MedStack Legal Documents

Privacy Notice

Last updated: June 29, 2022

This MedStack Privacy Notice describes how we collect and use your personal information in relation to MedStack websites, products, services, and events that reference this Privacy Notice (together, “MedStack Offerings”).

This Privacy Notice does not apply to the “content” (which may contain personal data) processed, stored, or hosted by our customers using MedStack Offerings in connection with a MedStack account. See the agreement governing your access to your MedStack account for more information about how we handle content and how our customers can control their content through MedStack Offerings. This Privacy Notice also does not apply to any products, services, websites, or content that are offered by third parties, or have their own privacy notice.

Who We Are

MedStack, Inc.
14 Sevenoaks Avenue
Toronto, Ontario M8Z 3P8, Canada

Our privacy officer is Simon Woodside.

Inquiries About Health Information

We do not directly collect, use or disclose personal health information (PHI) that is protected by law. We provide technical services for companies who provide services to individuals, healthcare professionals, companies and institutions. If you have an inquiry about the collection, use or disclosure of PHI by one of our customers, please contact them directly.

Personal Information We Collect

We collect your personal information in the course of providing MedStack Offerings to you.

Here are the types of information we gather:

  • Information You Give Us: We collect any information you provide in relation to MedStack Offerings.
  • Automatic Information: We automatically collect certain types of information when you interact with MedStack Offerings.
  • Information from Other Sources: We might collect information about you from other sources, including service providers, partners, and publicly available sources.

How We Use Personal Information

We use your personal information to operate, provide, and improve MedStack Offerings. Our purposes for using personal information include:

  • Provide MedStack Offerings: We use your personal information to provide and deliver MedStack Offerings and process transactions related to MedStack Offerings, including registrations, subscriptions, purchases, and payments.
  • Measure, Support, and Improve MedStack Offerings: We use your personal information to measure use of, analyze performance of, fix errors in, provide support for, improve, and develop MedStack Offerings.
  • Comply with Legal Obligations: In certain cases, we have a legal obligation to collect, use, or retain your personal information. For example, we collect contact information required for compliance notifications.
  • Communicate with You: We use your personal information to communicate with you in relation to MedStack Offerings via different channels (e.g., by phone, email, chat) and to respond to your requests.
  • Marketing: We use your personal information to market and promote MedStack Offerings. For example, we might show interest-based advertising on other websites.
  • Fraud and Abuse Prevention: We use your personal information to prevent and detect fraud and abuse in order to protect the security of our customers, MedStack, and others. We may also use scoring methods to assess and manage credit risks.
  • Purposes for Which We Seek Your Consent: We may also ask for your consent to use your personal information for a specific purpose that we communicate to you.

To enable our systems to recognize your browser or device and to provide MedStack Offerings, we use cookies. For more information about cookies and how we use them, please read our Cookies Notice.

How We Share Personal Information

Information about our customers is an important part of our business. MedStack does not sell customers’ personal information to others. We share personal information only as described below:

  • Transactions Involving Third Parties: We make available to you services, software, and content provided by third parties for use on or through MedStack Offerings. You can tell when a third party is involved in your transactions, and we share information related to those transactions with that third party.
  • Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, processing payments, analysing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Notice and as permitted by applicable data protection law.
  • Business Transfers: As we continue to develop our business, we might sell or buy businesses or services. In such transactions, personal information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the individual consents otherwise). Also, in the unlikely event that AWS or substantially all of its assets are acquired, your information will of course be one of the transferred assets.
  • Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of MedStack, our customers, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
  • At Your Option: Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

Location of Personal Information

We are located in Canada, and our affiliated companies are located throughout the world. Depending on the scope of your interactions with MedStack Offerings, your personal information may be stored in or accessed from multiple countries, including Canada. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.

How We Secure Information

At MedStack, security is our highest priority. We design our systems with your security and privacy in mind.

  • We maintain a wide variety of compliance programs that validate our security controls.
  • We protect the security of your information during transmission to or from MedStack websites, applications, products, or services by using encryption protocols and software.
  • We delegate handling credit card data to Payment Card Industry Data Security Standard (PCI DSS) providers.
  • We implement reasonable measures designed to secure information from accidental loss and from unauthorised access, use, alteration and disclosure.
  • We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.

Internet Advertising and Third Parties

MedStack Offerings may include third-party advertising and links to other websites and applications. Third party advertising partners may collect information about you when you interact with their content, advertising, or services.

Access and Choice

You can view, update, and delete certain information about your account and your interactions with MedStack Offerings. If you cannot access or update your information yourself, you can always contact us for assistance.

You have choices about the collection and use of your personal information. You can choose not to provide certain information, but then you might not be able to take advantage of certain MedStack Offerings.

  • Account Information: If you want to add, update, or delete information related to your account, please go to the MedStack Dashboard. When you update or delete any information, we may keep a copy of the prior version for our records.
  • Communications: If you do not want to receive promotional messages from us, please unsubscribe or adjust your communication preferences in the MedStack Dashboard or by using the links at the bottom of promotional messages.
  • Browser and Devices: The Help feature on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Children’s Personal Information

We don’t provide MedStack Offerings for purchase by children. If you’re under 18, you may use MedStack Offerings only with the involvement of a parent or guardian.

Retention of Personal Information

We keep your personal information to enable your continued use of MedStack Offerings, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with applicable law.

Contacts, Notices, and Revisions

If you have any concerns about privacy at MedStack, please contact us through support with a thorough description, and we will try to resolve the issue for you.

For any prospective or current customers of MedStack, our mailing address is provided in “Who We Are” above.

Contact details for specific jurisdictions including the European Economic Area, the UK and Switzerland, can be found in “Additional Information for Certain Jurisdictions” below.

If you interact with MedStack Offerings on behalf of or through your organization, then your personal information may also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your organization.

Our business changes constantly, and our Privacy Notice may also change. You should check our website frequently to see recent changes. You can see the date on which the latest version of this Privacy Notice was posted. Unless stated otherwise, our current Privacy Notice applies to all personal information we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of personal information collected in the past without informing affected customers and giving them a choice.

Additional Information for Certain Jurisdictions

We provide additional information about our controllers and data protection officers (as applicable), the privacy, collection, and use of personal information of prospective and current customers of MedStack Offerings located in certain jurisdictions.


These additional disclosures are required by the California Consumer Privacy Act and are effective as of February 9, 2021:

Categories of personal information collected. The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the California Consumer Privacy Act, depending on how you engage with the MedStack Offerings:

  • Identifiers, such as your name, alias, address, phone numbers, or IP address;
  • characteristics of protected classifications under California or US federal law, such as age or gender, for example if we conduct user surveys or analysis;
  • commercial information: our payment processors may receive your personal transaction data as it relates to the purchase of MedStack Offerings;
  • Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
  • geolocation data, such as the location of your device or computer, for example if you enable location services to enhance your experience through event applications we offer;
  • audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
  • professional or employment-related information, for example data you may provide about your business;
  • inference data, such as information about your preferences; and

For more information about the personal information we collect, see Personal Information We Collect.

Your Rights. You may have the right under the California Consumer Privacy Act to request information about the collection of your personal information by us, or access to or deletion of your personal information. If you wish to do any of these things, please contact us through support (for MedStack customers) or contact us at the address in “Who We Are” above (for MedStack customers and non-customers). Depending on your data choices, certain services may be limited or unavailable.

No sale of personal information. In the preceding twelve months, we have not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.
MedStack does not share personal data of California customers to third parties for direct marketing purposes.

No Discrimination. We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act.


Your Rights. Subject to applicable law, you have the right to:

  • ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
  • request that inaccurate personal information is corrected;
  • request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
  • lodge a complaint with us regarding our practices related to your personal information.

If you wish to do any of these things and you are a MedStack customer, please contact us through support. If you are not a MedStack customer, please contact us at the address stated under “Who We Are” above.

European Economic Area, and UK

Controller of Personal Information. MedStack, Inc. is the data controller of personal information collected or processed through the MedStack Offering.

Processing. We process your personal information on one or more of the following legal bases:

  • as necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide MedStack Offerings, to respond to requests from you, or to provide customer support;
  • where we have a legitimate interest, as described in this Privacy Notice (see “How We Use Personal Information” above);
  • as necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
  • with your consent.

Information We Retain After Your Account is Closed.

  • After account closure, we may need to keep certain information for an additional period of time for legal and legitimate business purposes. For example, we may retain personal information such as your contact information (e.g., name, email address, physical address) and any invoices that MedStack has sent to you (e.g., record of purchases, applicable discounts, and tax information) for tax and accounting purposes. If applicable, MedStack may also retain records of communications with you, as well as relevant logs (e.g., a log of your account closure) for dispute resolution purposes. We further may keep records for preventing fraud and ensuring security, for example in case of misuse of our services or violation of our terms.

Your Rights. Subject to applicable law, you have the right to:

  • ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
  • request that inaccurate personal information is corrected;
  • request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
  • request us to restrict the processing of personal information where the processing is inappropriate;
  • object to the processing of personal information; and
  • request portability of personal information that you have provided to us (which does not include information derived from the collected information), where the processing of such personal information is based on consent or a contract with you and is carried out by automated means.

Questions and Contacts. If you wish to do any of these things or have a data-protection related question, and you are a MedStack customer, please contact us through support. If you are not a MedStack customer, please contact us at or at the address stated under “Who We Are” above.

The data protection officer for MedStack is:

DataCo International UK Ltd
Suite 1, 3rd Floor Suite 1, 11 – 12 St James’s Square
London, United Kingdom, SW1Y 4LB
+0203 514 6557

You can also lodge a complaint with our principal supervisory authority, the UK Information Commissioner’s Office, or with a local authority.

When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.

Cookies. Please refer to our Cookies Notice.

Transfers outside of the EEA. When we transfer your personal information outside the EEA we do so in accordance with the terms of this Privacy Notice and applicable data protection law.

Ready to Join Our MedStack Community ?

Book a demo today and see how easy it is to get started with MedStack.

Stack your inbox with MedStack

Stay up to date on the latest industry news and get MedStack product updates right in your inbox.