Privacy Policy

Effective Date: December 19, 2025

INTRODUCTION

Your privacy is a top priority for us. This Privacy Policy outlines how RoseWell Health ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website. RoseWell Health operates exclusively in British Columbia and provides virtual healthcare services only. We are committed to protecting your privacy in compliance with applicable Canadian privacy laws, including British Columbia's Personal Information Protection Act (PIPA) and any provincial health information legislation. By accessing or using this website, you agree to be bound by these Terms and Privacy Policy. If you do not agree with any part of these Terms or Privacy Policy, you must not use this website.

RoseWell Health delivers healthcare services exclusively through third party virtual platforms. We comply with PIPA's requirements specific to telehealth service delivery. This includes:

• Obtaining informed consent for the collection, use, and disclosure of personal health information through virtual platforms

• Ensuring secure transmission of health information during virtual appointments

• Using only technology platforms that meet privacy and security standards appropriate for health information

• Providing you with clear information about how your health information is collected, used, and stored in a virtual care environment

• Maintaining the same confidentiality and privacy protections in virtual care as would apply to in-person care

1. COLLECTION OF PERSONAL INFORMATION

By providing us with your personal health information through our website, virtual clinic platform, or other digital services, you consent to our collection, use, disclosure, and retention of that information in accordance with this Privacy Policy and as permitted by law.

1. Identity Verification

At your first appointment, we will request to review your government-issued identification to verify your identity matches your profile information, as required by professional practice standards. We review your government-issued identification solely to verify your identity and ensure patient safety. We document in your medical chart that identification has been reviewed and may note the expiry date for record-keeping purposes. We do not make copies of, photograph, or otherwise store images of your identification documents. This practice complies with professional standards while minimizing collection of personal information.

We may collect personal information from you in the following ways:

• Information you provide to us: This includes your name, email address, phone number, and any other information you voluntarily submit through contact forms, appointment requests, or when subscribing to our newsletter. Payment card information is collected and stored through Jane App using Stripe payment processing and is not directly accessible by RoseWell Health.

• Automatically collected information (Cookies and Tracking): When you visit our website, we may automatically collect certain information about your device and usage, such as your IP address, browser type, operating system, pages you visit, and the time and date of your visit. This information is collected using cookies, web beacons, Google Analytics, and Squarespace analytics tools, and other similar technologies. We use this information to understand website traffic patterns and improve user experience. You can control cookie settings through your web browser, but please note that disabling cookies may affect the functionality of our website.

1. COLLECTION OF PERSONAL HEALTH INFORMATION (PHI)

Any information you provide to us through our website and virtual clinic platform that is considered "Personal Health Information" (PHI) under applicable legislation (e.g. PHIPA) will be treated with the utmost care and confidentiality. We handle all PHI in strict accordance with our professional and legal obligations.

1. Types of Health Information Collected

During your appointments and through our intake process, we collect comprehensive health information relevant to your care, including but not limited to: your medical history, current symptoms, diagnoses, medications, test results, family health history, sexual and reproductive health information, substance use history, and other information pertinent to women's health services. We may collect information about mental health conditions where relevant to your overall care, within our scope of practice. We do not collect biometric data such as photographs or videos. We do not record video or audio from virtual appointments except as described in Section 2.3 regarding AI scribe technology.

1. Video Consultation Privacy

Virtual appointments conducted through Jane App's video platform are real-time exclusively between you and your healthcare provider, with no recording or data storage of any kind unless you provide separate written consent for a specific purpose (such as AI scribe transcription of audio only, as described in Section 2.3).

1. Use of AI Scribe Technology

Our clinic uses an AI-assisted scribe tool to help transcribe parts of your visit into clinical notes. Before your appointment is transcribed, your clinician removes or de-identifies any patient identifiers, only the clinical content of the conversation is transcribed. The tool supports documentation only; all notes are reviewed and approved by your clinician, and the AI system does not provide medical advice or make decisions. Your information is handled in accordance with British Columbia's Personal Information Protection Act (PIPA) and applicable health-care privacy requirements. Limited audio or text from your visit may be securely processed by the AI service for documentation purposes. Only the finalized clinician-reviewed note becomes part of your medical record. Participation is entirely voluntary, and you may decline or withdraw consent at any time without affecting the quality of your care or creating any barriers to service. If you prefer not to use the AI scribe, your clinician will document your visit manually.

1. USE OF PERSONAL INFORMATION

We use the personal information and PHI we collect for the following purposes:

• To respond to your inquiries and provide you with information you request.

• To schedule and manage appointments, and to provide you with healthcare services.

• To improve our website and services by analyzing website traffic and user behaviour.

• To send you newsletters, updates, or promotional materials if you have explicitly opted in to receive them.

• To comply with our legal and regulatory obligations, including record-keeping requirements.

• To conduct quality improvement activities and clinical audits as required by the British Columbia College of Nurses and Midwives and other approved auditors to ensure compliance with professional practice standards and to maintain high-quality patient care. All auditors are bound by confidentiality obligations and professional standards.

• To conduct voluntary patient satisfaction surveys to assess and improve the quality of our services. Participation in surveys is entirely optional and will not affect your care. Survey responses may be collected anonymously or with identifying information, and will be used solely for internal quality improvement purposes.

1. DISCLOSURE OF PERSONAL INFORMATION

We will not disclose your personal information or PHI to third parties without your express consent, except in the following circumstances:

1. To Our Service Providers

We use the following third-party service providers to deliver our virtual clinic services:

Jane App – Primary Platform Provider

Jane App serves as our electronic medical records (EMR) system, appointment booking platform, secure patient messaging portal, payment processing interface, and video consultation platform.

• Data Storage Location: RoseWell Health has selected Jane App's Canadian regional data centre for storage of all patient information. Your health information is stored on servers located in Canada.

• Data Ownership: RoseWell Health retains full ownership and control of all patient data stored in the Jane App platform. Jane App acts solely as a data processor/service provider. RoseWell Health has executed a Business Associate Agreement with Jane App requiring them to protect your information in accordance with applicable Canadian privacy laws including British Columbia's Personal Information Protection Act (PIPA).

• Security Measures: Jane App encrypts data using 128-bit encryption when transmitted between your device and their servers, and stores data using 256-bit encryption. Jane App maintains SOC 2 Type 2 certification and implements industry-standard security controls.

• Limited U.S. Processing for Specific Features: While patient data is stored in Canada, some specific Jane App features involve temporary data processing in the United States or other regions, including: 

• SMS/text message appointment reminders (processed through Twilio)

• Group appointment features

• Email appointment reminders (processed through Amazon Simple Email Service)

By using these features, you acknowledge and consent to limited temporary data processing outside of Canada for these specific purposes. Jane App does not transfer complete medical or health record data from charts to third party vendors, and limits the information shared to the minimum necessary (such as your name, appointment time, and contact information).

• Jane App's Privacy Practices: For more information about Jane App's privacy and security practices, you may review their privacy notice at: https://jane.app/legal/privacy-notice

Other Service Providers

• Stripe – payment processing (integrated through Jane App) for appointment fees and credit card storage

• Documo – secure e-fax services for referrals and healthcare communications (integrated through Jane App)

• AI transcription services – either through Jane App's integrated AI scribe or Heidi Health for clinical documentation (as described in Section 2.3)

• QuickBooks – bookkeeping and accounting services (does not access patient health information)

• Google Analytics and Squarespace – website analytics and hosting

• Amazon Simple Email Service (SES) – for sending appointment reminder emails (integrated through Jane App)

• Twilio – for sending SMS/text message appointment reminders (integrated through Jane App)

These communication providers have access only to the information necessary to deliver their services and do not receive medical or health record data.

All service providers are required to adhere to strict confidentiality and data security protocols. Some of these service providers may store or process data on servers located outside of Canada (as specified above), which may be subject to foreign laws including disclosure requirements under foreign government authorities.

1. To Other Healthcare Providers

We may share your health information with pharmacies, laboratories, specialists, or other healthcare providers involved in your care, as necessary to provide you with appropriate medical services. Electronic referrals are transmitted through secure e-fax services (Documo, integrated through Jane App) or through Pathways BC referral platform. Information shared with external healthcare providers is limited to what is necessary for your care.

1. Secure Messaging and Appointment Reminders

We communicate with patients through Jane App's secure messaging portal, which forms part of your medical record. All chart communications, including secure messages, are retained as part of your permanent medical record. Appointment reminders are sent through third-party communication services:

• Email reminders are sent through Amazon Simple Email Service (SES)

• SMS/text reminders are sent through Twilio

These appointment reminders contain only non-medical information necessary for the appointment (your name, appointment date/time, and clinic contact information). No health information or medical record data is included in these reminders.

By providing your email address or mobile phone number and opting in to receive appointment reminders, you consent to these communications being processed through the third-party services listed above, which may involve temporary data processing in the United States.

Other Disclosures

• When required by law: We may be required to disclose your information in response to a court order, subpoena, or other legal process.

• For professional or legal reasons: To protect our rights or property, or to enforce our website policies.

• With your explicit consent: We may disclose your information for other purposes with your explicit, written consent.

1. DATA RETENTION

We will retain your personal information in accordance with professional regulatory requirements set by the British Columbia College of Nurses and Midwives (BCCNM). Medical records, including clinical notes and secure messaging communications, are retained for no fewer than 16 years from the date of last service, in compliance with BCCNM standards. Payment and financial records are retained for tax and accounting purposes as required by applicable financial regulations. Website analytics and technical logs are retained only as long as necessary for website operation and improvement purposes. Marketing data (email subscriptions) is retained until you unsubscribe.

If you stop using our services or request closure of your account, your medical records will continue to be retained for the minimum 16-year period required by professional standards. Medical records are stored securely within Jane App for as long as RoseWell Health maintains an active subscription. If RoseWell Health ceases operations, all patient records will be securely exported from Jane App and stored in compliance with the 16-year retention requirement and applicable privacy legislation.

1. SECURITY

We implement reasonable technical safeguards to protect your personal information from unauthorized access, use, or disclosure. As a virtual-only practice, we rely on the security measures implemented by our third-party service providers, including Jane App's encryption protocols, secure access controls, and compliance with Canadian privacy standards.

Jane App Security Measures

• Encryption: Data is encrypted using 128-bit encryption during transmission between your device and Jane App's servers, and stored using 256-bit encryption at rest

• SOC 2 Type 2 Certification: Jane App maintains SOC 2 Type 2 certification, demonstrating compliance with industry-standard security controls

• Access Controls: Access to patient health information is strictly limited to authorized healthcare providers

• Canadian Data Storage: Patient data is stored in Jane App's Canadian regional data centre

RoseWell Health Security Practices

• RoseWell Health is a sole practitioner practice, and access to patient health information through the Jane App platform is strictly limited to the authorized healthcare provider

• We maintain cybersecurity insurance as an additional layer of protection

• All staff (currently sole practitioner) receive training on privacy and security practices

However, no data transmission over the internet is 100% secure, and we cannot guarantee its absolute security.

1. Data Breach Notification

In the event of a privacy breach involving your personal health information, we will notify you and the BC Office of the Information and Privacy Commissioner as required by law, and will take immediate steps to mitigate any harm and prevent future breaches.

1. EXTERNAL WEBSITES & THIRD-PARTY SERVICES

Our website may contain links to external sites including professional medical organizations (such as the Menopause Society, Canadian Menopause Society, and Heather Hirsch Academy), educational resources, podcasts, books, and other health information websites. We also maintain resource pages with links to external content for patient education. Please note that we do not control the privacy practices of these external parties. Any information you share while visiting another website or using third-party services is governed by that provider’s privacy policy.

1. UNSUBSCRIBING FROM COMMUNICATIONS

You can opt out of our mailing list at any time by clicking the unsubscribe link found in the emails you receive from us.

1. YOUR RIGHTS

You have the right to access and correct your personal information held by us. You may request access to your complete medical record, including raw data, clinical notes, test results, and secure message communications. We will respond to access requests promptly, typically within 30 days. If you wish to review, update, or request correction of your information, please contact us. Corrections to medical records will be made through addendum notes as appropriate, in accordance with professional documentation standards.

Please note that certain health information relevant to your visit must be documented to meet professional practice standards set by the BCCNM and cannot be omitted from your medical record, though you may decline use of AI transcription services at any time. You may also withdraw consent for certain uses of your information, subject to legal and professional record retention requirements.

1. How We Obtain Consent

Consent for the collection, use, and disclosure of your personal health information is obtained in several ways:

• Electronic consent: Through checkboxes or electronic signature on intake forms and consent documents presented through Jane App

• Verbal consent: For treatment and certain procedures, documented in your medical chart by your healthcare provider in accordance with practice standards

• Implied consent: By accessing and using our website and virtual clinic services, you consent to the collection and use of information as described in this Privacy Policy

Consent for the collection and use of your health information is necessary to provide you with healthcare services. You may opt in to receive newsletters or marketing communications through a checkbox when providing your email address on our website; you can unsubscribe at any time.

1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The revised policy will be posted on this page with an updated effective date. Material changes may also be communicated to active patients via email through Jane App. We encourage you to review any changes to understand how we are protecting your information. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

1. CONTACT INFORMATION

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact:

RoseWell Health
Email: info@rosewellhealth.ca

RoseWell Health operates as a virtual-only clinic. All communications are conducted through email, virtual appointments, or secure messaging within the Jane App patient portal. We do not maintain a public physical address or telephone number.