Back to Home

Privacy Policy

Last updated: April 13, 2026

1. Introduction

Simplify Health Inc. ("we", "us", "our") operates the Simplify Health dental referral management platform. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy legislation.

2. Accountability

We are responsible for all personal information under our control. Our Privacy Officer can be reached at privacy@simplifyhealth.ca.

3. Information We Collect

3.1 Patient Information

  • Full name, email address, phone number, date of birth
  • Dental referral documents (PDFs, images)
  • Treatment notes provided by the referring dentist

3.2 Dental Professional Information

  • Full name, email address, clinic/practice name
  • Organization affiliation

3.3 Communications

We collect SMS messages and email communications regarding referrals and appointment booking.

3.4 Security and Audit Logging

When you visit or use our services, our systems automatically collect certain metadata for security and auditing purposes, including:

  • IP address and browser type
  • Device identifiers
  • Login and sign-up timestamps
  • User ID associated with your account

This information is used to maintain the security of our platform, prevent unauthorized access or fraud, and ensure compliance with our legal audit obligations under Canadian privacy laws. Audit and security logs are retained for a period of 7 years (see Section 9) to facilitate breach investigations and system audits, after which they are securely deleted or anonymized.

By using our service, you provide implied consent for this collection as disclosed in this policy. You may withdraw consent at any time by contacting our Privacy Officer, subject to our legal retention obligations.

4. Purposes of Collection

  • Referral processing: Create and manage dental referrals
  • Patient records: Create records in NexHealth (HIPAA-compliant)
  • Communication: SMS and email notifications
  • AI extraction: Process documents using AI to extract contact information
  • Account management: Manage accounts and access

5. AI Processing Disclosure

We use AI technology powered by Groq (US-based) to process referral documents and email content. This involves transmitting personal information to servers in the United States. AI is used for:

  • Extracting patient names, emails, and phone numbers from documents
  • Processing SMS conversation content for appointment booking

6. Third-Party Service Providers

  • Supabase (US) — Database and authentication
  • NexHealth (US) — HIPAA-compliant patient records
  • Groq (US) — AI processing
  • Resend (US) — Email delivery
  • Twilio / Telnyx (US) — SMS messaging

7. Cross-Border Data Transfers

Personal information is stored on servers in the United States. We ensure contractual protections with service providers meet PIPEDA requirements for all cross-border transfers.

8. Consent

We obtain express consent before collecting, using, or disclosing personal information. Referring dental professionals confirm they have obtained patient consent before submitting referral information. Patients can withdraw consent at any time.

9. Data Retention

  • Referral records: 7 years after last activity
  • SMS/email communications: 2 years
  • Audit logs: 7 years
  • Referral documents: 7 years

10. Your Rights

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate data
  • Erasure: Request deletion (subject to legal retention)
  • Withdraw consent: Withdraw consent at any time
  • Complaint: File a complaint with our Privacy Officer or the OPC

Contact: privacy@simplifyhealth.ca

11. Safeguards

  • Encrypted data transmission (HTTPS/TLS)
  • Row-level database security
  • Authentication required for all data access
  • JWT-based session authentication
  • Webhook signature verification

12. Breach Notification

In the event of a breach creating a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA.

13. Contact

Simplify Health Inc. — Privacy Officer — privacy@simplifyhealth.ca

Office of the Privacy Commissioner of Canada: 1-800-282-1376 | www.priv.gc.ca