DoctorNote.ca

Who we are

This website is operated by DoctorNote.ca (the “Company”), a Canadian service helping users obtain medical documentation from licensed physicians. Parts of our platform are powered by ClinIQ Health technology.

Data we collect

• Account information you provide (for example: name, email address, and any details needed to issue documentation).
• Authentication data if you choose “Continue with Google” (see “Google OAuth data” below).
• Service usage data (device/browser information, timestamps, and interactions) to secure and improve the service.
• Payment- or insurance-related details only if and when required to fulfill a request. Sensitive health information is handled with care and only as necessary to provide the requested document.

Google OAuth data

If you authenticate using Google Sign-In, we may request and receive:

• Basic profile information (name, profile image) and your Google account email.

How we use Google data

• To create and authenticate your account.
• To contact you about your request (transactional communications only, unless you opt in to marketing).
• To prevent fraud and secure your account.

How we do not use Google data

• We do not sell or rent your data.
• We do not use Google-provided data for advertising or unrelated purposes.
• We do not share Google data with third parties except as necessary to provide the service (see “Service providers”).

Limited Use compliance

For any Google user data we obtain, we adhere to Google’s Limited Use policy. Access is limited to the minimum necessary for the stated features, and use is restricted to providing or improving user-facing features.

Revoking access and deleting your account

• You may revoke our access to your Google account at any time at: myaccount.google.com/permissions.
• You can request account deletion and data removal by following the instructions on our Data Deletion page or emailing general@doctornote.ca.

Email sending and communication

We primarily send transactional emails (for example: receipts, status updates, document delivery). Marketing communications are sent only with your explicit consent and can be withdrawn at any time.

• Sender identity: Emails are sent from our domain using Amazon SES with proper authentication (SPF, DKIM, DMARC).
• Unsubscribe: Every non-transactional email includes a clear unsubscribe link. You may also email general@doctornote.ca.
• Complaints: We honor and promptly process all complaints. Contact general@doctornote.ca.

See our detailed Email & Anti‑Spam Policy.

Service providers

We use trusted third-party providers to operate our services. These include, but are not limited to:

• Amazon Web Services (AWS) for hosting and email delivery (Amazon SES).
• Authentication providers (e.g., Google) when you choose to sign in with them.
• Payment processors if payments are enabled.

Processors are engaged under agreements that require appropriate confidentiality, privacy, and security obligations.

Data retention and deletion

• We retain data only as long as necessary to provide the service and meet legal/operational obligations.
• You may request deletion of your account and associated data by following the steps on the Data Deletion page or contacting general@doctornote.ca.

Security

• Encryption in transit (HTTPS/TLS) and at rest where applicable.
• Access controls and least-privilege principles for staff and systems.
• Monitoring and safeguards to protect against unauthorized access.

No method of transmission or storage is 100% secure; we work continuously to improve our defenses.

Your rights

Depending on your jurisdiction (including PIPEDA in Canada), you may have rights to access, correct, or delete your data, and to withdraw consent. Contact us using the details above to exercise your rights.

Changes to this policy

We may update this policy to reflect operational, legal, or regulatory changes. If we make material changes, we will notify you by email or by a prominent notice on this site.