Privacy Policy

Last Updated: April 12, 2026.

1. INTRODUCTION

Quip Medical Inc. ("Quip," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our billing optimization software and related services (the "Service").

This Privacy Policy applies to:

·       Physicians, nurse practitioners, and other healthcare professionals who use our Service ("Users" or "you")

·       Patient information processed through the Service

·       Visitors to our website

Legal Framework: We comply with:

·       Personal Information Protection and Electronic Documents Act (PIPEDA)

·       Personal Health Information Protection Act, 2004 (PHIPA) (Ontario)

·       Other applicable Canadian privacy laws and regulations

By using the Service, you consent to the collection, use, and disclosure of information as described in this Privacy Policy.

2. DEFINITIONS

"Personal Information" means information about an identifiable individual, including but not limited to name, email address, billing number, professional registration information, and contact details.

"Personal Health Information" (PHI) means identifying information about an individual in oral or recorded form that relates to their health, healthcare, or payment for healthcare, as defined under PHIPA.

"Anonymized Data" means data that has been processed to remove all identifying information such that individuals cannot be identified, directly or indirectly.

"Service" means Quip's billing optimization software, including desktop application, web services, and related features.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Information: When you register for an account, we collect:

·       Full name and professional designation

·       Email address and phone number

·       Billing number (OHIP or other payer identification)

·       EMR system information

·       Payment information (credit card details, billing address)

Clinical Documentation: When you use the Service, we process:

·       Clinical notes and patient encounter documentation

·       Diagnosis codes and billing codes

·       Patient identifiers necessary for billing (sex, dates of birth, past medical history)

·       Roster information

·       Billing history and revenue data

3.2 Information Collected Automatically

Usage Information:

·       Features and functions you use within the Service

·       Frequency and duration of Service use

·       Billing code selections and modifications

·       Error logs and diagnostic information

Device and Technical Information:

·       IP address

·       Device type, operating system, and browser information

·       EMR system version and configuration details

·       Application performance metrics

·       Authentication logs

4. HOW WE USE YOUR INFORMATION

4.1 Providing the Service

We use your information to:

·       Create and maintain your account

·       Process clinical documentation and extract optimal billing codes

·       Generate billing code suggestions and recommendations

·       Perform roster reconciliation comparing your EMR data with Ministry of Health records

·       Process payments and manage subscriptions

·       Provide customer support and respond to inquiries

·       Send service-related communications (account notifications, technical updates, security alerts)

4.2 Improving the Service

We use aggregated, anonymized data to:

·       Analyze service usage patterns and performance

·       Develop new features and functionality

·       Improve billing code extraction algorithms

·       Conduct research and development

·       Generate industry insights and analytics

We do not use identifiable patient health information for algorithm training or research without explicit consent and appropriate ethics approvals.

4.3 Legal and Regulatory Compliance

We use your information to:

·       Comply with applicable laws, regulations, and legal processes

·       Respond to government or regulatory requests

·       Enforce our Terms of Service

·       Protect our rights, property, and safety and the rights of our users

·       Detect, prevent, and address fraud, security issues, or technical problems

4.4 With Your Consent

We may use your information for other purposes with your explicit consent, which you may withdraw at any time by contacting us at [privacy email].

5. DATA SECURITY

5.1 Security Measures

We implement comprehensive security measures to protect your information, including:

Technical Safeguards:

·       Encryption of data in transit using TLS 1.2 or higher

·       Encryption of data at rest using AES-256 or equivalent

·       Role-based access controls limiting employee access to information

·       Regular security audits and penetration testing

·       Intrusion detection and prevention systems

·       Automated backup and disaster recovery procedures

Administrative Safeguards:

·       Employee training on privacy and security obligations

·       Confidentiality agreements with all employees and contractors

·       Incident response plan for security breaches

·       Regular review and update of security policies

Compliance Certifications:

·       SOC2 Type II certification

·       Regular third-party security audits

·       PIPEDA and PHIPA compliance assessments

6.2 Your Responsibilities

Account security also depends on your actions. You are responsible for:

·       Maintaining the confidentiality of your login credentials

·       Using strong, unique passwords

·       Enabling multi-factor authentication when available

·       Logging out when using shared devices

·       Promptly notifying us of any unauthorized access or security concerns

6.3 Limitations

No system is completely secure. While we implement industry-standard security measures, we cannot guarantee absolute security of your information. You use the Service at your own risk.

7. DATA RETENTION

7.1 Retention Periods

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Clinical and Billing Data: Retained in accordance with PHIPA requirements and professional record-keeping standards.

7.2 Data Deletion

Upon account termination, you may request deletion of your Personal Information and Personal Health Information by contacting contact@quipmedical.org.

We will:

·       Delete or anonymize your information within 30 days of your request

·       Provide confirmation of deletion upon completion

·       Retain only information necessary to comply with legal obligations or resolve disputes

Note: Deletion may not be possible if retention is required by law or if information is contained in backups (which are deleted according to our standard backup retention schedule).

8. YOUR PRIVACY RIGHTS

8.1 Access

You have the right to:

·       Access your Personal Information and Personal Health Information that we hold

·       Request copies of your information in a commonly used format

·       Understand how your information has been used and disclosed

To request access, contact contact@quipmedical.org.

8.2 Correction

You have the right to:

·       Correct inaccurate or incomplete Personal Information

·       Update your account information at any time through your account settings

If we deny a correction request, we will provide reasons and document your request for correction in your file.

8.3 Withdrawal of Consent

You may withdraw consent for certain uses of your information at any time by contacting contact contact@quipmedical.org.

Note: Withdrawal of consent may affect our ability to provide the Service to you. Certain uses of information (such as processing necessary to fulfill our contract with you or comply with legal obligations) may continue even after consent withdrawal.

9. SPECIAL CONSIDERATIONS FOR PERSONAL HEALTH INFORMATION

9.1 PHIPA Compliance

For Ontario users, our handling of Personal Health Information is governed by PHIPA. Under PHIPA:

"Health Information Custodian": You (the physician or healthcare provider) are the health information custodian responsible for PHI under PHIPA.

"Agent": Quip acts as your agent in processing PHI for billing optimization purposes.

Collection, Use, and Disclosure: We collect, use, and disclose PHI only:

·       With your authorization as health information custodian

·       For the purposes of providing billing optimization services

·       In compliance with PHIPA requirements

9.2 Minimum Necessary Standard

We limit collection, use, and disclosure of PHI to the minimum necessary to accomplish the intended purpose of billing code extraction and optimization.

9.3 De-identification

When using data for algorithm improvement or research:

·       We de-identify or anonymize PHI in accordance with PHIPA standards

·       De-identified data is stripped of all identifying information including:

·  Names, addresses, and contact information

·    Health card numbers and other unique identifiers

·     Dates (except year) that could identify individuals

·     Any other information that could reasonably identify an individual

9.4 Breach Notification

In the event of a privacy breach involving PHI:

·       We will notify you as health information custodian immediately

·       We will assist you in meeting your PHIPA breach notification obligations to affected individuals and the Information and Privacy Commissioner of Ontario

·       We will provide information about the breach, affected individuals, and remedial actions taken

10. INTERNATIONAL DATA TRANSFERS

All information is stored and processed in Canada. If information is transferred outside Canada:

·       Transfers will comply with PIPEDA requirements

·       We will implement appropriate safeguards to protect your information

·       Information will only be transferred to jurisdictions providing adequate privacy protections or under appropriate contractual protections

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

·       Email to the address associated with your account

·       Notice within the Service

·       Posting the updated Privacy Policy on our website with a new "Last Updated" date

Material changes will be effective 30 days after notice. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact contact@quipmedical.org.