Skip to content

Privacy Policy

How Fitra Health Handles Personal Information

Fitra Health Inc. is the Health Information Custodian under PHIPA. We are committed to handling personal and health information transparently, securely, and in compliance with Ontario and Canadian privacy law.

Last updated: March 20, 2026

Our Role Under PHIPA

Fitra Health is the Health Information Custodian under Ontario's Personal Health Information Protection Act.

Fitra Health Inc. is the Health Information Custodian (HIC) under PHIPA with custody and control of personal health information (PHI) collected through the Platform, including the Jane App electronic medical record system.

The independently licensed Naturopathic Doctors who provide clinical services through the Platform act as Agents of Fitra Health (the HIC) under PHIPA. Each ND is authorized to collect, use, and disclose PHI only as necessary to provide clinical care and as authorized by Fitra Health's information practices.

While Fitra Health is the HIC, each ND retains independent professional obligations to maintain clinical records in accordance with CONO Standards.

Legal Framework

Our privacy practices are governed by the Canadian and Ontario laws that protect personal and health information.

Fitra Health operates in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) for personal health information and the Personal Information Protection and Electronic Documents Act (PIPEDA) for other personal information. This policy applies to all services provided through the fitrahealth.ca Platform.

Information We Collect

We collect only what is necessary to operate the platform and support care-related workflows.

  • Personal Information (PI): Name, email address, phone number, city, and postal code when you register, subscribe, or submit inquiries.
  • Booking and billing details: Credit card and payment information processed securely through Stripe. Fitra Health does not store your full credit card number.
  • Personal Health Information (PHI): Health information you provide when booking, including the reason for your visit. Detailed clinical records — intake forms, consultation notes, and treatment plans — are collected and managed through Jane App, under PHIPA.
  • Technical data: IP address, browser type, pages visited, device identifiers, and usage statistics used to maintain platform security and performance.
  • Communications: Records of your correspondence with us, including emails and contact form submissions.

How We Use Information

Information is used to deliver services, support operations, and meet regulatory obligations.

  • Service delivery: Operate, maintain, and improve the Platform, including appointment bookings, virtual consultations, and payment processing.
  • Booking and communication: Process appointment requests, send reminders, and provide customer support.
  • Billing and insurance: Support direct billing, payment collection, receipts, and insurance claim facilitation through Telus eClaims.
  • Legal and regulatory compliance: Comply with PHIPA, PIPEDA, tax laws, and CONO professional requirements; enforce our Terms of Service; protect the rights, property, or safety of Fitra Health, our users, or others.
  • Platform operations: Maintain website security and service quality. We primarily use anonymized or aggregated data for analytics.
  • Marketing (with express consent only): Send newsletters, health content, and service updates in compliance with CASL.

Third-Party Processors

Certain trusted providers process information on our behalf as part of the platform experience.

Jane App — scheduling, virtual video conferencing, electronic health records, and billing integration. Stripe — secure payment processing. Vercel — website hosting and infrastructure. Telus eClaims — direct insurance billing facilitation.

These providers are contractually bound to protect your personal information and use it only for the purposes for which it was disclosed, in compliance with applicable privacy laws. Fitra Health does not sell your personal information.

Information may also be disclosed where required by law, regulation, or court order, or to protect the rights, safety, and security of patients, practitioners, or the platform.

Data Retention

Information is retained only as long as required by law, professional standards, or legitimate platform needs.

  • Clinical records (PHI): Retained for a minimum of ten (10) years from the date of the last entry, in accordance with CONO guidelines.
  • Administrative records: Retained for a minimum of six (6) years to meet legal, tax, and audit obligations.
  • Waitlist data: Retained for up to twenty-four (24) months unless you request earlier deletion.
  • Active account data: Retained while your account is active and as needed to provide services.

Data Security

We implement administrative, technical, and physical safeguards to protect your information.

Technical safeguards include SSL/TLS encryption for data in transit, secure hosting environments with firewall protection, encrypted data storage, and multi-factor authentication for administrative access.

As the Health Information Custodian, Fitra Health maintains written information practices and privacy breach notification protocols in compliance with PHIPA. Access to personal information is restricted to authorized personnel bound by confidentiality obligations.

While we implement commercially reasonable security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Privacy Breach Notification

In the event of a privacy breach, Fitra Health will act promptly in accordance with PHIPA requirements.

If Fitra Health becomes aware of a privacy breach that creates a real risk of significant harm to a patient or individual, we will notify the affected individual and the Information and Privacy Commissioner of Ontario (IPC) as required under PHIPA.

Notification will include a description of the breach, the type of information involved, the steps taken to contain the breach, and steps you can take to protect yourself. We will document all breaches regardless of whether notification is required.

Your Rights

You have rights regarding your personal and health information under PHIPA and PIPEDA.

  • Right to Access: Request a copy of the personal information we hold about you, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate or incomplete personal information.
  • Right to Withdraw Consent: Withdraw consent to collection, use, or disclosure at any time, subject to legal or contractual restrictions. Withdrawal may affect platform functionality.
  • Right to Request Deletion: Request deletion of personal information where retention is no longer legally required.
  • Right to Complain: File a complaint with the Information and Privacy Commissioner of Ontario (IPC) for PHIPA matters, or the Office of the Privacy Commissioner of Canada (OPC) for PIPEDA matters.

CASL Compliance

Marketing communications are sent only with your express consent, as required by Canadian law.

Fitra Health complies with Canada's Anti-Spam Legislation (CASL). We will only send commercial electronic messages (CEMs) if we have obtained your express consent. Every CEM will clearly identify Fitra Health as the sender, include a valid contact address, and provide a clear unsubscribe mechanism.

You may unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at info@fitrahealth.ca. Unsubscribe requests are processed within ten (10) business days.

Service-related communications (appointment confirmations, billing, account activity) are transactional messages exempt from CASL consent requirements.

Session Analytics and Recording

We use a self-hosted analytics platform to understand how visitors interact with our website, with strong PHIPA-compliant safeguards.

We use a self-hosted analytics platform (PostHog) to understand how visitors interact with our website. This tool may record anonymized session replays, page views, clicks, and scroll behavior to help us improve the user experience.

Important safeguards: All analytics data is processed and stored on our own Canadian infrastructure — not sent to third-party advertising servers. All form inputs are automatically masked in session recordings — we never record what you type in forms. Health-related information is never captured in analytics data. Session recordings do not capture passwords, payment details, or personal health information. You may opt out of analytics tracking at any time by declining cookies when prompted or by clearing your browser's local storage.

This data processing is conducted under our legitimate interest in improving our platform, in compliance with PIPEDA and PHIPA. Analytics are only initialized with your explicit consent via our cookie banner.

Contact

Privacy questions, access requests, correction requests, and breach concerns can be directed to our team.

info@fitrahealth.ca