Your privacy and data security are our top priorities. Learn how we protect and handle your information.
1.1 Organization: Refers to our direct customers—clinics, pharmacies, or other legal entities that register for and use a DialApp account and services.
1.2 Client: Refers to the end users or patients of an Organization. Clients interact with Organizations via DialApp, but do not have a direct account or relationship with DialApp.
1.3 Interpretation: Throughout this Privacy Policy, "you" or "your" refers to Organizations as our direct customers. Clients (patients/end users) are not considered direct customers of DialApp and should contact the Organization for any privacy or data access requests.
DialApp ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinic phone management platform and services. By using DialApp, Organizations agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services. DialApp is responsible for the personal information we hold or control, including information that may be processed by third-party service providers on our behalf.
We collect minimal information necessary to provide our clinic phone management services to Organizations:
3.2 Account Registration (Organizations): For account creation, we only collect the name and email address of the Organization's primary contact. Optionally, a phone number may be provided for call transfers. The verified phone number of the clinic or pharmacy is collected to authenticate and route incoming calls to the appropriate recipients. No additional personal information is required for registration.
3.3 Call Information: We blur phone numbers before storing them, which means we never store the actual phone numbers and cannot access the original numbers. We provide call reports including call duration, timestamps, and associated costs. We do not store any health-related data or patient information during calls.
3.4 Chrome Extension Data: Our Chrome extension accesses patient phone numbers from your EMR system only for the purpose of initiating calls. We do not have access to your EMR system itself or store complete patient information. The phone numbers are blurred before storage, ensuring we cannot retrieve the original numbers.
3.5 Technical Logs & Analytics: We collect technical logs for troubleshooting and monitoring purposes.
We clearly identify the specific purposes for which we collect personal information from Organizations and Clients:
4.2 Organizations (Clinics and Pharmacies): DialApp collects personal information from Organizations, including first and last name, email address, and optionally a phone number for call transfers. Additionally, the verified phone number of the clinic or pharmacy is collected to authenticate and route incoming calls to the appropriate recipients. This information is used solely to register the Organization, manage call routing, and ensure proper delivery of services to their Clients.
4.3 Clients (Patients/End Users): When Clients interact with Organizations through DialApp, their phone numbers may be collected to facilitate secure telephone communication. If an Organization activates an interactive flow, incoming calls from Clients are directed to that flow. Responses and selections made by Clients within the flow are processed by AI to determine the optimal path for continuing the conversation and ensuring accurate handling of the interaction. Client information is used exclusively for managing calls and supporting the workflow of the Organization, and it is not used for unrelated purposes without explicit consent.
We obtain your consent before collecting, using, or disclosing your personal information, except where permitted or required by law.
5.2 Express Consent (Organizations): By creating an account and using DialApp services, Organizations provide express consent for us to collect and use their personal information as described in this Privacy Policy. For any new purposes not covered in this policy, we will seek additional consent from the Organization.
5.3 Client Consent Responsibility: Organizations are responsible for obtaining appropriate consent from their Clients before using our services to contact them. DialApp does not directly obtain consent from Clients—this responsibility lies with the Organization in accordance with healthcare privacy regulations.
5.4 Withdrawal of Consent: Organizations may withdraw consent at any time by discontinuing use of our services and requesting account deletion. However, please note that withdrawal of consent may limit or prevent our ability to provide services.
5.5 Implied Consent: In some cases, we may rely on implied consent where the purpose for collection is obvious and the Organization voluntarily provides the information (such as providing an email address to receive service updates).
We collect technical logs for troubleshooting and monitoring purposes.
6.2 Call Processing: We route calls through trusted telecommunications providers including Twilio to ensure reliable call delivery. We work with multiple certified providers to maintain call quality and prevent service interruptions by automatically switching between providers when necessary.
6.3 Billing and Reports: We provide detailed call reports in your dashboard showing call duration, timestamps, and costs. Based on your usage, we charge your payment method and pay the telecommunications providers for call services.
6.4 Service Quality: To enhance call quality and ensure reliability, we work with various trusted providers. This allows us to handle calls efficiently, maintain high quality standards, and prevent call drops or interruptions.
We use Hotjar to collect anonymized analytics and user experience data. This helps us understand how users interact with our platform and improve our services. Hotjar may collect information such as device type, browser, general usage patterns, and click/tap behavior, but does not collect personally identifiable information or any health data. You can learn more about Hotjar’s privacy practices at hotjar.com/legal/policies/privacy/.
We prioritize the security of your payment information through industry-leading practices:
8.2 Payment Processing: All payment card information and billing details are securely stored by Stripe, our payment processor, not on our servers. We do not have access to or store your complete credit card information.
8.3 Usage-Based Billing: Organizations store their payment cards with Stripe, and we charge based on actual call usage. We immediately pay our telecommunications providers for the services rendered.
8.4 Payment Security: Stripe maintains PCI DSS compliance and industry-standard security measures to protect your payment information. We never see or store your full payment card details.
We implement comprehensive security measures to protect your information:
9.2 Secure Infrastructure: All data is stored on secure servers with industry-standard security protocols, encryption, and access controls.
9.3 Data Protection: Phone numbers are blurred (anonymized) before being stored in our system, which means we never store actual phone numbers and cannot access the original numbers. This provides an additional layer of privacy protection.
9.4 No Health Data Storage: We explicitly do not collect, store, or process any health-related information or patient medical data. Our service is limited to call management functionality only.
9.5 EMR Access Limitation: While our Chrome extension can access your EMR system, it only extracts phone numbers for calling purposes and does not collect any other patient data. Our central system has no access to your EMR - all EMR interaction happens locally through the browser extension only.
Organizations maintain full control over their account and data:
10.2 Account Deactivation: Organizations can deactivate their account and discontinue our services at any time through account settings or by contacting our support team.
10.3 Data Access: Organizations can access all call reports, usage data, and account information through their dashboard at any time.
10.4 Data Deletion: Upon account deactivation or upon request, we will securely delete Organization account information and call records in accordance with our data retention policies and legal requirements.
10.5 Service Control: Organizations have complete control over when and how to use our calling services. The Chrome extension only functions when actively used for making calls.
10.6 Data Subject Rights: Under Canadian privacy law (PIPEDA), Organizations have the right to access, correct, delete, or export their personal information. Clients (patients/end users) must contact the Organization directly for any data access or correction requests, as DialApp does not hold or control their personal information.
Our client organizations (“Organizations”) have the right to request access to the personal information we hold about them. Upon receiving a written request, we will provide access to the requested information, except in limited circumstances where disclosure is restricted by law, such as information protected for legal, security, or confidential business reasons. End users of our client organizations (“Clients”) do not have direct access to their personal information through DialApp; their data is managed by their respective Organization.
We do not directly collect or maintain personal information such as phone numbers or contact details of Clients. Such information is provided through the Organization’s connected systems or panels. As a result, we do not modify or update this information ourselves. Any updates or corrections to personal information must be made within the originating system by the Organization. Our service uses the information as received, solely for the purposes defined by the Organization’s configuration and instructions.
We work with trusted partners to deliver our services:
13.2 Telecommunications Providers: We partner with reputable providers including Twilio and other certified telecommunications companies to route and manage your calls. These providers are bound by strict confidentiality and security agreements.
13.3 Payment Processing: Stripe handles all payment processing and stores your payment information. Stripe is PCI DSS certified and maintains the highest security standards for financial data.
13.4 Provider Redundancy: We work with multiple telecommunications providers to ensure service reliability and call quality. This redundancy helps prevent service interruptions and maintains consistent call quality.
We maintain strict limitations on data sharing:
14.2 No Phone Number Sharing: Since we blur phone numbers before storage and cannot access the original numbers, we cannot share actual phone numbers even if we wanted to.
14.3 No Health Data Sharing: Since we do not collect health-related information, we cannot and do not share any patient medical data.
14.4 Service Providers Only: We only share necessary technical information with our telecommunications and payment processing partners to deliver our services.
14.5 Legal Requirements: We may disclose information only when required by law, court order, or government regulation, or when necessary to protect our rights or user safety.
14.6 No Marketing or Sales: We do not sell, trade, or share your information for marketing purposes or with any unauthorized third parties.
Our service does not assign or provide phone numbers to Clients (patients/end users). All inbound calls are received through phone numbers managed and owned by the Organization using our service. Organizations are responsible for configuring call forwarding from their own numbers to the number registered in our DialApp system. Any changes, forwarding settings, or updates to patient-facing phone numbers are fully controlled by the Organization. We only facilitate the technical connection and do not access, modify, or store phone numbers beyond what is required to enable the call routing process.
We retain personal information of Organizations only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Call records and billing information are typically retained for regulatory compliance purposes. When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies. DialApp does not retain personal information of Clients (patients/end users) beyond what is required for temporary call processing.
Our services may involve the transfer of information to countries other than your own. When we transfer personal information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable Canadian data protection laws.
Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete such information promptly.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify Organizations of any such change in ownership or control of personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify Organizations by email or through our service. We encourage you to review this policy periodically to stay informed about how we are protecting your information. The "Last Updated" date at the top of this policy indicates when it was last revised.
DialApp is committed to protecting the privacy of our employees and maintaining confidentiality of employment-related information.
21.2 Employee Information Collection: We collect personal information from employees that is necessary for employment purposes, including contact information, identification documents, payroll details, performance evaluations, and other employment-related records.
21.3 Purpose and Use: Employee personal information is used solely for legitimate business purposes including payroll processing, benefits administration, performance management, compliance with employment laws, and internal communication.
21.4 Employee Rights: Our employees have the right to access their personal information, request corrections, and understand how their information is being used. Employees can contact HR or management to exercise these rights.
21.5 Data Security: Employee information is stored securely with appropriate access controls and is only accessible to authorized personnel who require it for legitimate business purposes. We maintain the same high security standards for employee data as we do for customer information.
22.1 If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer, Mo Kaam, at info@DialApp.ca. We are committed to addressing your privacy concerns promptly, and most inquiries receive a response within 24 hours.
22.2 For all inquiries including privacy questions, support requests, billing issues, or any other matters, please contact us at info@DialApp.ca
22.3 You can also visit our website at DialApp.ca for additional resources and information about our services and privacy practices.
22.4 If you are not satisfied with our response to your privacy inquiry or complaint, you have the right to contact the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy regulator to file a formal complaint.
22.5 We investigate all complaints we receive about our personal information handling policies and practices, and will respond to you as quickly as possible.
22.6 If a complaint is substantiated, we will modify our practices as necessary and take steps to minimize the likelihood that the issue will recur.
All content, technology, and intellectual property associated with DialApp are owned by us and protected by applicable laws. You are granted a limited, non-exclusive license to use our services in accordance with this Privacy Policy and our Terms of Service.