Wavo AI Technologies Inc., a corporation incorporated under the Canada Business Corporations Act (CBCA) and doing business as Wavo Health (“Wavo,” “we,” “us,” or “our”), is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information through the Wavo Health web application (https://wavo.health), Chrome browser extension, iOS and Android mobile applications, application programming interfaces, and related services (collectively, the “Platform”). This Privacy Policy applies to licensed healthcare professionals and their authorized staff (“Subscribers,” “you,” or “your”) in the United States and Canada who use the Platform, as well as patients whose data is processed with appropriate consents. “Wavo Health” is a trade name used by Wavo AI Technologies Inc.
This Privacy Policy is incorporated into and forms part of our Terms and Conditions and any Business Associate Agreement (“BAA”) entered into with you. By using the Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Platform.
1. Scope and Definitions
This Privacy Policy governs the collection, use, and disclosure of personal information through the Platform. For purposes of this Privacy Policy, the following terms have the same meanings as in our Terms and Conditions:
Customer Data: Any data and information submitted by you or your Authorized Users to the Platform, including Patient Recordings, Voice Data, Custom Templates, personal information (e.g., name, email address), and Output.
Patient Recordings: Audio or video recordings of sessions between you (or your Authorized Users) and patients (including patients’ parents, guardians, or others participating in such sessions) uploaded to the Platform, and any related data collected during such sessions.
Voice Data: Voice recordings or data processed by the Platform for speaker diarization and identification to attribute speakers in Patient Recordings.
Custom Templates: User-created or modified templates and note structures used to customize the format or style of Output generated by the Platform.
Output: Medical documentation (e.g., SOAP notes) generated by the Platform by processing Customer Data, including any modifications or updates based on Custom Templates.
De-Identified Data: Data derived from Customer Data that has been de-identified in accordance with HIPAA (45 C.F.R. § 164.514(a)-(c)) or PIPEDA, such that it does not identify any individual.
Aggregate Data: Anonymized and aggregated data derived from Customer Data or Usage Data, used for operating, maintaining, and improving the Platform, which does not identify you or any individual.
Usage Data: Data collected by Wavo regarding your and your Authorized Users’ use of the Platform, including access times, pages visited, frequency of use, and performance metrics.
Part 2 Data: Records related to substance abuse treatment under 42 CFR Part 2, maintained in connection with any U.S. federally assisted program or activity.
Personal Information: Information that identifies, relates to, or could reasonably be linked with an individual, including protected health information (“PHI”) under HIPAA or personal information under PIPEDA.
Authorized Users: Your employees or contractors who access the Platform on your behalf.
2. Information We Collect
We collect the following types of information through the Platform:
2.1 Information You Provide
Account Information: When you register for an account, we collect your name, email address, professional credentials, and other information necessary to verify your eligibility as a licensed healthcare professional.
Customer Data: You may submit Customer Data, including Patient Recordings, Voice Data, Custom Templates, and other data related to your clinical practice. This may include PHI (e.g., patient names, medical histories, treatment details) or personal information under PIPEDA, provided you have obtained all necessary consents.
Payment Information: If you purchase a subscription, we collect payment information (e.g., credit card details) through our third-party payment processor. We do not store payment information directly.
Feedback and Communications: Any feedback, comments, or inquiries you submit to us (e.g., via [email protected]) may include personal information.
2.2 Information We Collect Automatically
Usage Data: We collect information about your interactions with the Platform, such as pages visited, features used, access times, and device information (e.g., IP address, browser type, operating system).
Cookies and Similar Technologies: We use cookies and similar technologies to enhance functionality, analyze usage, and improve the Platform. You can manage cookie preferences through your browser settings.
2.3 Information from Third Parties
Wavo AI Clinical Assistant: The Wavo AI Clinical Assistant may provide clinical information sourced from third-party providers. We do not control or verify the accuracy of third-party content.
Sub-Processors: Our third-party sub-processors (e.g., for data hosting or analytics) may collect Usage Data or process Customer Data on our behalf, as described in Section 5.
3. How We Use Your Information
We use your information to provide, maintain, and improve the Platform, in accordance with our Terms and Conditions and any applicable BAA. Specific uses include:
Providing the Platform: To transcribe Patient Recordings, generate Output (e.g., SOAP notes), support Custom Templates, and provide the Wavo AI Clinical Assistant for informational purposes.
Speaker Diarization and Identification: With your opt-in consent via Platform settings, we process Voice Data to attribute speakers in Patient Recordings, improving the accuracy of Output.
Custom Templates: With your opt-in consent, we use Custom Templates and associated Output to train AI models, linked to your account ID, to enhance Platform functionality.
Account Management: To verify your eligibility, manage your account, process payments, and communicate with you (e.g., billing notifications, account updates).
Analytics and Improvement: To analyze Usage Data and Aggregate Data to monitor performance, improve features, and develop new services.
Compliance and Security: To ensure compliance with applicable U.S. and Canadian laws (e.g., HIPAA, PIPEDA), detect fraud, and protect the security of the Platform.
De-Identified and Aggregate Data: To create De-Identified Data and Aggregate Data for research, analytics, or other purposes, which may be shared with third parties without identifying you or any individual.
4. How We Disclose Your Information
We may disclose your information as follows:
With Your Consent: We disclose Customer Data, including PHI, as directed by you or with appropriate consents (e.g., patient consents for recordings).
Sub-Processors: We engage third-party sub-processors (e.g., cloud hosting providers, analytics services) to support Platform functionality. Sub-processors are contractually obligated to comply with HIPAA, PIPEDA, and other applicable laws, and maintain safeguards consistent with ours. A list of sub-processors is available upon request at [email protected].
De-Identified and Aggregate Data: We may disclose De-Identified Data or Aggregate Data to third parties for analytics, research, or other purposes, as these do not identify individuals.
Service Providers: We may share information with third-party service providers (e.g., payment processors, customer support) to facilitate Platform operations, subject to confidentiality and compliance obligations.
Legal Obligations: We may disclose information if required by law, court order, or regulatory authority (e.g., to comply with HIPAA or PIPEDA audits), or to protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity, subject to equivalent privacy protections.
We do not sell personal information or PHI, and we prohibit the use of Part 2 Data on the Platform.
5. Data Retention and Deletion
You may configure Platform settings to control the retention of Customer Data:
Patient Recordings: You may choose to (i) delete Patient Recordings immediately after processing, or (ii) retain them for 30 days from submission or for the term of your subscription.
Other Customer Data: You may choose to retain other Customer Data (e.g., Custom Templates, Output) for 30 days from submission or for the term of your subscription.
After the selected retention period, we will delete Customer Data, except for backups retained for up to 7 days, which will be deleted per our data retention policies. Upon your written request and if your account is in good standing, we will provide an export of Customer Data in a standard, machine-readable format or delete it, as required by law or the BAA. We are not obligated to provide exports if your account is suspended or terminated due to non-payment or breach of the Terms.
6. Data Security
We implement and maintain administrative, technical, and physical safeguards designed to protect Customer Data, including PHI, against unauthorized access, alteration, disclosure, or destruction, in accordance with HIPAA, PIPEDA, and industry standards (e.g., AES-256 encryption for data in transit and at rest). Our sub-processors are required to maintain equivalent safeguards. However, no security measures are infallible, and you are responsible for implementing your own safeguards to protect sensitive data.
If we become aware of a security breach involving PHI, we will notify you within 10 days, as required by the BAA (if applicable) and applicable laws. You are responsible for obtaining all necessary consents for processing Customer Data, including patient consents for recordings and Voice Data.
7. Your Rights
Subject to applicable U.S. and Canadian laws (e.g., HIPAA, PIPEDA), you may have the following rights regarding your personal information:
Access: Request access to your personal information or PHI held by us.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of Customer Data, subject to our retention policies and legal obligations.
Data Portability: Request an export of Customer Data in a machine-readable format, as described in Section 5.
To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by law (e.g., 30 days under PIPEDA, 30 days under HIPAA for access requests). We may require verification of your identity or authority to act on behalf of a patient.
8. Third-Party Content and Services
The Wavo AI Clinical Assistant provides clinical information sourced from third-party providers. We do not control or verify the accuracy, reliability, or completeness of third-party content and disclaim all liability for any harm or damage arising from your reliance on such content. Your use of third-party services (e.g., payment processors, mobile app stores) is governed by their respective privacy policies and terms.
9. Cross-Border Data Transfers
The Platform operates in a cloud-hosted environment in Canada and the United States. Customer Data, including PHI, may be processed or stored in either country, subject to safeguards designed to comply with HIPAA, PIPEDA, and other applicable laws. By using the Platform, you consent to the transfer of your data to Canada and the U.S. for processing, provided such transfers comply with applicable privacy laws and the BAA (if applicable).
10. Compliance with Laws
We process PHI and personal information in accordance with HIPAA (U.S.), PIPEDA (Canada), and other applicable federal, state, and provincial privacy laws. Where a BAA is in place, it governs the processing of PHI. You are responsible for ensuring that your use of the Platform, including submission of Customer Data, complies with all applicable laws, including obtaining patient consents for recordings, Voice Data, and PHI processing. The Platform is not intended for processing Part 2 Data, and you must not submit such data.
11. Children’s Privacy
The Platform is intended for use by licensed healthcare professionals and their authorized staff who are at least 19 years of age (or the age of majority in their jurisdiction, if higher). We do not knowingly collect personal information from individuals under 19, except as part of Patient Recordings submitted by you with appropriate consents.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or the Platform at least 30 days before they take effect, unless immediate changes are required by law. Your continued use of the Platform after the effective date of changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Wavo AI Technologies Inc.
Email: [email protected]
© 2025 Wavo AI Technologies Inc. All rights reserved.