top of page

Privacy policy

Last Updated: March 01, 2026

 

1. Introduction

 

SMYLS (“we”, “us”, or “our”) provides software and services that enable physicians and clinics to manage uninsured medical services and related clinic operations.

 

This Privacy Policy explains how we collect, use, disclose, and protect personal information about:

 

  • Physicians, clinic administrators, and staff using the SMYLS platform

  • Patients purchasing uninsured services at SMYLS-powered clinics

  • Visitors to SMYLS websites and individuals who contact SMYLS support

We comply with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial health information laws.

If we make material changes to this Privacy Policy, we will notify users through the SMYLS platform or by email.

2. Privacy Principles

Your information belongs to you

We collect only the personal information required to deliver and improve our services. Information that is no longer necessary is securely deleted or anonymized. Our products are designed using privacy-by-design and privacy-by-default principles.

 

We protect your information

We do not sell personal information. We only disclose personal information:

  • With your consent

  • To provide our services

  • Where required by law

 

We notify affected individuals and regulators of reportable privacy breaches as required under Canadian law.

3. Roles and Responsibilities

  • Clinics and physicians are the custodians/controllers of patient personal information.

  • SMYLS acts as a service provider and processor of patient information on behalf of clinics.

  • For information about SMYLS account holders (physicians and staff), SMYLS acts as the organization responsible for that information.

Patients seeking access, correction, or deletion of their information related to a clinic service must contact the clinic directly.

4. Information We Collect

A. Physicians and Clinics

  • Name, professional credentials, and contact details

  • Clinic information

  • Account credentials

  • Billing and payment information

  • Platform usage and audit data

B. Patients (on behalf of clinics)

  • Name and contact information

  • Transaction and service details

  • Payment information

  • Limited health-related context where required for billing

 

SMYLS does not collect full medical records.

 

C. Website and Support Users

  • IP address and device/browser information

  • Cookies and analytics data

  • Support communications

 

5. Purposes for Use

 

We use personal information to:

  • Provide and operate the SMYLS platform

  • Process payments and subscriptions

  • Provide customer support

  • Prevent fraud and abuse

  • Improve and develop our services

  • Meet legal and regulatory requirements

We rely on:

  • Contractual necessity

  • Consent

  • Legal obligations

  • Reasonable business purposes permitted under Canadian law

 

6. Consent

 

We obtain consent where required by law. Consent may be express or implied depending on the context and sensitivity of the information.

Patients provide consent to their clinic, not directly to SMYLS. Clinics are responsible for obtaining patient consent for use of the SMYLS platform.

 

7. Data Retention

We retain personal information only as long as necessary to:

  • Provide services

  • Comply with legal requirements

  • Resolve disputes

  • Enforce agreements

  • When no longer required, personal information is securely destroyed or anonymized.

 

8. Data Location and Transfers

 

SMYLS is a Canadian company. Personal information is primarily stored and processed in Canada. Some service providers may store or process data in the United States.

When information is transferred outside your province or Canada:

  • It is protected using contractual safeguards

  • It is subject to the laws of the receiving jurisdiction

  • We require service providers to meet Canadian privacy standards

9. Safeguards and Security

We use industry-standard administrative, technical, and physical safeguards, including:

  • Encryption in transit and at rest

  • Role-based access controls

  • Audit logging

  • Secure cloud infrastructure

  • Daily backups and disaster recovery procedures

  • Incident response and breach notification procedures

No system is completely secure, but we continuously improve our safeguards.

 

10. Third-Party Service Providers

 

We may use trusted service providers for:

  • Cloud hosting

  • Payment processing

  • Email and support services

 

They are contractually required to use personal information only to provide services to SMYLS and to protect it appropriately.

11. Cookies and Website Technologies

 

We use cookies and similar technologies to:

  • Operate and secure our website

  • Analyze usage

  • Improve performance

 

You may manage cookies through your browser settings. Some features may not function correctly if cookies are disabled.

12. Children’s Information

SMYLS services are intended for use by healthcare professionals and adult patients. We do not knowingly collect personal information directly from children without appropriate consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time.
Material changes will be communicated through the SMYLS platform or by email.

 

14. Contact Information

 

Privacy Officer
SMYLS World Inc.
Email: privacy@smyls.ca

 

For questions, access requests, or complaints, you may contact us using the information above.

bottom of page