NEW
Introducing Klio: AI Prescription Agent for Clinicians Learn More →
FrontRx Logo

Privacy Policy

Last Updated: May 25, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Generator.

  1. Introduction

    Welcome to FrontRx (the “Service”), a transcription and medical note-generating platform powered by artificial intelligence. This Privacy Policy explains how Pillow Health Inc (“We,” “Us,” “Our”) collects, uses, discloses, and safeguards Your Personal Data when You use our Service.

    This Policy complies with Quebec’s Act respecting the protection of personal information in the private sector, as amended by Law 25, and with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

    By using our Service, You agree to the practices described below.

  2. Accountability and Contact Information

    Person in Charge of Personal Information

    By default, our highest-ranking officer acts as the privacy officer responsible for protecting Personal Data. For any inquiries or complaints, please contact us at:

    • Email: [email protected]
    • Postal Address: Pillow Health Inc, 2247 Rue Coursol, Quebec, Canada

  3. Definitions

    • Company (“We,” “Us,” “Our”): Pillow Health Inc, 2247 Rue Coursol, Quebec, Canada.
    • Personal Data: Any information relating to an identifiable individual (e.g., name, email, phone number), excluding fully anonymized or de-identified information.
    • Service: Our digital platform FrontRx (www.frontrx.com) or the “FrontRx” mobile application, including AI features.
    • Service Provider: Any third party that processes data on Our behalf under strict contractual confidentiality and security obligations.
    • Usage Data: Data automatically collected when using the Service, containing no directly identifiable information.

  4. Types of Information Collected

    1. Identification and Professional Information (for professional users)
      • First name, last name
      • Professional license number
      • Practice/clinic address
      • Phone number, fax number, specialty
      • Professional email address
    2. Consultation or Usage Data
      • Application usage data (logins, pages visited) that do not identify You personally.
    3. Audio Recordings and Transcriptions
      • Zero Retention: Audio files and transcriptions are immediately deleted after AI processing.
    4. Patient lists (Kept temporarily - see Section 6)
    5. Patient data (Kept temporarily - see Section 6)
      • First name
      • Last name
      • Date of birth
      • Medical record number
      • Identification number
      • Provincial identification number
      • Current medical history
      • Past medical history
    6. Medical notes (Kept temporarily - see Section 6)
    7. Prescriptions (Kept temporarily - see Section 6)

  5. Purposes for Collection and Use of Personal Data

    We collect and use Personal Data to:

    1. Deliver and improve FrontRx
      • Draft accurate medical notes and prescriptions
      • Collect RAMQ billing codes (QC only)
      • Share up-to-date patient lists for smooth shift handovers
      • Send documents securely to other care sites via eFax
    2. Security & compliance
      • Detect misuse, prevent fraud, and meet all legal / regulatory obligations
    3. Communication
      • Answer your support questions and notify you about important updates

  6. Retention and De-Identification Policy

    1. No Retention of Audio Recordings
      • Audio recordings are destroyed once transcription is complete.
      • Transcriptions are deleted upon closing the app or platform.
    2. Retention Periods
      • Medical notes: retained for 7 days after transmission (in de-identified form).
      • Prescriptions: retained for 7 days after transmission (identified)
      • Patient lists and billing codes for RAMQ (if located in Quebec): retained for 3 months after last edit.
    3. Systematic De-Identification
      • All medical notes are de-identified to remove any personal identifier information.
      • Remaining data may be used solely in aggregated or de-identified form for AI model improvement or service analytics.

  7. Data Hosting

    1. Server Location
      • All data is stored on secure servers located in Canada.
      • Data requiring hosting in Quebec (per Law 25) is kept there.
    2. Cross-Border Transfer
      • No transfer of data outside Canada occurs without explicit consent and appropriate safeguards in place.

  8. Data Sharing and Disclosure

    Provider Role Safeguards Data Retention
    Anthropic Claude LLM inference Contract + BAA None – in-memory processing only
    DeepSeek LLM inference Contract + BAA None – in-memory processing only
    Fireworks.ai LLM inference Contract + BAA None – in-memory processing only
    AWS Canada Hosting & encryption Processing agreement + SOC 2 / ISO 27001 compliance Encrypted at rest, stored in Canada/Quebec

    All service providers are bound by strict confidentiality and security obligations; no personal or health data is stored on their servers for LLM inference providers beyond transient in-memory processing.

    1. Legal Requirements
      • We may disclose Personal Data if required by law, court order, or competent authority.
    2. Explicit Consent
      • Any other sharing occurs only with Your explicit and informed consent.

  9. Security Measures

    We implement technical and organizational measures to protect Your data:

    • Encryption (in transit and at rest)
    • Strict Access Controls (role-based permissions)
    • Regular Audits and Monitoring to detect breaches or unauthorized activities

  10. Your Rights

    In accordance with Law 25 and other applicable laws, You have the following rights:

    1. Access and Rectification: Request access to and correction of Your Personal Data held by Us.
    2. Withdrawal of Consent: Revoke consent at any time for processing activities not essential to the Service’s provision.
    3. Data Portability: Request a copy of Your data in a structured, commonly used format, where applicable.
    4. Erasure: Request deletion of Your data if legal grounds permit.

  11. Automated Decision-Making

    Our Service uses AI to transcribe and summarize medical notes. However, no decisions with legal or significant impacts are made automatically without human intervention.

  12. Changes to This Policy

    We may update this Privacy Policy to reflect legal, technical, or operational changes:

    • Any major updates will be announced via a notification on our Service.
    • The effective date will always be posted at the top of this page.

  13. Contact

    If You have any questions, requests, or complaints about this Privacy Policy, please contact:

Contact Us
Fill up the form and our team will get back to you within 24 hours
Terms and Conditions | Privacy Policy  
Your information is protected.
Made in Québec, Canada with ❤️
Various trademarks held by their respective owners.
Copyright 2025-2026. All rights reserved.
frontrx logo
Status Page About Us
Accepted Payments