Privacy Policy

AI AIMED Inc. ("AIMED," "we," "our," or "us") builds and operates a voice-powered AI documentation and translation platform for home care organizations. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform or visit our website at ai-med.ca. It applies to home care companies, care providers, and anyone else who interacts with AIMED.

Because our platform handles health-related information, we are committed to responsible data practices and transparency. Please read this policy carefully.

1. What AIMED Does

AIMED allows care providers to capture voice during home visits. Our platform transcribes those recordings and produces structured clinical charting notes, which the provider reviews and confirms before they are finalized. We also support language translation to help providers and patients communicate more clearly.

This workflow involves health information, so AIMED is designed to support compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the U.S. Health Insurance Portability and Accountability Act (HIPAA), subject to your organization's configuration and internal policies.

2. Information We Collect

We automatically collect limited technical data to keep the platform running reliably:

• Device type, operating system, and browser
• IP address and general location (country or region)
• Session duration, feature interactions, and error logs
• Access timestamps and audit trail events

3. How We Use Your Information

• To operate, deliver, and improve the AIMED platform
• To transcribe voice recordings and generate structured clinical notes
• To provide language translation during care visits
• To authenticate users and enforce role-based access
• To maintain audit logs of platform access and activity
• To respond to support requests and onboarding communications
• To fulfill legal obligations and enforce our terms of service
• To conduct internal analytics using de-identified data only, subject to your organization's data agreement

We do not sell your personal information or clinical data to third parties, and we do not use patient health information for advertising.

4. How We Share Your Information

We share information only when necessary and in the following circumstances:

5. Data Security

We use multiple layers of protection to secure clinical and personal data:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data in transit
• Role-based access control so team members only see what is relevant to their role
• Immutable audit logs of all access and activity
• Voice recordings processed transiently and deleted after charting note generation
• Regular security assessments and vulnerability monitoring

No system is completely immune to risk. If a breach occurs that affects your information, we will notify impacted parties promptly in line with applicable regulations.

6. Regional Data Storage

Data is stored and processed within your organization's region. Canadian organizations have their data kept in Canada. U.S. organizations have their data kept in the United States. We do not transfer clinical or patient data across borders without explicit consent and appropriate data transfer agreements.

7. Data Retention and Deletion

• Voice recordings are deleted immediately after transcription and chart generation, unless your organization has opted into extended retention.
• Charting notes and clinical documentation are retained for the duration of your service agreement, then deleted or returned per your data agreement.
• Account information is retained while your account is active and for a reasonable period afterward to meet legal and contractual obligations.
• Audit logs are retained per your organization's policy and applicable regulatory requirements.

You may request deletion of your personal account data at any time by contacting us. Requests involving clinical documentation will be handled in coordination with your organization.

8. Compliance

AIMED is designed to support compliance with PIPEDA (Canada) and HIPAA (United States). Compliance is a shared responsibility:

• AIMED provides the technical infrastructure, security controls, and data handling practices described in this policy.
• Your organization is responsible for its own internal policies, staff training, and configuration choices within the platform.
• During onboarding, our team works with you to review your specific requirements and clearly document shared responsibilities.

For U.S. organizations subject to HIPAA, AIMED is prepared to enter into a Business Associate Agreement (BAA) during pilot onboarding.

9. Your Rights

Depending on your location, you may have the right to:

• Access a copy of the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information, subject to legal obligations
• Request that we limit how we use your information
• Receive a portable copy of your data in a structured format
• Object to certain types of processing, including analytics

To exercise any of these rights, email us at ahmed@ai-med.ca. We will respond within the timeframe required by applicable law, typically within 30 days.

10. Cookies and Tracking

Our website uses minimal cookies to keep the site functioning and to understand general usage patterns. We do not use advertising trackers or share visitor data with ad networks. You can disable cookies in your browser settings, though some parts of the site may not work as intended.

11. Changes to This Policy

We may update this Privacy Policy as our platform or regulations change. When we make meaningful changes, we will update the date at the top of this page and notify your organization where appropriate. Continued use of AIMED after updates take effect means you accept the revised policy.

12. Contact Us

If you have questions about this policy or your data, please reach out: