Your health information, protected under PHIPA.

Last updated: April 23, 2026

What we collect

To provide a pharmacist assessment and prescription, we collect: your name, date of birth, address, phone, email, Ontario health card number + version code, clinical intake information (symptoms, allergies, current medications), and — only when necessary — photos of the affected area and/or your health card.

How we use it

Your information is used strictly to provide care: the pharmacist reviews your intake, contacts you, prescribes if appropriate, and our partner pharmacy dispenses and delivers. We do not sell, rent, or otherwise share your personal health information. Marketing is opt-in only and never tied to clinical data.

Where it's stored

All personal health information is stored in Canadian data centres, encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields are additionally encrypted at the application layer. Uploaded photos are served only via short-lived signed URLs.

Who has access

Only the pharmacist assessing your visit, and authorized staff at our partner dispensing pharmacy, can see your clinical record. Every access is logged to an immutable audit trail retained for ten years, as required by the Personal Health Information Protection Act (PHIPA).

Service providers

We work with a small number of vetted service providers (hosting, database, authentication, email, SMS, payments, error monitoring) under contracts that require Canadian data residency or explicit safeguards for any out-of-country processing.

Your rights

Under PHIPA you have the right to access your record, correct inaccuracies, withdraw consent for certain uses, and file a complaint with the Information and Privacy Commissioner of Ontario at ipc.on.ca. To exercise any of these rights, reach out through our contact page.

Breach response

If a privacy breach occurs, we notify affected patients and the IPC without undue delay in accordance with PHIPA.