Clinics ask us two questions: "Is this compliant?" and "Where does my patients' data go?" Here are real answers — including the parts other vendors leave out.
There is no such thing as a "PHIPA certificate" or "PIPEDA certification." Any vendor claiming to be "certified compliant" is overselling. Under Canadian law, your clinic remains the custodian of patient information — a vendor like us acts as your service provider (in Ontario, your "agent" under PHIPA) and our job is to make your compliance easy and defensible.
So instead of badges, we give you the actual artifacts your privacy obligations call for: a signable data processing agreement, a documented data-flow map, a subprocessor register, a breach-notification commitment with a number on it, and a Privacy Impact Assessment support package. That's what "built for PIPEDA, PHIPA and BC PIPA" means here.
| Data | Purpose | Retention |
|---|---|---|
| Call audio | Real-time conversation processing only | Not retained by default (transcribe-and-discard) |
| Call transcript | Complete the booking, quality review by your clinic | Configurable: 0–30 days, then deleted |
| Caller name & callback number | Booking request / message delivery to your clinic | Delivered to your clinic; our copy deleted per retention schedule |
| Appointment details (service, preferred times) | Booking request delivery | Same as above |
| Health card numbers / clinical details | Not collected — the AI is designed to defer these to your staff | N/A by design |
Every call opens with a disclosure that the caller is speaking with an AI assistant and that the call is transcribed to complete their booking. Callers can say "human" or "voicemail" at any time and get exactly that — a genuine decline path, as Canadian privacy regulators expect.
We transcribe and discard. Raw call audio is not retained unless your clinic explicitly turns recording on — and then the call-start disclosure says so. Transcripts auto-delete on your chosen schedule.
Neither we nor our AI subprocessors train models on your clinic's or your patients' data — contractually locked in our agreements with every provider in the chain.
Stored data lives in Canada (Google Cloud Montréal/Toronto). Real-time call media may transit US infrastructure of our media provider — we say that plainly, because "100% Canadian" claims that ignore transit are how vendors get clinics in trouble in a Privacy Impact Assessment.
If we confirm a security incident affecting your data, we notify your clinic within 48 hours — contractually — and support your notifications to regulators and patients. We keep incident records per PIPEDA's 24-month requirement.
Every clinic gets a signable Data Processing Agreement (PHIPA agent / BC PIPA / PIPEDA schedules), a data-flow diagram, and a PIA support package — pre-filled answers for your college's or insurer's privacy questionnaire.
We operate SOC 2-aligned controls. We do not claim a SOC 2 audit until we have one — when a clinic network requires the report, we'll complete the audit. Ask us anything: our security posture is an open book for prospective clinics.
Who touches data, what they do, and where. We notify clinics 30 days before any change to this list.
| Vendor | Role | Location | Agreement |
|---|---|---|---|
| Google Cloud (Vertex AI / Gemini) | Real-time speech understanding & response | Canada (Montréal / Toronto regions) for production workloads | Google Cloud Data Processing Addendum; no training on customer data |
| LiveKit Cloud | Real-time call media infrastructure | US media transit (disclosed transparently) | DPA; SOC 2 |
| Telnyx | Telephone network (SIP) & phone numbers | Canadian network points of presence (Vancouver) | DPA |
| Email delivery provider | Booking request delivery to your clinic | Canada/US (disclosed at onboarding) | DPA |
"Hi, you've reached [Your Clinic]. I'm an AI assistant that helps with appointments and messages. This call is transcribed so the clinic can complete your booking. If you'd rather not speak with an AI, just say 'voicemail' or 'human' at any time. How can I help you today?"
This wording follows the Office of the Privacy Commissioner's call-recording guidance and the 2026 provincial regulator guidance on AI tools in healthcare: identify the AI before collecting anything, state the purpose, and offer a real alternative. Continued conversation after clear notice constitutes valid consent — and patients who prefer a human always get one.
Our designated Privacy Officer is the founder — reach them at privacy@zeromiss.ca. Patients should contact their clinic first (the clinic remains custodian of their information); we support every access and correction request within 5 business days. Unresolved concerns can be escalated to the Office of the Privacy Commissioner of Canada, the BC OIPC, or the Ontario IPC.
Last updated: June 2026