact info (email/phone for alerts), postal code/FSA, call metadata (timestamp, outcome), clinic configuration
- What we don't collect: OHIP numbers, diagnoses, medical records, clinical notes, treatment information
- Do we sell data? No. We never sell, rent, or trade personal information.
- Do we access medical records? No. ClinicHub is designed to operate without collecting personal health information.
- Contact: Use the Contact Us form on our website for privacy inquiries.
ClinicHub is committed to protecting the privacy of clinics, callers, and visitors who interact with our services. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By using the ClinicHub website or Services, you consent to the practices described in this Policy.
1. Overview
ClinicHub provides a call-triage and routing system that:
- Answers clinic phone lines with a clinic-branded greeting
- Asks callers one simple triage question
- Routes regular calls to the clinic's existing reception or auto-attendant
- Guides new-patient callers to clinics with availability when the original clinic is not accepting
ClinicHub does not provide medical advice, diagnosis, or treatment. Our privacy practices are designed to minimize the handling of personal health information.
2. Information from Patients & Visitors
This section applies to patients, prospective patients, callers, and website visitors.
2.1 Website Use
When you visit our website, we may collect:
- Browser type, device type, and operating system
- Pages viewed, session duration, and general usage analytics
- IP address for security and operational purposes
We do not use cookies or tracking technologies for advertising.
2.2 SMS Guidance & Alerts
If you sign up for intake alerts or receive SMS guidance after calling a clinic, we collect:
- Phone number (to send notifications)
- Postal code/FSA (to match you with nearby clinics)
- Notification preferences
You can unsubscribe from alerts at any time by replying STOP or updating your preferences.
2.3 Call Interactions
When you call a ClinicHub-supported phone number, we may collect:
- Caller phone number (as provided by telephony carriers)
- Call metadata: time, duration, routing outcome
- Answers to the triage question (e.g., "new patient" vs. "existing patient")
- Postal code/FSA if requested by clinic intake rules
We do not collect: clinical records, diagnoses, treatment details, OHIP numbers, or medical histories.
3. Information from Clinics
This section applies to clinics, healthcare organizations, and their authorized representatives.
3.1 Clinic Onboarding
Clinics provide:
- Clinic name, address, and contact information
- Phone number for call forwarding
- Authorized user accounts (email, password)
- Billing information (if applicable)
3.2 Intake Status & Configuration
Clinics configure:
- Current intake status (accepting/not accepting)
- Patient-type rules (e.g., seniors only, families welcome)
- FSA-based geographic rules
- Custom greeting preferences
- Call routing preferences
This information is used solely to perform call triage and routing according to clinic instructions.
4. Data Categories We Collect
To be explicit about what we do and don't collect:
What We Collect
- Contact information: email, phone number (for alerts and notifications)
- Location: postal code/FSA (for geographic matching)
- Call metadata: timestamp, call outcome, status selection
- Clinic configuration: intake rules, greeting preferences, routing settings
- Account information: email, hashed password for clinic users
What We Do NOT Collect
- OHIP numbers or health card information
- Medical diagnoses or conditions
- Clinical notes or treatment information
- Prescription or medication data
- Lab results or medical imaging
- Any information from EMR/EHR systems
5. How We Use Information
Information is used for the following purposes:
- Operating the call-triage and routing system
- Applying clinic intake rules
- Guiding new-patient callers to clinics with availability
- Sending intake status alerts to subscribed patients
- Maintaining service reliability, security, and performance
- Improving user experience on the website
- Responding to inquiries submitted via the Contact Us form
We do not sell, rent, or trade personal information.
6. How We Share Information
6.1 With Clinics
We may share limited caller information with the clinic the caller attempted to reach:
- Caller phone number
- Call type (regular call vs. new-patient inquiry)
- Relevant intake-routing information
6.2 With Clinics Accepting New Patients
If a caller requests help finding a doctor and the original clinic is not accepting, ClinicHub may forward the caller to another participating clinic. This involves sharing only minimal routing information required for the call transfer.
6.3 Legal Requirements
We may disclose information where required by law, court order, or regulatory authority.
7. Legal & Regulatory (Canada)
7.1 PIPEDA
As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private-sector organizations collect, use, and disclose personal information.
7.2 PHIPA
Ontario's Personal Health Information Protection Act (PHIPA) applies to "health information custodians" who collect personal health information (PHI).
ClinicHub is designed to operate without collecting personal health information. We do not access medical records, diagnoses, treatment information, or OHIP numbers. We are not a health information custodian under PHIPA.
However, we voluntarily align our practices with PHIPA principles:
- Data Minimization: We collect only what is necessary
- Purpose Limitation: Information is used solely for patient-clinic matching and notifications
- Consent: Users provide explicit consent for how their data will be used
- Access Rights: Users may request access to or deletion of their information
- Security Safeguards: We implement reasonable technical and administrative protections
8. Service Providers & Hosting
We use the following categories of service providers:
| Category | Purpose |
|---|---|
| Hosting/Infrastructure | Application hosting, database storage (Canadian data centres) |
| Telephony | Call routing, SMS delivery |
| Transactional email delivery | |
| Payment Processing | Subscription billing (PCI-compliant) |
| Analytics | Anonymous usage analytics |
| Error Logging | Application monitoring and debugging |
All service providers are bound by contractual obligations regarding data protection. We maintain a current list of subprocessors and will update this policy if significant changes occur.
Data Location: All primary data is stored in Canadian data centres. We do not transfer personal information outside of Canada except where necessary for specific service provider operations (e.g., global CDN edge caching of public assets).
9. Data Retention & Deletion
Retention Periods
- Call metadata: Retained for 24 months for operational auditing and service improvement
- Patient alert subscriptions: Retained until unsubscribed or account deleted
- Clinic accounts: Retained while account is active plus 12 months after closure
- Contact form submissions: Retained for 12 months
Deletion Requests
Patients: To request deletion of your data, contact us through the Contact Us form. We will process requests within 30 days.
Clinics: To delete your clinic account, contact us through the Contact Us form. Upon account closure, we will delete clinic configuration data within 30 days. Anonymized aggregate data may be retained for analytics.
10. Security Controls
We implement appropriate technical, administrative, and physical safeguards:
- Encryption in Transit: All data transmitted using TLS/HTTPS
- Encryption at Rest: Sensitive data encrypted in database storage
- Password Security: Industry-standard bcrypt hashing (12 salt rounds)
- Access Controls: Role-based access, least privilege principle
- Session Management: Secure, HttpOnly, SameSite cookies
- Audit Logging: Security-relevant events logged and monitored
- Incident Response: Documented procedures for security incidents; affected users notified within 72 hours of confirmed breach
No system is 100% secure, and we cannot guarantee absolute protection.
11. Cookies & Analytics
Cookies We Use:
- Session cookies: Essential for login functionality (HttpOnly, Secure)
- Preference cookies: Remember theme preference (light/dark mode)
Analytics:
- We use privacy-focused analytics that do not track individual users across sites
- No advertising cookies or cross-site tracking
- IP addresses are anonymized in analytics
Opt-Out: You may disable cookies in your browser settings. Essential session cookies are required for logged-in functionality.
12. Your Rights & Choices
For Patients
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request removal of your data
- Unsubscribe: Reply STOP to any SMS or update preferences online
For Clinics
- Update intake status and configuration at any time via the dashboard
- Discontinue service by stopping call forwarding
- Request data export or deletion through the Contact Us form
13. Children's Privacy
ClinicHub does not knowingly collect personal information from children under 13. Call triage may involve callers of any age as part of normal clinic operations, but ClinicHub does not request or store sensitive personal data from children.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. The "Effective Date" and "Last Updated" dates will always reflect the current version. Material changes will be communicated via the ClinicHub website.
Continued use of the Services constitutes acceptance of the updated Policy.
15. Contact Us
For privacy-related inquiries, access requests, or deletion requests:
Contact Method: Contact Us form on the ClinicHub website
Corporate Entity: Strong Ventures Inc.
Location: Ontario, Canada
We aim to respond to all privacy inquiries within 30 days.