Privacy Policy
Last Updated: January 12, 2026
This Privacy Policy explains how Loomantix Inc. ("Company," "we," "us") collects, uses, discloses, and protects personal information in connection with the ActiveScribe service (the "Service").
This Privacy Policy should be read together with our Terms of Service and Data Processing Addendum (DPA).
1. Scope & Role of the Company
The Service is designed for use by licensed healthcare professionals and healthcare organizations.
In providing the Service:
- Customers act as Health Information Custodians (or equivalent under applicable provincial law)
- The Company acts as an information manager / service provider, processing personal health information ("PHI") solely on behalf of and under the instructions of the Customer
- The Company does not determine the purposes for which PHI is collected or used.
2. Information We Process
2.1 Customer Data (Including PHI)
Customer Data may include:
- Audio recordings of clinical encounters
- Transcriptions and draft clinical documentation
- Patient identifiers and clinical details
- Metadata related to use of the Service
All Customer Data is processed only to provide the Service.
2.2 Account & Administrative Information
We may collect:
- Name, email address, role, and organization
- Billing and subscription information
- Support communications
2.3 Technical Information
We may collect limited technical data such as:
- IP address
- Device and browser type
- Log and usage data
This information is used for security, troubleshooting, and service reliability.
3. How We Use Information
We use information to:
- Provide and operate the Service
- Secure and maintain system integrity
- Respond to support requests
- Meet legal and regulatory obligations
No Training on Customer Data
The Company does not use Customer Data or PHI to train, fine-tune, or improve AI models, whether internal or third-party.
4. Legal Basis for Processing
We process personal information:
- Under Customer instructions
- As required to perform contractual obligations
- As required by applicable law
For PHI, Customers are responsible for obtaining all required patient consents.
5. Disclosure of Information
We may disclose information:
- To subprocessors who assist in providing the Service
- Where required by law or regulator
- To protect the rights, safety, or security of the Company or others
We do not sell personal information.
6. Subprocessors
We use carefully selected third-party service providers (e.g., cloud infrastructure, speech-to-text services).
7. Data Residency
Customer Data is stored and processed in:
- Canada only
8. Safeguards & Security
We implement safeguards appropriate to the sensitivity of the data, including:
- Encryption in transit and at rest
- Access controls and authentication
- Monitoring and logging
- Incident response procedures
9. Data Retention
Customer Data is retained:
- For the duration of the Customer selected retention window
- As otherwise instructed by the Customer
- As required by law
Upon termination, data handling is governed by the Terms of Service and DPA.
10. Breach Notification
In the event of a privacy or security incident involving PHI:
- We will notify the Customer without undue delay
- We will cooperate with the Customer's regulatory and notification obligations
11. Individual Rights
As an information manager, the Company does not respond directly to patient access or correction requests. Such requests must be directed to the applicable Customer.
12. Updates to This Policy
We may update this Privacy Policy from time to time.
- Material changes will be communicated in advance
- Continued use of the Service constitutes acceptance