Last Updated: December 17, 2025
At Rivardic, protecting the privacy and security of your personal health information is our highest priority. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our clinical documentation service.
We are committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and all applicable provincial privacy legislation in Canada.
When you create an account, we collect:
You may enter patient health information as part of your clinical documentation. This may include:
Note: We encourage minimal use of personally identifiable patient information. Our system uses patient codes instead of legal names for enhanced privacy.
We automatically collect:
We use collected information for the following purposes:
To provide, maintain, and improve the Rivardic platform and its features
To manage your account, process payments, and provide customer support
To send important updates, security alerts, and service notifications
To analyze usage patterns and improve our service (using aggregated, de-identified data)
To comply with applicable laws, regulations, and legal processes
We implement industry-standard security measures to protect your data:
All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Role-based access controls and multi-factor authentication
Security audits, penetration testing, and vulnerability assessments
Hosted on secure, SOC 2 compliant cloud infrastructure
While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
We do NOT sell your personal information or patient data to third parties.
We may share your information only in the following limited circumstances:
With trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, payment processing, analytics). These providers are contractually obligated to protect your data and use it only for specified purposes.
When required by law, court order, or government regulation, or when necessary to protect our rights, property, or safety.
In the event of a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.
With your explicit consent for any other purpose not described in this policy.
Under PIPEDA and applicable provincial privacy laws, you have the following rights:
You can request access to your personal information we hold
You can request correction of inaccurate or incomplete information
You can request deletion of your account and associated data (subject to legal retention requirements)
You can export your clinical data in a machine-readable format
You can withdraw consent for data processing at any time (may affect service availability)
You can file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated
To exercise these rights, please contact us at privacy@rivardic.com. We will respond to your request within 30 days.
Clinical records are retained for 7 years from the date of last treatment session, in accordance with Canadian healthcare record-keeping requirements. You may request deletion of specific records, subject to legal and professional obligations.
Account information is retained for as long as your account is active. After account deletion, personal information is removed within 30 days, except where retention is required by law.
Deleted data may persist in encrypted backups for up to 90 days before permanent deletion.
We use cookies and similar technologies to:
You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.
Rivardic is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Your data is primarily stored on servers located in Canada. However, some service providers may process data in other jurisdictions. Where data is transferred outside Canada, we ensure appropriate safeguards are in place to protect your information in accordance with PIPEDA.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice in the Service at least 30 days before the changes take effect.
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Officer
Email: privacy@rivardic.com
Support: support@rivardic.com
Website: https://rivardic.com
Office of the Privacy Commissioner of Canada
If you have concerns about our privacy practices, you may also contact:
Website: www.priv.gc.ca
Toll-free: 1-800-282-1376