Back to Home

Privacy Policy

Last updated: April 2026

1. Introduction

MedRelay ("we," "us," "our"), operated by Benjamin Trudel, is committed to protecting the privacy and confidentiality of your personal information and personal health information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our telehealth marketplace at medrelay.ca (the "Platform").

By using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

  • Full name, date of birth, and gender;
  • Email address and phone number;
  • Mailing address and province of residence;
  • Government-issued identification or health card number (for identity verification);
  • Account login credentials.

2.2 Personal Health Information

  • Medical history, current medications, and allergies;
  • Symptoms and health concerns submitted through consultation questionnaires;
  • Consultation notes and treatment plans created by nurse practitioners;
  • Prescriptions issued through the Platform;
  • Pharmacy information and preferred pharmacy.

2.3 Payment Information

  • Credit or debit card details (processed and stored securely by Stripe — MedRelay does not store your full card number);
  • Billing address;
  • Transaction history.

2.4 Technical Information

  • IP address, browser type, and device information;
  • Pages visited, time spent, and usage patterns;
  • Cookies and similar tracking technologies (see Section 10).

3. How We Use Your Information

We use your information to:

  • Facilitate telehealth consultations between you and licensed nurse practitioners;
  • Verify your identity and eligibility for services;
  • Process payments for consultations;
  • Send prescriptions to your designated pharmacy;
  • Communicate with you about your consultations, account, and Platform updates;
  • Improve and optimize the Platform;
  • Comply with legal and regulatory obligations;
  • Detect and prevent fraud or misuse of the Platform.

4. Who We Share Your Information With

We may share your information with the following parties, only to the extent necessary to provide our services:

4.1 Nurse Practitioners

Your personal health information is shared with the NP assigned to your consultation so they can review your case, provide clinical assessments, and issue prescriptions if appropriate.

4.2 Pharmacies

If a prescription is issued, relevant health information and the prescription are transmitted to your designated pharmacy via secure electronic fax or e-prescribing systems.

4.3 Payment Processor

Payment information is shared with Stripe for secure payment processing. Stripe's privacy policy governs their handling of your payment data.

4.4 Service Providers

We may use third-party service providers (e.g., hosting, analytics) who process data on our behalf under strict confidentiality agreements.

4.5 Legal Requirements

We may disclose your information if required by law, court order, subpoena, or regulatory authority, or if we believe disclosure is necessary to protect the rights, safety, or property of MedRelay, our users, or the public.

We do not sell your personal information or personal health information to third parties.

5. Data Storage and Location

All data is stored in Canada using Supabase infrastructure hosted on Amazon Web Services (AWS) in the ca-central-1 region (Montreal, Quebec). Your personal health information does not leave Canada.

6. Provincial Privacy Law Compliance

MedRelay is committed to compliance with all applicable Canadian federal and provincial privacy and health information legislation, including:

  • PIPEDA (Personal Information Protection and Electronic Documents Act) — the federal privacy law governing the collection, use, and disclosure of personal information in the course of commercial activities across Canada.
  • PHIPA (Personal Health Information Protection Act, 2004 — Ontario) — governs the collection, use, and disclosure of personal health information by health information custodians in Ontario.
  • HIA (Health Information Act — Alberta) — governs the collection, use, and disclosure of health information by custodians in Alberta.
  • PIPA (Personal Information Protection Act — British Columbia) — governs how private-sector organizations in BC collect, use, and disclose personal information.
  • HIPA (Health Information Protection Act — Saskatchewan) — governs the collection, use, disclosure, and protection of personal health information in Saskatchewan.
  • PHIA (Personal Health Information Act — Nova Scotia) — governs the collection, use, and disclosure of personal health information by custodians in Nova Scotia.

Where provincial health privacy legislation applies, it takes precedence over PIPEDA for the handling of personal health information.

7. Data Retention

We retain your information as follows:

  • Personal health information and consultation records: a minimum of 10 years from the date of your last consultation, or as required by applicable provincial legislation and regulatory requirements;
  • Account information: for as long as your account is active, and for a reasonable period thereafter to comply with legal obligations;
  • Payment records: for a minimum of 7 years as required by tax and financial regulations;
  • Technical and analytics data: up to 2 years.

8. Your Rights

Under applicable privacy legislation, you have the right to:

  • Access: Request access to the personal information and health information we hold about you;
  • Correction: Request correction of inaccurate or incomplete information;
  • Deletion: Request deletion of your personal information, subject to legal retention requirements;
  • Withdraw consent: Withdraw your consent to the collection, use, or disclosure of your information, subject to legal or contractual restrictions (note: withdrawing consent may affect our ability to provide services);
  • Complaint: File a complaint with the applicable privacy commissioner if you believe your rights have been violated.

To exercise any of these rights, please contact us at privacy@medrelay.ca. We will respond to your request within 30 days.

9. Security Measures

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Role-based access controls — only authorized personnel and NPs can access health information;
  • Secure authentication and session management;
  • Regular security assessments and monitoring;
  • Secure data hosting in Canadian data centers (AWS ca-central-1).

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Cookies and Analytics

We use cookies and similar technologies to improve your experience on the Platform. Cookies help us understand usage patterns, remember your preferences, and ensure the Platform functions properly.

  • Essential cookies: Required for the Platform to function (e.g., authentication, session management);
  • Analytics cookies: Help us understand how users interact with the Platform to improve our services.

You can manage cookie preferences through your browser settings. Disabling essential cookies may impair Platform functionality.

11. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a person under 18, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform. Your continued use of the Platform after such changes constitutes your acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

  • Privacy Inquiries: privacy@medrelay.ca
  • General: info@medrelay.ca
  • Support: support@medrelay.ca
  • Website: medrelay.ca

You may also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca if you have concerns about our privacy practices.