Privacy Policy

Last Updated / Dernière mise à jour: 2025-11-30

This Privacy Policy is available in English and French. In accordance with Quebec's Charter of the French Language, this document is available in French. La présente est disponible en français. To obtain the French version, contact: billingmdqc@gmail.com.
Cette politique de confidentialité est disponible en anglais et en français. Conformément à la Charte de la langue française, la présente est disponible en français. Pour obtenir la version française, veuillez nous contacter à billingmdqc@gmail.com.

1. INTRODUCTION

This Privacy Policy describes how BillingMD Québec ("we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our mobile application (the "App").

BillingMD Québec is an independent tool and is not affiliated with, endorsed by, or officially connected to the Régie de l'assurance maladie du Québec (RAMQ) or the Government of Quebec. The App is intended to help Quebec physicians and authorized medical professionals organize and formulate billing information; it is not an official RAMQ system.

This Privacy Policy is intended to be consistent with:
- Quebec's Act respecting the protection of personal information in the private sector ("Law 25");
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

2. PERSONAL INFORMATION WE COLLECT

We collect only what we need to run the App and help you with billing-related tasks.

2.1 Account Information (Required)
- Email address (authentication, recovery, notifications)
- Name or display name (to identify your account)
- Authentication/identity data handled by Auth0
- Date/time of account creation

2.2 Professional / App Information (Optional but useful)
- Specialty or role
- Region/city of practice (not a full civic address)
- Billing preferences, saved templates, and custom descriptions
- Language/display settings

2.3 Technical Information (Automatic)
- Device type, OS version, app version
- Basic usage analytics (which screens/features are used)
- IP address at the time of access (for security and rate limiting)
- Crash/error logs to improve stability

2.4 Communications
- Support emails and messages sent to billingmdqc@gmail.com
- Our replies to you
- Voluntary feedback or survey responses

2.5 Voice/Audio Data (Optional Feature)
- If you choose to use the voice dictation feature, the App will request microphone permission to enable voice input
- We temporarily collect audio recordings of your voice when you dictate procedure descriptions
- Audio files are sent to our cloud processing service (AWS Lambda) for transcription into text
- The audio is immediately discarded after transcription is complete; only the resulting text is retained
- Voice recordings are not stored, saved, or used for any purpose other than transcription
- You can disable microphone permission in your device settings at any time, though this will disable voice input features

3. INFORMATION WE DO NOT COLLECT

This App is not designed for patient data. You must not enter any patient-identifying information.

We do NOT collect:
- Patient names, RAMQ numbers, MRNs, dates of birth, or any combination that could identify a patient
- Diagnoses or treatments tied to an identifiable person
- Social Insurance Numbers
- Payment card/bank account numbers (payments, if any, are processed by platforms)
If you accidentally enter patient data, you should delete it and notify us.

4. PURPOSES AND LEGAL BASES

We process your data in order to:
- create and manage your account,
- provide billing reference/assistance features,
- process voice dictation into text (if you use this feature),
- secure and improve the App,
- respond to support requests,
- comply with legal obligations.

Legal bases: your consent, performance of a contract (you asked us to provide the App), our legitimate interest in operating a secure and useful app, and, where applicable, legal requirements.

5. DATA SHARING AND DISCLOSURE

We do not sell or rent your personal information.

We may share limited data with:
- Auth0 (for secure authentication)
- Cloud/hosting providers (to store app data)
- Cloud processing services (e.g., AWS Lambda for voice transcription, if you use voice dictation)
- Optional analytics/crash services (to improve quality)
These providers process data only to deliver their service to us and must protect it.

We may also disclose information:
- if required by law or a valid legal process,
- to protect our rights, users, or the service,
- in connection with a business transfer (you will be informed).

6. STORAGE, SECURITY, AND RETENTION

6.1 Storage
We use reputable cloud/identity providers. We try to keep data in Canada when feasible, but some processing (for example by Auth0) may occur outside Canada.

6.2 Security
We use reasonable security measures for an app of this nature: HTTPS/TLS, access controls, and separation between authentication and app data. No security is perfect; if we detect a breach that affects you, we will notify you.

6.3 Retention
- Active accounts: we keep your data while your account is active so the App works.
- Deleted accounts: when you delete your account or request deletion, we delete active data within about 30 days.
- Backups/logs: older backups may retain data for up to ~90 days, then roll off.
- Inactive accounts: if you simply stop using the App without deleting your account, we may treat the account as inactive and delete or anonymize data after 24 months of inactivity.
- Voice/audio data: audio recordings are discarded immediately after transcription; they are not retained or stored.
- You can request early deletion at any time by emailing billingmdqc@gmail.com.
- We may retain minimal data longer if required by law or to resolve disputes.

7. INTERNATIONAL TRANSFERS

Because we rely on external providers (e.g. Auth0), your data may be processed in other jurisdictions. We limit what is sent and choose providers with appropriate safeguards.

8. YOUR RIGHTS

You can:
- request access to the personal information we hold about you;
- request correction of inaccurate information;
- request deletion of your account/data;
- withdraw consent for optional features (analytics, certain notifications);
- ask which service providers we use.

To exercise any right, email: billingmdqc@gmail.com. We aim to respond within 30 days.

If you are not satisfied, you may contact:
- Commission d'accès à l'information du Québec: www.cai.gouv.qc.ca
- Office of the Privacy Commissioner of Canada: www.priv.gc.ca

9. CONSENT AND WITHDRAWAL

You give consent when creating an account and using the App. You may withdraw consent for non-essential processing at any time. If you withdraw consent for essential processing (like authentication), the App may no longer function.

10. LOCAL STORAGE / TOKENS

The App may store tokens and preferences locally on your device to keep you signed in and remember your settings. Optional analytics SDKs may also store minimal data; you can ask us to turn this off.

11. DATA BREACH NOTIFICATION

If a breach creates a risk of significant harm, we will notify affected users and, where applicable, Quebec/Canadian authorities, with information on what happened and what to do.

12. CHILDREN

This App is for healthcare professionals 18+. If we learn we collected data from someone under 18, we will delete it.

13. CHANGES TO THIS POLICY

We may update this Policy as the App evolves. We will update the "Last Updated" date and may notify you in-app or by email for material changes.

14. CONTACT

All privacy questions, deletion/portability requests, and language requests:
Email: billingmdqc@gmail.com
We handle privacy matters electronically. A business mailing address can be provided on request or as required under Quebec law.

15. GOVERNING LAW

This Policy is governed by the laws of Quebec and Canada.

16. ACKNOWLEDGMENT

By using the App, you acknowledge that you have read and understood this Policy, that you will not enter patient-identifying information, and that you may request deletion at any time.