Privacy Policy
Effective Date: September 23, 2025
Last Updated: September 23, 2025
OperIQ ("we", "our", or "us") is committed to protecting your privacy and safeguarding your personal health information (PHI). This Privacy Policy explains how we collect, use, disclose, and protect the health and personal information you provide when you use our services.
We are governed by the Personal Health Information Protection Act (PHIPA) in Ontario and PIPEDA at the federal level.
1. What Information We Collect
We may collect the following types of personal and health information:
- Identifying Information: full name, contact information, date of birth, address, health card number
- Health Information: symptoms, health history, prescriptions, referrals, appointment details, medical conditions, allergies
- AI Agent Interactions: conversational data from your interactions with our AI booking agent, including questions asked, responses provided, and booking preferences
- EMR Integration Data: provider schedules, existing patient records, appointment histories, and clinical notes accessed from your healthcare provider's Electronic Medical Record (EMR) system
- Technical Information: IP address, device type, browser, usage patterns (via cookies or analytics)
- Communication Records: chat transcripts with AI agent, appointment notes, messages sent via our platform
2. How and Why We Use Your Information
We use your information to:
- Provide healthcare-related services, including intake and appointment booking
- Communicate with you and your healthcare provider
- Maintain accurate and complete health records
- Comply with applicable health regulations and professional obligations
- Improve our services and user experience
- Prevent fraud and ensure platform security
Use of AI Agent Technology: Our AI-powered booking agent interacts directly with patients to facilitate appointment scheduling. The AI agent:
- Engages in conversational interactions to understand your scheduling needs and preferences
- Accesses your healthcare provider's EMR system to check provider availability, existing appointments, and relevant patient information
- Analyzes your responses to suggest appropriate appointment types, times, and providers
- Processes natural language inputs to extract relevant booking criteria
- Maintains context throughout the conversation to provide personalized assistance
Cross-Border Data Processing Notice
Important: Our AI booking agent operates from Canadian servers and does not store any patient information. However, to provide intelligent responses, your conversational inputs and information retrieved from your healthcare provider's EMR system are sent to AI language processing services located in the United States for real-time analysis. No personal health information is stored on these remote AI processing servers - data is processed in real-time and immediately discarded after generating responses. All patient information remains stored exclusively within your healthcare provider's EMR system.
All AI agent recommendations and actions are logged on Canadian servers and remain subject to verification by healthcare providers and clinic staff. The AI agent operates under strict protocols designed to protect patient privacy and maintain clinical accuracy. The AI agent itself does not store any patient information - all patient data remains within your clinic's EMR system.
3. Consent and Your Rights
We collect, use, and disclose your information only with your knowledge and informed consent, except where permitted or required by law.
By using our services, you acknowledge and consent to:
- Interacting with our AI booking agent, which will process and analyze your conversational inputs
- The AI agent accessing relevant information from your healthcare provider's EMR system to facilitate appointment booking
- Cross-border processing of your health information by AI services located in the United States, with the understanding that data is encrypted in transit and not stored on remote servers
- The processing of your health information by AI systems to provide personalized scheduling recommendations
- The retention of conversation logs (without personal health information) within Canada for quality assurance and service improvement
These AI tools are used solely to enhance service quality, efficiency, and patient experience while maintaining strict privacy and security standards.
Under PHIPA and PIPEDA, you have the right to:
- Access and request corrections to your personal health records
- Withdraw your consent (subject to legal exceptions)
- Be informed of how your information is used
- File a complaint with the Information and Privacy Commissioner of Ontario (IPC)
You can exercise these rights by contacting us (see contact info below).
4. Disclosure of Your Information
We may disclose your PHI:
- To healthcare providers involved in your care
- To authorized clinic staff and administrative personnel
- To your healthcare provider's EMR system for the purpose of appointment scheduling and patient record management
- To AI service providers located in the United States for real-time processing only (data is encrypted in transit and not stored on their servers)
- To cloud infrastructure partners under strict confidentiality agreements and data processing addendums
- To third-party service providers (e.g., cloud hosting, communication tools) under strict confidentiality agreements
- When required by law (e.g., court order, public health reporting)
We do not sell or share your health information for marketing purposes.
5. Storage and Security
Your personal health information is stored exclusively within your healthcare provider's EMR system. OperIQ's AI agent operates from Canadian servers and does not store patient information. For AI processing functionality, data is temporarily transmitted to AI language processing services in the United States for real-time analysis, but is never stored there. We follow industry best practices and comply with health information security standards, including:
- End-to-end encryption for all cross-border AI processing - data is encrypted before transmission to US-based AI services and decrypted only after return to Canadian servers
- Data encryption (in transit and at rest) for all stored information within Canada
- Role-based access controls with multi-factor authentication
- Comprehensive audit logs of all AI agent interactions and EMR data access, maintained on Canadian servers (logs contain interaction metadata but not personal health information)
- Regular security testing, penetration testing, and monitoring
- Secure API integrations with EMR systems using industry-standard protocols
- Isolated processing environments for AI operations with restricted data access
- Real-time processing protocols ensuring no PHI persistence on US servers
Data Retention: OperIQ does not retain personal health information. All patient data remains within your healthcare provider's EMR system according to their retention policies. We retain only non-identifying system logs and interaction metadata as needed for service operation and improvement.
6. Children's Privacy
Our services are intended for use by individuals 16 years of age and older. For minors under that age, consent must be provided by a parent or legal guardian.
7. Use of Cookies and Analytics
We use cookies and limited analytics to improve the performance and usability of our services. These do not collect identifiable health data. You can manage your preferences via your browser settings.
8. Changes to This Policy
We may update this Privacy Policy periodically. The "Last Updated" date reflects the most recent changes. Continued use of our services after changes means you accept the updated policy.
9. Contact Information
For questions, requests, or complaints related to your personal health information, contact:
OperIQ
Email: support@operiq.ai
If you are not satisfied with our response, you have the right to contact the Information and Privacy Commissioner of Ontario at https://www.ipc.on.ca.