Privacy Policy

QuickChart Inc. (“QuickChart,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal information and personal health information processed through the QuickChart platform, website, applications, products, and related services (collectively, the “Services”).

QuickChart is a Canadian company incorporated under the federal laws of Canada. Our Services are designed to support healthcare professionals and organizations with clinical transcription, documentation, AI-assisted note generation, workflow support, telehealth workflows, file analysis, and related functionality.

This Privacy Policy explains how QuickChart collects, uses, discloses, stores, protects, and retains personal information and personal health information. It is intended to support compliance with applicable privacy and health information laws, including Ontario's Personal Health Information Protection Act, 2004 (“PHIPA”), the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and, where applicable to institutional or public-sector customers, Ontario's Freedom of Information and Protection of Privacy Act (“FIPPA”), the Municipal Freedom of Information and Protection of Privacy Act (“MFIPPA”), and comparable provincial privacy, public-sector, and access-to-information legislation.

This Privacy Policy does not replace the obligations of healthcare providers, health information custodians, institutions, or other customers under laws and policies that apply to them. Customer-specific or institution-specific privacy, security, data residency, and processing requirements may be addressed through applicable agreements, deployment settings, and institutional configurations.

This Privacy Policy should be read together with any applicable customer agreement, data processing agreement, business associate agreement, institutional agreement, order form, or other written agreement between QuickChart and a customer. If a written agreement conflicts with this Privacy Policy, the written agreement will govern to the extent of the conflict.

1. Our Role

QuickChart provides technology services to healthcare professionals, clinics, physician groups, institutions, and other customers.

Depending on the context, QuickChart may act as a service provider, agent, processor, business associate, or equivalent role under applicable privacy and health information laws. Our customers remain responsible for determining whether and how the Services are used in their clinical, professional, institutional, or regulated environment.

When QuickChart processes personal information or personal health information on behalf of a customer, we do so to provide the Services, under customer instructions, and subject to applicable privacy, security, contractual, and legal obligations.

2. Information We Collect and Process

QuickChart may collect or process the following categories of information.

Account and user information

This may include name, email address, phone number, organization, role, login information, account settings, subscription information, authentication information, user preferences, and related administrative information.

Clinical and workflow information

Depending on how the Services are used, QuickChart may process transcripts, generated notes, clinical encounter content, prompts, uploaded documents, PDFs, photographs, images, workflow data, and related outputs. This information may include personal health information.

Audio

QuickChart processes audio for transcription and related workflows. QuickChart does not store or retain customer audio recordings after transcription processing is complete. Audio is used transiently for transcription and may be processed in short segments to reduce exposure during transcription. QuickChart does not retain customer audio in application logs, debugging logs, or support tooling.

Technical and usage information

This may include IP address, device information, browser type, access times, audit logs, system activity, diagnostic information, security logs, error reports, and similar technical information required to operate, secure, monitor, and improve the Services. QuickChart application logs are designed not to contain personal health information.

Communications

If you contact QuickChart, we may collect information provided through email, support requests, onboarding, demonstrations, forms, procurement processes, or other communications.

3. How We Use Information

QuickChart uses personal information and customer data only for purposes related to providing, securing, supporting, administering, and improving the Services, including to:

• create and administer user accounts;
• authenticate users and manage access;
• provide transcription, documentation, AI-assisted workflow, telehealth, file analysis, and related functionality;
• generate, synchronize, display, and store transcripts, notes, documents, attachments, and related workflow data;
• provide support and troubleshooting;
• maintain security, auditability, service integrity, and fraud prevention;
• monitor performance and reliability;
• manage billing, subscriptions, customer relationships, and administrative communications;
• comply with legal, regulatory, contractual, and professional obligations;
• enforce agreements and acceptable use requirements; and
• improve the Services where permitted by law and contract.

QuickChart does not sell personal information or personal health information. QuickChart does not use customer clinical content for advertising. QuickChart does not use customer clinical content to train third-party foundation models.

4. Personal Health Information

QuickChart may process personal health information when it is submitted to or generated through the Services. This may include transcripts, generated notes, clinical summaries, uploaded documents, photographs, prompts, outputs, or related workflow information.

QuickChart processes personal health information only as necessary to provide the Services, support the customer, maintain security, comply with legal obligations, or as otherwise authorized by the customer or required by law.

QuickChart does not independently determine the clinical purposes for which customer data is collected or used. Customers and users are responsible for determining whether they have the necessary authority, consent, notice, institutional approval, professional authorization, or other legal basis to use the Services in their practice or organization.

5. Data Residency and Processing Modes

QuickChart supports configurable data residency and processing modes. In all modes, customer data is encrypted in transit and at rest.

For clarity, data residency refers to where customer data is stored. Processing location refers to where customer data may be transmitted, accessed, or processed to provide a requested feature, fallback pathway, AI workflow, telehealth workflow, or support function.

Canada Preferred: Default

Canada Preferred is QuickChart's default configuration. In this mode, QuickChart's primary infrastructure and persistent customer data storage remain in Canada. Customer data is stored in Canada and encrypted in transit and at rest.

QuickChart's design preference is to use Canadian infrastructure and Canadian processing services wherever suitable. Certain selected workflows, including fallback routes, capacity overflow, advanced AI features, or capabilities not yet available through suitable Canadian infrastructure, may use approved non-Canadian processors. Where this occurs, those processors are used to perform the requested workflow and are not used by QuickChart as the persistent storage location for customer records.

Outputs return to QuickChart and are stored in Canada according to the customer's selected retention settings. Approved processors are governed by contractual privacy, security, confidentiality, no-training, and limited/no-retention commitments. Customers or institutional deployments requiring Canadian-only storage and processing may use Canada Strict mode.

Canada Strict: Canadian-Only Storage and Processing

Canada Strict mode is available for users, customers, or institutional deployments that require Canadian-only storage and processing or that are subject to policies restricting cross-border processing.

In Canada Strict mode, customer data is stored in Canada and processing remains in Canada for supported workflows. Features requiring non-Canadian processing are disabled or routed to Canadian alternatives where available. No U.S.-based AI processors are used for workflows covered by Canada Strict mode.

U.S. Processing Preferred

U.S. Processing Preferred mode is intended for U.S. customers or deployments that prefer U.S.-based AI processing. In this mode, eligible AI workflows may be preferentially routed through approved U.S. processors, including report generation, chat, system workflows, transcription fallback, and advanced AI features. This mode is not used for Canada Strict customers.

Institutional settings

For institutional deployments, data residency, processing mode, data stream, and retention settings may be configured at the organization or tenant level. Where an institution requires Canada Strict mode, QuickChart can disable features or fallback pathways that require non-Canadian processing.

6. Third-Party Processors and Subprocessors

QuickChart uses approved third-party service providers and subprocessors to provide, secure, support, and maintain the Services. These may include cloud infrastructure providers, AI processing providers, transcription-related services, telecommunications providers, authentication providers, monitoring tools, support tools, payment processors, and other operational vendors.

QuickChart's primary hosting and storage infrastructure is AWS Canada. Certain AI and workflow features may use approved cloud and AI processing services, including services hosted on Google Cloud, AWS Bedrock, Microsoft Azure, and other approved processors depending on the customer's selected configuration and enabled features.

QuickChart requires approved processors and subprocessors to process information only for authorized purposes and under appropriate contractual, technical, organizational, and security safeguards. Approved AI processors are governed by no-training commitments for customer clinical content and limited/no-retention commitments, subject to applicable legal, safety, and contractual requirements.

A current subprocessor list or additional deployment-specific information may be made available through QuickChart's trust portal or upon request, subject to confidentiality, security, and contractual requirements.

7. Identifier Reduction Before External AI Processing

Where technically feasible for the applicable workflow, QuickChart applies automated identifier-reduction techniques, including named entity recognition, before transmitting clinical text to approved external AI processors for report generation, note generation, chat, or similar AI workflows.

These techniques are designed to reduce the presence of direct identifiers before external AI processing. However, clinical information may contain contextual details that are difficult to remove completely. QuickChart does not represent that all information processed through identifier-reduction techniques is fully anonymized, fully de-identified, or incapable of re-identification.

8. Cross-Border Processing

QuickChart's default design is to keep customer data stored in Canada and to use Canadian infrastructure and Canadian processing services wherever suitable.

Depending on the customer's selected configuration and enabled features, certain limited workflows may involve approved processors outside Canada. These may include fallback routes, capacity overflow, advanced AI features, telecommunications functions, or capabilities not yet available through suitable Canadian infrastructure.

Where cross-border processing occurs, it is limited to the applicable feature or workflow. QuickChart does not use non-Canadian processors as the persistent storage location for customer records. Outputs return to QuickChart and are stored in Canada according to the customer's selected retention settings.

Approved processors are governed by contractual privacy, security, confidentiality, no-training, and limited/no-retention commitments. Information processed outside Canada may be subject to the laws of the jurisdiction where it is processed, including lawful access by courts, regulators, law enforcement, or government authorities.

Customers or institutional deployments that require Canadian-only storage and processing may use Canada Strict mode, where supported workflows remain in Canada and features requiring non-Canadian processing are disabled or routed to Canadian alternatives where available.

9. Telephony and PSTN Workflows

QuickChart may support voice, telephone, or PSTN-related workflows. For these workflows, QuickChart may use third-party telecommunications providers as conduits to connect calls and transmit call-related data. Telecommunications routing may involve external networks outside QuickChart's direct control.

QuickChart does not record calls for storage as customer audio recordings. Call audio may be transcribed through QuickChart's transcription workflow, and resulting transcripts are stored according to the applicable retention settings. Telecommunications providers may process call metadata, such as destination numbers, routing information, or similar technical data, as required to provide telecommunications services.

Customers and users are responsible for obtaining any required patient notice, consent, authorization, or institutional approval before recording, transcribing, or processing telephone, telehealth, or other communications through QuickChart.

10. Retention

QuickChart retains personal information and customer data only for as long as necessary to provide the Services, meet contractual requirements, comply with legal, accounting, technical, audit, or regulatory obligations, resolve disputes, enforce agreements, maintain security, or as otherwise authorized by the customer.

Customers may configure supported retention settings for certain categories of customer data, including transcripts, generated notes, supporting clinical encounter information, and uploaded attachments. Available retention options may include:

• 3 days;
• 30 days, which is the default setting; and
• no fixed deletion period / no limit, where supported by the applicable plan or configuration.

“No fixed deletion period” or “no limit” does not mean that data will necessarily be stored permanently. Customer data remains subject to account status, service plan, user deletion, institutional configuration, applicable law, operational requirements, security requirements, and this Privacy Policy.

QuickChart may delete, archive, restrict access to, or otherwise remove customer data associated with inactive accounts, trial accounts, unpaid accounts, expired subscriptions, accounts without an active service plan, or accounts that have not been accessed for an extended period, subject to applicable law, contractual obligations, and any notice requirements we determine are appropriate.

Deleted data may remain in encrypted backups for a limited period, currently up to 7 days, before routine backup expiry, unless a longer period is required for legal, security, dispute-resolution, or operational reasons.

11. Sharing of Information

QuickChart does not sell personal information or personal health information. QuickChart does not disclose customer clinical content for advertising or third-party marketing.

QuickChart shares information only where necessary to provide, secure, support, administer, or improve the Services, or where authorized or required by law. This may include sharing information with:

• approved service providers and subprocessors who help operate, host, secure, or support the Services;
• telecommunications, cloud, AI-processing, authentication, monitoring, payment, and other operational providers, where applicable to the customer's selected configuration and enabled features;
• professional advisors, insurers, auditors, legal counsel, or other advisors under appropriate confidentiality obligations;
• regulators, courts, law enforcement, or government authorities where required or permitted by law;
• parties involved in a merger, acquisition, financing, reorganization, sale of assets, insolvency, or similar corporate transaction, subject to appropriate confidentiality and privacy protections; or
• other parties where the customer or user has directed, authorized, or consented to the sharing.

Where QuickChart shares customer data with approved service providers or subprocessors, they are authorized to process it only for the purposes of providing services to QuickChart and are subject to contractual privacy, security, confidentiality, no-training, and limited/no-retention commitments, where applicable.

12. Security Safeguards

QuickChart uses administrative, technical, and physical safeguards designed to protect personal information and customer data against unauthorized access, use, disclosure, alteration, loss, or destruction.

Safeguards may include encryption in transit, encryption at rest, access controls, role-based permissions, authentication controls, audit logging, monitoring, network security controls, private infrastructure, vulnerability management, backup and recovery controls, least-privilege access, and contractual confidentiality obligations.

QuickChart support personnel are not provided routine access to customer clinical content, including transcripts, generated notes, audio, uploaded documents, photographs, or other personal health information through standard support tooling. Support and administrative tooling is designed to limit access to technical metadata, aggregate statistics, system status, account configuration, and non-PHI logs.

No system can be guaranteed to be completely secure. Users are responsible for maintaining the confidentiality of their credentials and for promptly notifying QuickChart of suspected unauthorized access or security issues.

13. Individual Rights and Requests

Individuals may have rights to request access to, correction of, or deletion of personal information, subject to applicable law, identity verification, customer instructions, contractual obligations, and permitted exceptions.

Where QuickChart processes personal information or personal health information on behalf of a healthcare provider, clinic, institution, or other customer, requests relating to a patient's clinical record should generally be directed to that customer. QuickChart does not independently determine whether patient clinical records should be accessed, corrected, amended, released, retained, or deleted.

If QuickChart receives a request relating to personal health information processed on behalf of a customer, QuickChart may refer the request to the customer or coordinate with the customer, as appropriate. QuickChart may respond directly to requests relating to information under QuickChart's own control, such as account, billing, support, website, or administrative information.

QuickChart may decline or limit a request where permitted or required by law or where required to comply with customer instructions, contractual obligations, security requirements, legal privilege, or the rights of another individual. To make a privacy request, contact QuickChart using the contact information below.

14. Cookies and Website Information

QuickChart may use cookies, logs, analytics tools, and similar technologies on our website and Services to support authentication, security, functionality, preferences, analytics, performance monitoring, and service improvement.

Users may be able to manage cookie preferences through their browser settings. Disabling cookies may affect functionality. QuickChart does not use customer clinical content for advertising.

15. Changes to this Privacy Policy

QuickChart may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, technology, privacy practices, or business operations.

The updated Privacy Policy will be posted on our website with a revised “Last updated” date. Where required by law or contract, QuickChart will provide notice of material changes. Continued use of the Services after an updated Privacy Policy becomes effective means the updated Privacy Policy applies to your use of the Services.

16. Contact Information

Questions, requests, or concerns about this Privacy Policy or QuickChart's privacy practices may be directed to:

QuickChart has procedures to receive and respond to privacy inquiries, complaints, and requests regarding our handling of personal information and personal health information.