Privacy & confidentiality

What we collect

Contact details (name, email, phone), eligibility answers, medical-intake information you provide, and — only after payment, when needed to prepare your filing — identity documents, health-card details, and your production-site information. We collect only what’s necessary to provide the service.

Why we collect it

To screen eligibility, arrange your consultation, prepare your Health Canada personal-production package, keep you informed, and meet legal and regulatory obligations. We do not sell your information, and we do not use it for advertising profiling.

Consent

We collect and use your information with your consent, which you give when you use the service and agree to the relevant disclosures. You can withdraw consent at any time, subject to legal limits and the effect that withdrawal may have on our ability to provide the service.

Where it’s stored — in Canada

Your data and documents are hosted in Canada (our database is in the Montréal region) and are encrypted in transit and at rest. We do not transfer your personal information outside Canada.

Your encrypted health vault

Your most sensitive structured information — health-card number, date of birth, contact details, and medical-intake answers — is encrypted field by field with AES-256-GCM before it is written, using a key stored outside the database (in our server environment), so those values are not held in readable form. Uploaded ID and health-card images have their GPS/EXIF metadata stripped so your location is never embedded, and are themselves encrypted with AES-256-GCM under our key before they are stored on Canadian infrastructure — they are only ever served back, decrypted, through an access-checked endpoint limited to you, an authorized administrator, or your assigned practitioner. Sign-ins and practitioner file-views are logged. We view your information only when it is needed to prepare your filing.

How we protect it

• Encryption in transit (HTTPS) and at rest, with sensitive fields (e.g. health-card number) encrypted at the field level.
• GPS/EXIF metadata stripped from uploaded photos so your location isn’t embedded in files.
• Uploads scanned for malware before storage, on infrastructure hosted in Canada.
• Access to your file is restricted to authorized staff and logged.

Who we share it with

Only as needed to deliver the service: the licensed practitioner for your consultation, and Health Canada on the filing you submit (you remain the applicant). We use service providers (e.g. hosting) bound by confidentiality and located in Canada. We do not sell or rent your data.

How long we keep it

We retain your information only as long as necessary for the service, for renewals, and to meet legal/record-keeping obligations, after which it is securely deleted or anonymized.

Your rights

Under Law 25 and PIPEDA you may request access to, and correction of, your personal information, withdraw consent, and request deletion where applicable. Contact our privacy officer through the site to exercise these rights; we respond within the timeframes the law requires.

Cookies

We use only the cookies needed to run the site and remember your session and language. We don’t use them for cross-site advertising.

Contact

Privacy questions or requests? Reach our privacy officer through the contact options on the site.