Privacy and Governance Policy

Effective date: January 2025
Last updated: January 2025

Questions about privacy? If you have questions about this policy or wish to exercise your privacy rights, contact us at info@medwork.life

At Medwork, a mAIvenX.com company, we take the protection of your personal information and Protected Health Information (PHI) seriously. This privacy policy describes how we collect personal information, the types of data we gather, why we use it, who can access it, and what security measures we apply to protect it. Finally, it informs you of your rights regarding your personal data.

This Policy applies to the services we offer and to our platform accessible through our web application and mobile applications (our "Platform"). However, we would like to draw your attention to the fact that the rights and obligations described in this Policy do not cover third-party websites that may be linked or mentioned on our Platform. These third-party websites have their own privacy policy, and we encourage you to read them carefully.

We ask you to read this Policy carefully to understand our policies and practices regarding the collection, processing, and storage of Personal Information, Protected Health Information (PHI), or any other information to provide us with your informed consent where applicable. If you do not consent to this Policy, you cannot use the Platform.

1. Personal Information

For the purposes of this Policy, "Personal Information" means any information concerning an identifiable person, including information that can be used alone or with other information to identify, contact, or locate a single person.

"Protected Health Information" (or PHI) is information about an individual that allows direct or indirect identification and is directly or indirectly related to their physical or mental health, including the patient's name, date of birth, medical history, medical treatments, medical test results, medication list, and any other health information. PHI may be found in medical records, healthcare professional treatment notes, consultations, and communications between the patient and healthcare professionals.

2. What Personal Information Do We Collect?

For Healthcare Professionals (Users)

  • Contact Information: Your name, first name, email address, postal address, and phone number
  • Professional Information: Your job title, profession, license number, practice location, clinic name, and specialty
  • Account Information: Your Platform login information, IP address, browser or device information
  • Usage Information: Technical information about your use of the Platform
  • Preferences: Your language preferences, EMR preferences, and other settings

For Patients

  • Voice Recordings: Audio recordings of medical consultations
  • Health Information: Health information contained in medical interviews (age, medical history, symptoms, medications, etc.)
  • Transcribed Text: Text transcriptions of audio recordings
  • Medical Notes: Structured medical notes (e.g., SOAP notes) generated from consultations

3. How Do We Collect Your Personal Information?

  • Directly from you when you register or use the Platform
  • With your consent, unless applicable law provides an exception
  • By a healthcare professional, with your consent, during consultations

4. Why Do We Collect Your Personal Information?

We collect your Personal Information to:

  • Provide you with the Platform and our services (recording, transcribing, and generating medical notes)
  • Administer our business and ensure Platform security
  • Provide you with necessary support and assistance
  • Conduct research to improve the Platform
  • Send you important updates and communications
  • Send you marketing and promotional communications (you can opt out at any time)

Marketing Communications: We may send you marketing communications about our services. You can opt out at any time by using the unsubscribe link in our emails or by contacting us. We will never use your health information for marketing purposes without your explicit consent.

5. Decisions Based Exclusively on Automated Processing

Our Platform uses artificial intelligence technologies to:

  • Record and transcribe consultations
  • Generate structured medical notes from transcriptions
  • Clean recordings (remove silences, hesitations, etc.)

You have the right to access, rectify, or contest these automated decisions by contacting us.

6. How Do We Share or Disclose Your Personal Information?

Under no circumstances do we sell the personal data of users or patients. We may share your information with:

  • Our employees (with limited access)
  • HIPAA-compliant service providers for cloud hosting and storage, Voice AI services, and AI LLM modules
  • Your organization, if applicable
  • When required by law or to protect legal rights
  • With your consent

Important: We transmit de-identified medical data to AI service providers. They do not have access to patients' or users' identifying data. The medical data is used exclusively to create clinical notes. No data is stored or used to train AI models by our partners.

7. Where Are Your Personal Information Hosted and Transferred?

Your Personal Information may be stored in regions other than your province, territory, or country of residence, including Canada, the United States, and other jurisdictions where our service providers operate. We implement appropriate technical, organizational, and legal measures to ensure your Personal Information is adequately protected.

8. How Long Do We Keep Your Personal Information?

  • Audio Recordings: Automatically deleted immediately after transcription
  • Transcripts and Medical Notes: Deleted after 24-48 hours (configurable in your settings), unless archived
  • User Account Information: Retained for as long as your account is active
  • Audit Logs: Retained for 7 years or as required by law

9. How Do We Protect Your Data?

We implement comprehensive security measures:

  • Encryption: Data in transit and at rest are encrypted (AES-256)
  • Secure Hosting: State-of-the-art security protocols
  • PHI-Zone Architecture: Secure processing of Protected Health Information
  • De-identification: All 18 HIPAA identifiers are removed from de-identified data
  • Access Controls: Strict access controls and authentication
  • Audit Logging: Comprehensive audit trails

We implement HIPAA-aligned security measures via our PHI-Zone architecture, which includes: De-identification (removes all 18 HIPAA identifiers), PII redaction , Data retention (24-48 hours) with the possibility for users to immediately delete data , encryption, and comprehensive audit logging. We also comply with PIPEDA (Canada) requirements and implement measures aligned with Law 25 (Quebec) privacy regulations.

HIPAA-Aligned Security Measures (United States)

HIPAA (Health Insurance Portability and Accountability Act) protects Protected Health Information (PHI) in the United States. We implement security measures designed to comply with HIPAA requirements, including:

  • Encryption of PHI at rest and in transit
  • Access controls and authentication
  • Audit logging of all PHI access
  • Business Associate Agreements with service providers
  • De-identification of PHI when appropriate
  • Breach notification within 60 days

PIPEDA Compliance (Canada)

PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada's federal privacy law. We comply with all PIPEDA requirements including:

  • Explicit consent for data collection and processing
  • Right to access, correct, and delete personal information
  • Right to withdraw consent at any time
  • Data export capabilities (available via Settings)
  • Breach notification "as soon as feasible"
  • Accountability through designated Privacy Officer

10. Minors

The Platform is only available for individuals aged 14 and over. Minors under 14 may only use the Platform with consent from their legal guardian. Minors are not allowed to create accounts with Medwork.

11. Billing

Billing is handled by a specialized third-party organization. We do not collect or store any financial data from our users. All payment information is processed directly by our billing provider according to PCI-DSS security standards.

12. Cookies

Our site uses cookies to enhance user experience and enable essential features. We use:

  • Strictly Necessary Cookies: Required for Platform operation
  • Functionality Cookies: Customize and improve user experience (with consent)
  • Performance Cookies: Analyze Platform usage (with consent)

You can manage your cookie preferences in your browser settings. Non-essential cookies are retained for a maximum of 13 months.

13. Your Rights

You have the right to:

  • Access: Request access to your Personal Information
  • Correction: Correct or update your Personal Information
  • Deletion: Request deletion of your Personal Information
  • Withdrawal of Consent: Withdraw your consent at any time
  • Data Portability: Request your data in a structured format
  • Refuse Services: Refuse the use of our services without affecting care quality
  • File a Complaint: File a complaint with us or the competent authority

14. How to Contact Us?

Privacy Officer
Medwork - A mAIvenX.com Company

Email: info@medwork.life
Location: United States of America

If you have any questions, comments, complaints, or wish to exercise your rights, please contact us using the information above.

15. Modifications and Updates to the Policy

Medwork may update, revise, modify, or supplement this Policy from time to time. If significant changes are made, you will be informed when you log in and/or we will send you a link to the new version. The "Last updated" date at the top of this Policy indicates when it was last revised. We encourage you to review this Policy periodically.