The plain-English version
- We're PatientBoost.health, a Canadian service that helps private clinics convert more website inquiries into booked patient appointments.
- Our website's demo form collects your name, email, and phone so we can follow up about our service.
- We do not sell, rent, or trade your information. Ever.
- We use a small set of vetted service providers (Brevo, Twilio, Google, Calendly, DigitalOcean) to operate the service. They process data only on our instructions.
- You can ask us to delete your data at any time by emailing help@patientboost.health.
1. Who we are
PatientBoost.health is a Canadian sole-operator service providing automated patient-acquisition systems for private clinics. References to "we", "us", or "our" in this policy refer to PatientBoost.health.
Contact: help@patientboost.health
2. What we collect
From website visitors
- Name, email, phone number — when you submit the demo form on our landing page or any other contact form.
- Booking information — when you schedule a meeting through our Calendly link.
- Technical data — IP address, browser type, device type, referring page, and time of visit, automatically logged by our hosting infrastructure for security and operational purposes.
From clinics who become customers
- Business contact information — clinic name, business address, billing details.
- Authentication tokens for connected services you authorize us to operate (e.g. Google Sheets, calendar provider, SMS provider). These are stored encrypted and used only to deliver the service you signed up for.
What we do NOT collect
We do not collect or process the personal health information of your patients for our own purposes. PatientBoost is a tool that clinics use to engage with their own patients; the clinic remains the controller of patient data. Our role is that of a service provider acting only on the clinic's instructions, in accordance with applicable health-information laws (PIPEDA, PHIPA, and provincial equivalents).
3. Why we collect it
Under PIPEDA (Canada's federal privacy law), our basis for processing is one of the following:
| Activity | Lawful basis |
|---|---|
| Demo form, sales follow-up | Your consent (you submitted the form) |
| Service delivery to customers | Necessary to perform the contract you signed up for |
| Security & operations | Legitimate operational interest (preventing abuse, debugging) |
| Tax & accounting records | Required by Canadian law |
Our service is intended for Canadian clinics. If you contact us from outside Canada and another privacy law applies to you, we will honour any rights you have under that law where reasonably possible — get in touch at help@patientboost.health.
4. Who we share it with
We do not sell, rent, or trade your personal information to anyone. We use the following sub-processors to operate the service. Each is contractually bound to handle data only on our instructions and in line with applicable law:
| Provider | What they do | Where data is processed |
|---|---|---|
| Brevo (Sendinblue SAS) | Transactional email delivery | France / EU |
| Twilio (Twilio Inc.) | SMS delivery for clinic demo and automation | United States |
| Google LLC (Sheets, Workspace) | Lead logging, business productivity | United States, with regional failover |
| Calendly | Demo booking calendar | United States |
| DigitalOcean | Hosting (workflow automation, reverse proxy) | Canada / United States, depending on instance region |
| Cloudflare (where used) | DNS & content delivery | Global edge network |
We may add or change sub-processors as the service evolves. Material changes will be reflected in this policy.
We may also disclose information when required by law (court order, regulator request) or to enforce our rights (e.g. to investigate fraud or abuse).
5. International transfers
Some sub-processors are located outside Canada (notably the United States). When personal information is transferred internationally, we rely on appropriate safeguards, including contractual data-processing agreements with each sub-processor, consistent with PIPEDA and guidance from the Office of the Privacy Commissioner of Canada.
6. How long we keep it
| Data category | Retention period |
|---|---|
| Demo form submissions / lead records | 24 months from your last interaction |
| Customer billing & invoicing records | 7 years (Canadian tax law) |
| Server access logs | 30 days |
| Email communication history | Until you unsubscribe + 90 days |
You can request earlier deletion of any data we hold about you by emailing help@patientboost.health. We will action verified requests within 30 days, except where retention is required by law.
7. Your rights
Under PIPEDA and applicable provincial private-sector privacy laws in Canada, you have the right to:
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to fix any inaccurate or incomplete data.
- Deletion — ask us to erase your data, subject to legal retention obligations.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing for direct marketing.
- Restrict — limit how we process your data while we resolve a complaint.
- Withdraw consent — stop us contacting you at any time, with no penalty.
- Complain — file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, where applicable, your provincial privacy commissioner or ombudsman.
To exercise any of these rights, email help@patientboost.health from the email address associated with your data. We respond within 30 days.
8. Cookies and tracking
Our website currently uses only essential cookies needed for the site to function and for security. We do not currently run third-party advertising or behavioral-tracking scripts.
If we add analytics tools (such as Google Analytics) in the future, we will update this policy and, where required by law, present a cookie consent banner before any non-essential cookies are set.
9. Security
We protect your information through a combination of technical and organizational measures:
- Encryption in transit — TLS 1.2+ across all public endpoints (HTTPS only).
- Encryption at rest for backups, credentials, and access tokens.
- Access controls — only personnel with a need-to-know can access lead and customer data.
- Audit logs on all access to sensitive systems.
- Sub-processor due diligence — we work only with providers that maintain SOC 2, ISO 27001, or equivalent certifications.
No system is 100% secure. If we ever experience a data breach affecting you, we will notify you and the appropriate Canadian regulators in accordance with PIPEDA's mandatory breach reporting requirements.
10. Children's privacy
PatientBoost.health is a B2B service intended for clinic owners and operators aged 18 or older. We do not knowingly collect personal information from individuals under 16. If you believe a minor has submitted information through our site, please contact us and we will delete it.
11. Changes to this policy
We may update this policy as the service evolves or as laws change. Material changes will be communicated by:
- Updating the "Effective" date at the top of this page
- Emailing existing customers and active prospects
- Posting a notice on our website for at least 30 days
Your continued use of PatientBoost.health after such changes constitutes acceptance of the updated policy.
12. Contact us
For privacy-related questions, requests, or complaints:
Email: help@patientboost.health
Website: https://patientboost.health
Office of the Privacy Commissioner of Canada (regulator):
priv.gc.ca · 1-800-282-1376
Last updated: May 4, 2026