Privacy Policy | Protect Your Privacy - Learn More

Privacy Policy

Updated Effective Date: May 20, 2026

INTRODUCTION

Your privacy is a top priority for us. This Privacy Policy outlines how RoseWell Health ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website. RoseWell Health operates exclusively in British Columbia and provides virtual healthcare, educational and related services only. We are committed to protecting your privacy in compliance with applicable Canadian privacy laws, including British Columbia's Personal Information Protection Act (PIPA) and relevant provincial health information legislation. By accessing or using this website, you agree to be bound by these Terms and Privacy Policy. If you do not agree with any part of these Terms or Privacy Policy, you must not use this website.RoseWell Health delivers healthcare and educational services exclusively through third party virtual platforms. We comply with privacy law requirements that apply to telehealth service delivery. This includes:Obtaining informed consent for the collection, use, and disclosure of personal health information through virtual platformsTaking reasonable steps to ensure secure transmission of health information during virtual appointmentsUsing only technology platforms that meet privacy and security standards appropriate for health informationProviding you with clear information about how your health information is collected, used, and stored in a virtual care environmentMaintaining the same confidentiality and privacy protections in virtual care as would apply to in-person care

COLLECTION OF PERSONAL INFORMATION

RoseWell Health provides holistic services including certain healthcare and educational offerings through our virtual services. We may collect information about you related to your enrolment, engagement, administration and the provision of those services, including as described below. By providing us with your personal information through our website, virtual clinic platform, or other digital services, you consent to our collection, use, disclosure, and retention of that information in accordance with this Privacy Policy and as permitted by law.

Identity Verification

At your first appointment, we will request to review your government-issued identification to verify your identity matches your profile information, as required by professional practice standards. We review your government-issued identification solely to verify your identity and ensure patient safety. We document in your medical chart that identification has been reviewed and may note the expiry date for record-keeping purposes. We do not make copies of, photograph, or otherwise store images of your identification documents. This practice complies with professional standards while minimizing collection of personal information.We may collect personal information from you in the following ways:

Information you provide to us: This includes your name, email address, phone number, and any other information you voluntarily submit through contact forms, appointment requests, or when subscribing to our newsletter. Payment card information is collected and stored through Jane App using Stripe payment processing and is not directly accessible by RoseWell Health.

Automatically collected information (Cookies and Tracking): When you visit our website, we may automatically collect certain information about your device and usage, such as your IP address, browser type, operating system, pages you visit, and the time and date of your visit. This information is collected using cookies, web beacons, Google Analytics, and Squarespace analytics tools, and other similar technologies. We use this information to understand website traffic patterns and improve user experience. You can control cookie settings through your web browser, but please note that disabling cookies may affect the functionality of our website.

COLLECTION OF PERSONAL HEALTH INFORMATION (PHI)

We will treat the personal information about your health (PHI) with the utmost care and confidentiality. We handle all PHI in accordance with our professional and legal obligations.

Types of Health Information Collected

During your appointments and through our intake process, we collect comprehensive health information relevant to your care, including but not limited to: your medical history, current symptoms, diagnoses, medications, test results, family health history, sexual and reproductive health information, substance use history, and other information pertinent to women's health services. We may collect information about mental health conditions where relevant to your overall care, within our scope of practice. We do not collect biometric data such as photographs or videos. We do not record video or audio from virtual appointments except as described in Section 2.3 regarding AI scribe technology.

Video Consultation Privacy

Virtual appointments conducted through Jane App's video platform are real-time exclusively between you and your healthcare provider, with no recording or data storage of any kind unless you provide separate written consent for a specific purpose (such as AI scribe transcription of audio only, as described in Section 2.3).

Use of AI Scribe Technology

Our clinic uses the following AI-assisted scribe tools to help transcribe parts of your visit into clinical notes:Jane App’s AI ScribeHeidi Health’s Heidi Scribe (For more information about Heidi Health’s privacy practices, you may review their privacy policy at: https://www.heidihealth.com/en-ca/legal/privacy-policy)Before your appointment is transcribed, your clinician removes or de-identifies any patient identifiers, only the clinical content of the conversation is transcribed. The tools support documentation only; all notes are reviewed and approved by your clinician, and the AI systems do not provide medical advice or make decisions. Your information is handled in accordance with applicable health-care privacy requirements. Limited audio or text from your visit may be securely processed by the AI services listed above for documentation purposes. Only the finalized clinician-reviewed note becomes part of your medical record. Participation is entirely voluntary, and you may decline or withdraw consent at any time without affecting the quality of your care or creating any barriers to service. If you prefer not to use an AI scribe tool, your clinician will document your visit manually.

USE OF PERSONAL INFORMATION

We use the personal information we collect to provide you with the health care and educational services you request, including for related administrative, billing and collections purposes, and as permitted by law as well as for the following purposes:To respond to your inquiries and provide you with information you request.To schedule and manage appointments, and to provide you with healthcare services.To improve our website and services by analyzing website traffic and user behaviour.To send you newsletters, updates, or promotional materials if you have explicitly opted in to receive them.To comply with our legal and regulatory obligations, including record-keeping requirements.To conduct quality improvement activities and clinical audits as required by the British Columbia College of Nurses and Midwives and other approved auditors to ensure compliance with professional practice standards and to maintain high-quality patient care. All auditors are bound by confidentiality obligations and professional standards.To conduct voluntary patient satisfaction surveys to assess and improve the quality of our services. Participation in surveys is entirely optional and will not affect your care. Survey responses may be collected anonymously or with identifying information, and will be used solely for internal quality improvement purposes.

DISCLOSURE OF PERSONAL INFORMATION

As permitted by applicable law, we may share your personal information or PHI as follows:

To Our Service Providers

We use the following third-party service providers to deliver our virtual clinic and educational services, as well as to assist us in the administrative aspects of delivering our services:

Jane App – Primary Platform Provider

Jane App serves as our electronic medical records (EMR) system, appointment booking platform, secure patient messaging portal, payment processing interface, and video consultation platform.

Data Storage Location: RoseWell Health has selected Jane App's Canadian regional data centre for storage of all patient information. Your health information is stored on servers located in Canada.

Data Ownership: RoseWell Health retains full ownership and control of all patient data stored in the Jane App platform. Jane App acts solely as a data processor/service provider.

Security Measures: Jane App encrypts data using 128-bit encryption when transmitted between your device and their servers, and stores data using 256-bit encryption. Jane App maintains SOC 2 Type 2 certification and implements industry-standard security controls.

Limited U.S. Processing for Specific Features: While patient data is stored in Canada, some specific Jane App features involve temporary data processing in the United States or other regions, including: SMS/text message appointment reminders (processed through Twilio)Group appointment featuresEmail appointment reminders (processed through Amazon Simple Email Service)By using these features, you acknowledge and consent to limited temporary data processing outside of Canada for these specific purposes. Jane App does not transfer complete medical or health record data from charts to third party vendors, and limits the information shared to the minimum necessary (such as your name, appointment time, and contact information).

Jane App's Privacy Practices: For more information about Jane App's privacy and security practices, you may review their privacy notice at: https://jane.app/legal/privacy-notice

Other Service Providers

In addition to Jane App, RoseWell Health uses the following third-party service providers in connection with the operation of this website and the delivery of our virtual clinic services. Each provider is engaged only to the extent necessary for its specific function and is required to handle any personal information in accordance with applicable privacy legislation. Where a provider may process data outside of Canada, this is noted below:

Stripe – payment processing (integrated through Jane App) for appointment fees and credit card storage

Documo – secure e-fax services for referrals and healthcare communications (integrated through Jane App)

AI transcription services – either through Jane App's integrated AI scribe or Heidi Health for clinical documentation (as described in Section 2.3)

QuickBooks – bookkeeping and accounting services (does not access patient health information)

Google Analytics and Squarespace – website analytics and hosting

Amazon Simple Email Service (SES) – for sending appointment reminder emails (integrated through Jane App)

Twilio – for sending SMS/text message appointment reminders (integrated through Jane App)

MailerLite – email marketing and newsletter subscription management for patients and subscribers who have opted in to receive communications. MailerLite processes subscriber names and email addresses only, and does not have access to any PHI or medical record data. MailerLite may store and process data on servers located outside of Canada; their privacy practices can be reviewed at: https://www.mailerlite.com/legal/privacy-policyThese communication providers have access only to the information necessary to deliver their services and do not receive medical or health record data.All service providers are required to adhere to strict confidentiality and data security protocols. Some of these service providers may store or process data on servers located outside of Canada (as specified above), which may be subject to foreign laws including disclosure requirements under foreign government authorities.

To Other Healthcare Providers

We may share your health information with pharmacies, laboratories, specialists, or other healthcare providers involved in your care, as reasonably necessary to provide you with appropriate medical services. Electronic referrals are transmitted through secure e-fax services (Documo, integrated through Jane App) or through Pathways BC referral platform. Information shared with external healthcare providers is limited to what is necessary for your care.

Secure Messaging and Appointment Reminders

We communicate with patients through Jane App's secure messaging portal, which forms part of your medical record. All chart communications, including secure messages, are retained as part of your permanent medical record. Appointment reminders are sent through third-party communication services:Email reminders are sent through Amazon Simple Email Service (SES)SMS/text reminders are sent through TwilioThese appointment reminders contain only non-medical information necessary for the appointment (your name, appointment date/time, and clinic contact information). No health information or medical record data is included in these reminders.By providing your email address or mobile phone number and opting in to receive appointment reminders, you consent to these communications being processed through the third-party services listed above, which may involve temporary data processing in the United States.

Other Disclosures

As permitted or required by applicable law, we may disclose your personal information or PHI in the following circumstances:

When required by law: We may be required to disclose your personal information or PHI in response to a court order, subpoena, warrant, or other legal process served on RoseWell Health, or as otherwise required by applicable federal or provincial legislation.

Mandatory reporting obligations: We may be required by law to disclose certain personal information or PHI without your consent, including reporting obligations under public health legislation (such as reportable communicable diseases), child protection reporting obligations under British Columbia's Child, Family and Community Service Act, and any other mandatory reporting requirements imposed by applicable law or our professional regulatory body.

o prevent serious harm: We may disclose your personal information or PHI, without your consent, where we reasonably believe disclosure is necessary to prevent or reduce a significant risk of serious harm to you or to another individual, as permitted under PIPA and applicable health legislation.

To professional or regulatory bodies: We may disclose your personal information or PHI to the British Columbia College of Nurses and Midwives (BCCNM) or other applicable regulatory or professional bodies, to the extent required or permitted by law in connection with regulatory investigations, audits, or proceedings involving RoseWell Health or your care.

In connection with a business transaction: In the event that RoseWell Health undergoes a change of ownership, amalgamation, dissolution, or ceases operations, your personal information and medical records may be disclosed or transferred to a successor, acquiring party, or records custodian, subject to equivalent privacy protections and in compliance with applicable retention requirements and privacy legislation. We will notify you of any such transfer to the extent required by law.

With your explicit consent: We may disclose your personal information or PHI for other purposes not described in this Privacy Policy with your prior explicit, written consent.

DATA RETENTION

We will retain your personal information in accordance with professional regulatory requirements set by the British Columbia College of Nurses and Midwives (BCCNM). Medical records, including clinical notes and secure messaging communications, are retained for no fewer than 16 years from the date of last service, in compliance with BCCNM standards. Payment and financial records are retained for tax and accounting purposes as required by applicable financial regulations. Website analytics and technical logs are retained only as long as necessary for website operation and improvement purposes. Marketing data (email subscriptions) is retained until you unsubscribe.If you stop using our services or request closure of your account, your medical records will continue to be retained for the minimum 16-year period required by professional standards. Medical records are stored securely within Jane App for as long as RoseWell Health maintains an active subscription. If RoseWell Health ceases operations, all patient records will be securely exported from Jane App and stored in compliance with the 16-year retention requirement and applicable privacy legislation.We will retain your non-health care records for as long as reasonably required to fulfill the purpose for which it is collected or used, for as long as we have a business or legal reason to do so, or as otherwise permitted or required by law.If you no longer use our services and have not requested that we forward your health records to another provider, we may securely destroy your records in accordance with privacy laws and our professional obligations.

SECURITY

We implement reasonable technical safeguards to protect your personal information from unauthorized access, use, or disclosure. As a virtual-only practice, we rely on the security measures implemented by our third-party service providers, including Jane App's encryption protocols, secure access controls, and compliance with Canadian privacy standards.

Jane App Security MeasuresFor a full description of Jane App's security measures, including encryption standards, SOC 2 Type 2 certification, access controls, and Canadian data storage, please refer to Section 4.1 (To Our Service Providers) above.

RoseWell Health Security PracticesRoseWell Health is a sole practitioner practice, and access to patient health information through the Jane App platform is strictly limited to the authorized healthcare providerWe maintain cybersecurity insurance as an additional layer of protectionAll staff (currently sole practitioner) receive training on privacy and security practicesHowever, no data transmission over the internet is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security practices and use nonpublic personal information for improper purposes. Therefore, we are not responsible for circumvention of any privacy settings or security measures contained on our website or on any of the third party virtual platforms we deliver health care and educational services through, or for actions of third parties. The safety and security of your information also depends on you, and you are responsible for keeping your password confidential. Also, always remember to log off your account and close your browser window when you have finished your visit. This is to ensure that others cannot access your account, especially if you are sharing a computer with someone else or are using a computer in a public place.

EXTERNAL WEBSITES & THIRD-PARTY SERVICES

Our website may contain links to external sites including professional medical organizations (such as the Menopause Society, Canadian Menopause Society, and Heather Hirsch Academy), educational resources, podcasts, books, and other health information websites. We also maintain resource pages with links to external content for patient education. Please note that we do not control the privacy practices of these external parties. Any information you share while visiting another website or using third-party services is governed by that provider’s privacy policy.

UNSUBSCRIBING FROM COMMUNICATIONS

You can opt out of our mailing list at any time by clicking the unsubscribe link found in the emails you receive from us.

YOUR RIGHTS

You have the right to access and correct your personal information held by us. You may request access to your complete medical record, including raw data, clinical notes, test results, and secure message communications. We will respond to access requests promptly, typically within 30 days. If you wish to review, update, or request correction of your information, please contact us. Corrections to medical records will be made through addendum notes as appropriate, in accordance with professional documentation standards.Please note that certain health information relevant to your visit must be documented to meet professional practice standards set by the BCCNM and cannot be omitted from your medical record, though you may decline use of AI transcription services at any time. You may also withdraw consent for certain uses of your information, subject to legal and professional record retention requirements.If you have concerns or questions about our personal information handling practices or to exercise any of your rights, please contact us at:Email: info@rosewellhealth.ca RoseWell Health takes any complaint about its privacy practices seriously and will investigate all complaints. If RoseWell Health finds a complaint justified, we will take the necessary steps to resolve it. The complainant will be informed of the outcome of the investigation regarding any complaint. If you are not satisfied with RoseWell Health's response to a complaint, you may have options to exercise various complaint procedures, including with the relevant Privacy Commissioner or regulatory authority.

How We Obtain Consent

Consent for the collection, use, and disclosure of your PHI is obtained in several ways:

Electronic consent: Through checkboxes or electronic signature on intake forms and consent documents presented through Jane App

Verbal consent: For treatment and certain procedures, documented in your medical chart by your healthcare provider in accordance with practice standards

Implied consent: By accessing and using our website and virtual clinic services, you consent to the collection and use of information for the services you request and as reasonably related, as well as described in this Privacy PolicyConsent for the collection and use of your health information is necessary to provide you with healthcare services. You may opt in to receive newsletters or marketing communications through a checkbox when providing your email address on our website; you can unsubscribe at any time.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The revised policy will be posted on this page with an updated effective date. Material changes may also be communicated to active patients via email through Jane App. We encourage you to review any changes to understand how we are protecting your information. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

CONTACT INFORMATION

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact:

RoseWell HealthEmail: info@rosewellhealth.caRoseWell Health operates as a virtual-only clinic. All communications are conducted through email, virtual appointments, or secure messaging within the Jane App patient portal. We do not maintain a public physical address or telephone number.