M2A DocAssist

Privacy Policy

Last updated: December 24, 2024

Version: 1.2

M2atech Solutions Inc. ("M2A DocAssist", "we", "our") is committed to protecting the privacy and confidentiality of personal information belonging to healthcare professionals and their patients.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial health privacy laws.

1. Organization & Privacy Officer

M2atech Solutions Inc.

Incorporated in New Brunswick, Canada

Privacy Officer: Abdoulaye Mohamed Ahmed

Email: contact@m2adoc.com

2. Information We Collect

2.1 Physician Information (Account Holders)

We collect the following information from healthcare professionals:

Name and professional title
Professional email address
Professional phone number (optional)
Medical license number
Medical specialty
Province of practice
Billing information (processed securely by a payment provider)

2.2 Patient Information

Collected and processed on behalf of the treating physician:

Name and date of birth
Health insurance number (e.g., RAMQ, OHIP)
Contact details (address, phone, optional email)
Audio recordings of consultations (with consent)
Transcriptions of consultations
AI-assisted SOAP medical notes
Relevant medical history entered by the physician

2.3 Technical Information

IP address (server security logs only)
Browser and device type
Session and usage metadata
Strictly necessary cookies (authentication, preferences)

3. How We Use Information

We use personal information for the following purposes:

Service delivery: transcription and AI-assisted documentation

Account management: authentication, support, billing

Security: fraud prevention, system integrity, audit logging

Legal compliance: PIPEDA, provincial health laws, tax obligations

4. Legal Basis for Processing (PIPEDA)

We process personal information based on:

Explicit consent (physicians and patients)
Performance of a service contract (Terms of Use)
Legal and professional obligations applicable to healthcare records

5. Data Sharing and Disclosure

5.1 No Sale of Data

We do not sell, rent, or trade personal information for advertising or marketing purposes.

5.2 Service Providers (Subprocessors)

We use trusted service providers to operate our platform, including providers for:

Application hosting and secure storage
Audio transcription
AI-assisted drafting of medical notes
Subscription billing and payments

Only the minimum information necessary is shared with each provider.

A current list of subprocessors is available upon request at contact@m2adoc.com

5.3 Legal Disclosure

We may disclose personal information if required by law (court order, subpoena, or lawful authority). When permitted, we will notify affected users.

6. Data Location & International Transfers

Canada-Only Data Storage

Personal information is stored in certified datacenters located in Quebec, Canada.

AI Processing

AI-assisted transcription and documentation are processed using providers contractually restricted to Canadian infrastructure.

We require our service providers to apply appropriate safeguards and data residency commitments.

7. Data Security

We apply administrative, technical, and physical safeguards designed to protect personal information, including:

Encryption in transit and at rest
Access controls and authentication safeguards
Audit logging and monitoring
Regular security reviews

Security measures are reviewed and improved on an ongoing basis.

8. Data Retention

Medical Information

Audio recordings: deleted automatically after 30 days
Transcriptions and SOAP notes: retained in accordance with applicable provincial medical record retention laws (generally 10 years after last consultation)

Account & Technical Data

Account information: retained while active + short grace period
Billing records: retained as required by Canadian tax laws
Security logs: retained for a limited period

9. Account Closure

When an account is closed:

Account-related data is deleted after a short grace period
Medical records are retained as required by law
Physicians may export their data before closure

10. Rights Under PIPEDA

Physician Rights

Access and obtain a copy of account data
Request correction of inaccurate information
Request account deletion (subject to legal retention requirements)
Export data in commonly used formats
Withdraw consent by closing the account

Patient Rights

Patients have the right to:

Access their medical records
Request corrections
Request deletion (subject to legal medical record retention)

Patients must submit requests through their treating physician, who acts as the Data Controller. M2A DocAssist acts solely as a Data Processor.

11. Cookies

Strictly Necessary Cookies

Used for authentication and security and cannot be disabled.

Functional Cookies (Optional)

Used to store language and theme preferences.

We do not use:

Advertising cookies
Cross-site tracking
Social media pixels
Behavioral analytics tools

12. Minors' Data

If a physician treats minors, the physician is responsible for obtaining appropriate parental or guardian consent in accordance with applicable laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Minor changes: effective immediately
Material changes: notice provided in advance where required

The "Last updated" date reflects the most recent revision.

14. Complaints and Contact

Contact Us

For privacy-related questions or requests:

Email: contact@m2adoc.com

Response time: within 30 days

Privacy Commissioner of Canada

You may also file a complaint with:

Office of the Privacy Commissioner of Canada

30 Victoria Street, Gatineau, QC K1A 1H3

1-800-282-1376

https://www.priv.gc.ca

15. Acceptance

By using M2A DocAssist, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree, please do not use the platform.