Privacy Policy
Updated:
At SMYLS, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.
Introduction
SMYLS (“we”, “us”, or “our”) provides software and services that enable physicians and clinics to manage uninsured medical services and related clinic operations.
This Privacy Policy explains how we collect, use, disclose, and protect personal information about:
Physicians, clinic administrators, and staff using the SMYLS platform
Patients purchasing uninsured services at SMYLS-powered clinics
Visitors to SMYLS websites and individuals who contact SMYLS support
We comply with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial health information laws.
If we make material changes to this Privacy Policy, we will notify users through the SMYLS platform or by email.
2. Privacy Principles
Your information belongs to you
We collect only the personal information required to deliver and improve our services. Information that is no longer necessary is securely deleted or anonymized. Our products are designed using privacy-by-design and privacy-by-default principles.
We protect your information
We do not sell personal information. We only disclose personal information:
With your consent
To provide our services
Where required by law
We notify affected individuals and regulators of reportable privacy breaches as required under Canadian law.
3. Roles and Responsibilities
Clinics and physicians are the custodians/controllers of patient personal information.
SMYLS acts as a service provider and processor of patient information on behalf of clinics.
For information about SMYLS account holders (physicians and staff), SMYLS acts as the organization responsible for that information.
Patients seeking access, correction, or deletion of their information related to a clinic service must contact the clinic directly.
4. Information We Collect
A. Physicians and Clinics
Name, professional credentials, and contact details
Clinic information
Account credentials
Billing and payment information
Platform usage and audit data
B. Patients (on behalf of clinics)
Name and contact information
Transaction and service details
Payment information
Limited health-related context where required for billing
SMYLS does not collect full medical records.
C. Website and Support Users
IP address and device/browser information
Cookies and analytics data
Support communications
5. Purposes for Use
We use personal information to:
Provide and operate the SMYLS platform
Process payments and subscriptions
Provide customer support
Prevent fraud and abuse
Improve and develop our services
Meet legal and regulatory requirements
We rely on:
Contractual necessity
Consent
Legal obligations
Reasonable business purposes permitted under Canadian law
6. Consent
We obtain consent where required by law. Consent may be express or implied depending on the context and sensitivity of the information.
Patients provide consent to their clinic, not directly to SMYLS. Clinics are responsible for obtaining patient consent for use of the SMYLS platform.
7. Data Retention
We retain personal information only as long as necessary to:
Provide services
Comply with legal requirements
Resolve disputes
Enforce agreements
When no longer required, personal information is securely destroyed or anonymized.
8. Data Location and Transfers
SMYLS is a Canadian company. Personal information is primarily stored and processed in Canada. Some service providers may store or process data in the United States.
When information is transferred outside your province or Canada:
It is protected using contractual safeguards
It is subject to the laws of the receiving jurisdiction
We require service providers to meet Canadian privacy standards
9. Safeguards and Security
We use industry-standard administrative, technical, and physical safeguards, including:
Encryption in transit and at rest
Role-based access controls
Audit logging
Secure cloud infrastructure
Daily backups and disaster recovery procedures
Incident response and breach notification procedures
No system is completely secure, but we continuously improve our safeguards.
10. Third-Party Service Providers
We may use trusted service providers for:
Cloud hosting
Payment processing
Email and support services
They are contractually required to use personal information only to provide services to SMYLS and to protect it appropriately.
11. Cookies and Website Technologies
We use cookies and similar technologies to:
Operate and secure our website
Analyze usage
Improve performance
You may manage cookies through your browser settings. Some features may not function correctly if cookies are disabled.
12. Children’s Information
SMYLS services are intended for use by healthcare professionals and adult patients. We do not knowingly collect personal information directly from children without appropriate consent.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through the SMYLS platform or by email.
14. Contact Information
Privacy Officer
SMYLS World Inc.
Email: privacy@smyls.ca
For questions, access requests, or complaints, you may contact us using the information above.