Privacy Policy

Account information: name, email address, and practice details you provide during registration.

Provider information: Practitioner ID (PRACID), clinic name, province, and contact details.

Health information: encounter notes, billing codes, diagnosis codes, and patient health card numbers that you enter into the platform.

Usage data: API request logs, feature usage, and session information for service improvement.

Payment information: processed securely by Stripe. AivaMD does not store your full credit card number.

To provide the AivaMD service: AI billing analysis, claim creation, H-Link EDI generation, and claim tracking.

To authenticate your account via Clerk and maintain your session.

To process subscription payments via Stripe.

To improve our AI models and billing code accuracy (only with anonymized, aggregated data — never individual patient records).

To communicate service updates, billing notices, and support responses.

AivaMD handles health information as defined under the Alberta Health Information Act (HIA) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

Health information you enter is used solely to generate billing codes and claims on your behalf. It is not sold, shared with third parties for marketing, or used to train AI models without express consent.

Data is stored in Canada (Railway infrastructure in ca-central-1 region where available) to comply with Alberta HIA residency requirements.

You retain ownership of all health information entered into AivaMD. You may request deletion of your data at any time by contacting hello@aivamd.ca.

As a healthcare provider, you remain responsible for ensuring your use of AivaMD complies with your professional obligations under CPSA and the HIA.

Anthropic (Claude API): Encounter note text is sent to Anthropic's API to generate billing code suggestions. Anthropic does not use your data to train models under their API terms.

Clerk: Manages user authentication. Account identifiers and session tokens are processed by Clerk.

Stripe: Payment processing. Stripe receives billing information only for subscription management.

Alberta Health (H-Link): Claim data is submitted to Alberta Health via H-Link EDI as part of the normal billing process — this is required to bill Alberta Health.

We do not sell your data to any third party.

Account data is retained for the duration of your subscription plus 7 years, as required for medical billing records under Alberta regulations.

You may request early deletion of your account data by contacting hello@aivamd.ca. Note that certain records may be retained to comply with legal obligations.

Backups are retained for up to 30 days.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Access to health information is restricted to authenticated providers using Clerk JWTs.

API endpoints enforce provider-level isolation — you can only access your own claims and data.

We conduct regular security reviews and follow OWASP guidelines.

Access: You may request a copy of the information we hold about you.

Correction: You may request correction of inaccurate data.

Deletion: You may request deletion of your account and associated data.

Portability: You may request an export of your claims data in CSV format.

To exercise these rights, email hello@aivamd.ca.

If you have questions about this Privacy Policy or our data practices, contact us at hello@aivamd.ca.

Effective date: February 2026. We will notify users of material changes via email.