Privacy & Security

Privacy Policy

Last Updated: May 19, 2026. Learn how we handle, secure, and respect your personal and clinic data.

Compliance Specs

  • PIPEDA Compliant
  • CASL Ready
  • PHIPA Aligned
  • 100% Canadian Hosted

1. Overview & Commitment

SyncCare (“we”, “us”, or “our”) is committed to protecting the privacy and security of personal health information and personal information entrusted to us. This Privacy Policy describes how we collect, use, disclose, and safeguard the information of clinics, practitioners, and patients when using our platform.

All SyncCare databases and server infrastructure are physically located inside the **AWS ca-central-1 (Canada Central)** region to ensure complete compliance with Canadian data residency requirements, including **PIPEDA**, provincial health privacy acts (such as **PHIPA** in Ontario), and **CASL**.

2. Information We Collect

We only collect information necessary to deliver our scheduling optimization and benefits coordination services:

  • For Clinics & Practitioners: Name, professional registration number, clinic address, phone number, email address, calendar availability, and practice details sync'd via integrations.
  • For Patients: Name, phone number, email address, preferred language, insurance provider, annual benefits remaining/reset dates, and appointment preferences.
  • Communication History: Records of SMS messages sent and received through the platform (e.g. waitlist invitations, confirmations, reminders, and opt-in status).
We Do Not Store Health Records

SyncCare does not create, maintain, or store clinical medical records, clinical notes, patient diagnoses, or sensitive health histories. We coordinate waitlist scheduling and insurance balances only, acting strictly as a scheduling processor.

3. How We Use Information

SyncCare uses personal information strictly to fulfill its waitlist optimization and notification services:

  • Smart Waitlist Matching: Automatically ranking patients based on benefit expiry and preferences when a clinic appointment cancellation occurs.
  • Transactional SMS: Sending bilingual waitlist slot broadcasts, appointment confirmations, and benefits reminders.
  • Client Communications: Facilitating communication between patients and their respective clinics.
  • System Monitoring: Ensuring security, preventing system abuse, and verifying SMS status.

4. Compliance & Consent

SyncCare takes compliance seriously. Our consent workflow includes the following safeguards:

  • Double Opt-In: Patients must explicitly opt-in or provide verbal consent recorded by the clinic before receiving SMS notifications.
  • CASL Alignment: All marketing-adjacent reminders respect standard opt-out commands. Patients can reply “STOP” to any SMS to instantly revoke consent and stop receiving SMS messages.
  • PIPEDA Compliance: Access to patient data is strictly restricted. Patient information is never shared with third parties for marketing purposes.

5. Security Standards

We utilize enterprise-grade security protocols to secure your data:

  • Data in Transit: All data is encrypted in transit using Transport Layer Security (TLS 1.3).
  • Data at Rest: Databases are encrypted at rest using AES-256.
  • Access Controls: Multi-factor authentication is enforced across all internal administrative tools, and granular Row Level Security (RLS) is activated at the database layer.

6. Contact & Questions

If you have questions about this Privacy Policy or wish to request data deletion, contact our Privacy Officer at:

SyncCare Privacy Officer
Email: privacy@synccare.app
Sudbury, Ontario, Canada