Founding Member Launch Special

Lock in the Growth Plan at $77/month

Limited spots available.

Start Free
Log in to Connect
Get Started

Privacy Policy

This Privacy Policy explains how Wellovis Inc. (Wellovis, we, us, or our) collects, uses, discloses, and protects personal information and personal health information through all Wellovis products and services (collectively, the Services).

Document Version History

Version

Date

Summary of changes

1.0

April 7, 2026

Initial publication — all products covered including Wellovis Connect, Wellovis Hours, Wellovis Hours Supervisor, and Wellovis GO+

1. Who We Are and Our Role

Wellovis Inc. is a Canadian technology company providing an all-in-one Electronic Medical Record (EMR), practice management, supervision hour tracking, and mobile access platform for regulated health professionals and wellness practitioners across Canada. Wellovis serves a broad range of practitioners including but not limited to psychologists, registered psychotherapists, registered social workers, occupational therapists, physiotherapists, chiropractors, naturopaths, nutritionists, life coaches, and wellness coaches.

As a technology platform serving both regulated health professionals and wellness practitioners, Wellovis operates under two subscriber tiers with different legal obligations. For Tier 1 Subscribers (regulated health professionals), Wellovis acts as an agent under the Personal Health Information Protection Act, 2004 (PHIPA) (Ontario) on behalf of Subscriber health information custodians. For Tier 2 Subscribers (wellness and unregulated practitioners), Wellovis acts as a data processor under the Personal Information Protection and Electronic Documents Act (PIPEDA). Both tiers are subject to PIPEDA, the Consumer Privacy Protection Act (CPPA) upon proclamation, and any successor legislation thereto.

Privacy Officer: Founder & Privacy Officer — privacy@wellovis.com

2. Scope

This Privacy Policy applies to:

  • Visitors to www.wellovis.com
  • Subscribers (practitioners, supervisors, clinic administrators) using Wellovis Connect
  • Students and supervisors using Wellovis Hours and the Wellovis Hours Supervisor Platform
  • Practitioners using Wellovis GO+ mobile application
  • Client-patients whose health records are stored in Wellovis Connect by their practitioner

This policy does not govern the data practices of Subscribers acting in their capacity as health information custodians. Clients with questions about their health records should contact their practitioner or clinic directly. Subscriber Tiers: Wellovis Subscribers are classified into two tiers based on their professional designation and the nature of their client records. Tier 1 Subscribers are regulated health professionals whose client records constitute Personal Health Information (PHI) under PHIPA — including but not limited to psychologists, registered psychotherapists, registered social workers, occupational therapists, physiotherapists, chiropractors, and naturopaths. Tier 2 Subscribers are wellness and unregulated practitioners whose client records do not constitute PHI under PHIPA — including but not limited to life coaches, nutritionists (non-RD), and wellness coaches. Subscribers are solely responsible for correctly identifying their tier at account registration and for determining whether their practice activities give rise to PHI obligations under PHIPA or applicable provincial legislation. Wellovis does not make this determination on behalf of any Subscriber. If a Subscriber is uncertain whether their practice constitutes PHI under PHIPA, they should seek independent legal advice before registering as a Tier 2 Subscriber.

3 Information We Collect

3.1 Subscriber Information (Wellovis Connect and GO+)

  • Name, professional designation (C.Psych, RSW, RP, etc.), and regulatory registration number
  • Practice name, address, phone number, and email address
  • Billing and payment information (processed by Stripe — Wellovis does not store full card numbers)
  • Account login credentials (passwords are hashed using industry-standard algorithms and never stored in plain text)
  • Subscription tier, feature usage, and session logs

3.2 Client-Patient Information (Wellovis Connect and GO+)

Subscribers use Wellovis Connect and GO+ to store and access client health records, which may include:

  • Name, contact information, and demographic details
  • Appointment history and scheduling data
  • Clinical notes, assessments, and session documentation
  • Insurance, billing, and payment records
  • Forms, consent documents, and correspondence

This information is entered and controlled by the Subscriber. For Tier 1 Subscribers, Wellovis processes it solely as agent of the Subscriber-custodian under PHIPA. Tier 1 Subscribers retain sole responsibility as health information custodians. For Tier 2 Subscribers, client session records constitute personal information under PIPEDA but not personal health information under PHIPA. Tier 2 Subscribers are responsible for obtaining appropriate client consent under PIPEDA.

3.3 Student and Supervisor Information (Wellovis Hours)

Wellovis Hours collects only the personal information of students and supervisors — not personal health information. Specifically:

  • Student name, email address, regulatory college, and program details
  • Practicum hours logs including duration, session type, and session date
  • Supervisor co-signature records and approval timestamps
  • Anonymized client codes (cryptographic hashes — not reverse-engineerable to client identity)
  • Optional demographic categories added by students (age range, gender category, presenting concern — selected from fixed lists, not drawn from Connect)

Wellovis Hours does not collect, store, or process personal health information. The anonymized client code system is described in full in Section 4.3.

3.4 Website Visitor Data

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time on page, and referring URLs
  • Cookie and tracking data (see Section 2 — Cookies Policy)

4. Data Minimization

Wellovis collects only the personal information and personal health information reasonably necessary to provide the Services. We do not collect information beyond what is required for the stated purpose of collection, consistent with PIPEDA Principle 4.4 and PHIPA s.30.

5. How We Use Your Information

5.1 To Deliver the Services

  • Create and manage Subscriber accounts
  • Host and secure client health records on behalf of Subscribers
  • Process billing and payments through Stripe
  • Facilitate video sessions through Ant Media Server (Canadian region)
  • Enable supervision hour logging through Wellovis Hours
  • Power AI-assisted features through Anthropic Claude via AWS Bedrock (see Section 1.9)
  • Send appointment reminders and system notifications

5.2 To Improve and Maintain Our Platform

  • Monitor system performance, uptime, and security
  • Debug and resolve technical issues via Sentry (self-hosted on AWS Canada)
  • Conduct analytics on anonymized, de-identified usage patterns
  • Develop new features and improve existing ones

5.3 Legal and Compliance Purposes

  • Meet our obligations under PHIPA, PIPEDA, CPPA (upon proclamation), and applicable provincial law
  • Respond to lawful requests from regulatory bodies or law enforcement
  • Enforce this Agreement and protect our legal interests
  • Prevent fraud, unauthorized access, and security incidents

5.4 Marketing and Communications

With your express consent, we may send product updates, newsletters, and promotional communications. You may withdraw consent at any time by clicking unsubscribe in any email or contacting us at privacy@wellovis.com. Withdrawal of marketing consent does not affect your access to the Services.

6. Client Consent and the Custodian Chain

The consent obligations applicable to Subscribers vary by tier. Tier 1 Subscribers (regulated health professionals) are subject to the full PHIPA custodian framework. Wellovis processes their client health information solely as agent of the Subscriber-custodian. The consent chain for Tier 1 operates as follows:

  • The Subscriber (practitioner or clinic) obtains valid PHIPA consent from their client prior to entering that client’s PHI into the Services
  • The Subscriber uses Wellovis to store and manage that PHI on the client’s behalf
  • Wellovis processes the PHI solely to deliver the Services to the Subscriber, acting as agent under PHIPA s.17

Tier 1 Subscribers are responsible for obtaining, documenting, and retaining valid PHIPA client consent. Wellovis provides a consent clause template for Subscriber intake forms upon request at privacy@wellovis.com. Where Tier 1 Subscribers share client health information within the platform (e.g. between a supervisor and practicum student, or within a group practice), Subscribers are responsible for ensuring such sharing complies with PHIPA s.38 (circle of care) or is otherwise covered by valid consent. Tier 2 Subscribers (wellness and unregulated practitioners) are not subject to PHIPA but must obtain appropriate informed consent from clients for the collection and use of their personal information under PIPEDA, including consent to store session records in a cloud-based platform. Tier 2 Subscribers represent and warrant that they have obtained such consent prior to entering any client information into the Services.

7. Data Residency and Storage

All Subscriber data, client health records, and Protected Content are stored exclusively on Canadian infrastructure:

  • Primary hosting: Amazon Web Services (AWS), Canada (Central) region — ca-central-1
  • AI feature processing: Anthropic Claude via AWS Bedrock — Canadian AWS region; no PHI retained by Anthropic
  • Video session processing: Ant Media Server — deployed within Canadian AWS region; sessions not recorded or stored
  • Crash and diagnostic reporting: Sentry — self-hosted on AWS Canada; data does not leave Canada
  • Payment processing: Stripe — global PCI-DSS Level 1 compliant network; card data never stored by Wellovis

Wellovis does not transfer Personal Health Information outside of Canada. In the event Wellovis determines a change in processing region is necessary for any service, Subscribers will be notified no less than 60 days in advance and required to provide fresh consent before any PHI is processed outside of Canada.

8. Third-Party Service Providers

We share limited data with the following trusted service providers, each operating under written data processing agreements and appropriate confidentiality obligations:

Provider

Purpose

Data shared

Compliance posture

Amazon Web Services (AWS)

Cloud hosting, storage, AI infrastructure

All platform data — Canadian region only

SOC 2 Type II, ISO 27001; HIPAA BAA executed

Anthropic Claude (via AWS Bedrock)

AI-assisted features

Anonymized session content — no PHI retained

No model training on API data; covered under AWS BAA

Stripe

Payment processing

Billing details only

PCI-DSS Level 1; no plain card data stored by Wellovis

Ant Media Server

Video session streaming

Real-time stream only — not recorded

Self-hosted on Wellovis AWS infrastructure

Sentry (self-hosted)

Crash and error reporting

Anonymized diagnostic data

Self-hosted on AWS Canada; no third-party data transfer

Wellovis does not sell, rent, or trade personal information or personal health information to any third party for any commercial purpose.

9. Artificial Intelligence Features

Wellovis uses Anthropic’s Claude AI model, accessed exclusively through AWS Bedrock, to power features including clinical note drafting assistance, session summaries, client-practitioner matching, and practice management support.

9.1 How AI Processes Data

  • When a Subscriber uses an AI-powered feature, relevant session content is transmitted to Anthropic’s Claude model via AWS Bedrock for processing
  • AI processing occurs exclusively within AWS infrastructure in the Canadian region (ca-central-1)
  • Anthropic does not retain API data or use it to train AI models
  • All AI processing is governed by the AWS Business Associate Agreement (BAA) maintained by Wellovis
  • AI-generated content is always presented for Subscriber review and is never automatically committed to a client record without Subscriber action

9.2 Subscriber Obligations for AI Features

By enabling AI-powered features, Subscribers represent and warrant that they have obtained valid informed consent from their clients for the use of AI-assisted tools in their care, in accordance with PHIPA and their regulatory college’s requirements. AI features are optional and may be disabled at any time from account settings.

10. Data Retention

Subscriber account data is retained for as long as the account is active and for a reasonable period following termination, as required by applicable law. Client health records are retained in accordance with the Subscriber’s professional and regulatory obligations. In Ontario, practitioners are generally required to retain health records for a minimum of 10 years from last service, or 10 years from when a minor client reaches age 18.

Upon account closure, Subscribers may export all data before deletion. Wellovis will permanently delete all associated data within 90 days of account closure, subject to legal retention obligations. For material changes to how PHI is handled, Wellovis will require Subscribers to actively acknowledge and accept the updated policy before continued access to the Services is permitted.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Withdraw consent for marketing communications
  • Request deletion of your personal information (subject to legal retention requirements)
  • File a complaint with the Office of the Privacy Commissioner of Canada (OPC) or the Information and Privacy Commissioner of Ontario (IPC)

Client-patients should direct requests regarding health records to their practitioner or clinic. Subscribers may exercise their rights by contacting privacy@wellovis.com. To the extent a Subscriber qualifies as a consumer under the Consumer Protection Act, 2002 (Ontario), nothing in this Agreement limits any rights available to that Subscriber under applicable consumer protection legislation.

12. Minors

Wellovis products are not available for direct use by individuals under 18 years of age. However, Subscribers may store health records for minor clients in their clinical care. In such cases, the Subscriber is responsible for determining applicable consent and access rights, including parental or guardian consent requirements and the capacity of minors to consent under PHIPA and applicable college standards. Wellovis processes minor client records on the same basis as adult client records, solely as agent of the Subscriber-custodian.

13. Breach Notification

In the event of a privacy breach affecting Personal Health Information, Wellovis will notify affected Subscribers without undue delay and no later than 72 hours of confirmed discovery, in accordance with PHIPA. Subscribers, as health information custodians, remain responsible for notifying their clients and the IPC as required by law. Wellovis will provide reasonable assistance to Subscribers in meeting their breach notification obligations.

To report a suspected breach or security incident, contact privacy@wellovis.com immediately.

14. Changes to This Policy

Wellovis may update this Privacy Policy from time to time. For changes that do not materially affect how Personal Health Information is processed, we will notify Subscribers by email and post a revised version with an updated effective date. For material changes affecting PHI processing, Wellovis will require active acknowledgment before continued access is permitted. Continued use of the Services following non-material changes constitutes acceptance of the revised policy.