Medicalsummary.ai
Request a Demo
Back
Last updated: March 30, 2025

Privacy Policy

Mejurix Inc. ("Mejurix", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and share information that can identify you (your "Personal Data"), and how you can exercise your rights under applicable U.S. and Canadian privacy laws. We have tailored this policy for our medical-legal software-as-a-service platform, which is a secure AI solution for summarizing and managing medical-legal information. Our platform is designed for professionals in fields like law, healthcare, and insurance. Mejurix Inc. is based in Canada and serves customers in both the United States and Canada.

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please contact us (see the How to Contact Us section at the end of this document).

Note: For region-specific information (such as rights available under U.S. or Canadian law), please see Section 8: Jurisdiction Specific Provisions below. We encourage you to read this Privacy Policy in full so you understand how Mejurix collects and uses your Personal Data.

1. Applicability of this Privacy Policy

This Privacy Policy describes how Mejurix collects, uses, and discloses Personal Data when you: (a) use our website and online platform (collectively, our "Services"), or (b) otherwise interact with us (for example, by emailing us or speaking with our team).

Our Services are primarily offered to business customers (such as law firms or companies in the legal and healthcare industries) for professional use. We enter into agreements with our customers (for example, platform subscription agreements and data processing agreements) to provide the Services. Important: This Privacy Policy does not apply to the content that our customers upload to our platform or the outputs generated by our AI in the course of providing the Services. For instance, documents, medical records, case files, and summaries that you or our customers input into the platform are "Customer Data" or "Content," which we process on behalf of our customers in order to provide the service. We handle that data according to our contract with the customer, and the customer is responsible for the data.

This means if you have questions or requests regarding personal information contained in Customer Data, you should contact the relevant customer (e.g. the law firm or organization who provided your data to our platform).

This Privacy Policy applies to Personal Data that Mejurix collects and controls as part of our own operations – for example, information you provide when creating an account, visiting our website, or communicating with us. In those contexts, Mejurix is the organization deciding how and why the data is used (often called the "data controller" or "business" under privacy laws).

2. Personal Data We Collect and Process

We collect Personal Data in the course of doing business and providing our Services. The types of information we collect fall into a few categories:

  • Information You Provide Directly: This is information you give us when you sign up for or use our Services or otherwise communicate with us. For example:
    • Account Information: When you or your organization creates an account with us, we collect details such as your name, email address, professional information (for example, your job title or area of practice), language preference, account credentials, billing/payment information, and transaction history.
    • Communication Information: If you contact us (for example, for support, inquiries about our Services, or to participate in a survey), we collect the content of your messages and any information you choose to provide. This may include your name, email address, profession or job role, and the nature of your inquiry or feedback. We also record your communication preferences (e.g., if you subscribe to newsletters or opt out of certain communications).
    • Social Media Information: We maintain pages on social media platforms like LinkedIn, X (formerly Twitter), or YouTube. If you interact with our social media pages or content, we may receive Personal Data that you choose to share with us. For example, you might provide your contact details or send us messages via those platforms. We may also receive aggregate information (such as analytics) from the social media sites about how users interact with our pages.
  • Information We Collect Automatically: Like many companies, we automatically collect certain information about your device and your use of our Services. This includes:
    • Log Data: When you use our website or platform, our systems automatically record information such as your Internet Protocol (IP) address, browser type, operating system, device identifiers, the pages or features you accessed, the dates/times of access, and other usage details. This data (called "log data") helps us administer the Services and understand how they are being used.
    • Usage Data: We collect information about your interactions with our Services, such as how often you use the platform, the features or modules you click on, the queries or actions you perform, and the duration of your sessions. This usage data helps us analyze and improve the performance of our AI platform and tailor it to user needs.
    • Cookies and Similar Technologies: We use cookies, scripts, and similar tracking technologies to personalize your experience and collect information about your usage of our Services. Cookies are small text files placed on your device that allow us to recognize you on future visits. They help us remember your preferences, understand which parts of our site are popular, and show you content or advertisements relevant to your interests. We may also use similar technologies like web beacons or local storage for these purposes. Your Choices: You can set your browser to refuse all or some cookies or to alert you when cookies are being used. However, if you disable cookies, some features of our Services might not function properly. (For more details on how we use cookies and how you can manage them, please see our Cookie Policy available on our website.)
    • Device Information: When you access our Services, we receive information about the device you're using. This may include details like the device type (e.g., laptop, tablet, smartphone), device model, operating system and version, unique device identifiers, and your web browser type/version. This device information helps ensure our Services work correctly on different devices and assists with troubleshooting technical issues.
  • Information from Third Parties: We may receive Personal Data about you from other sources, such as:
    • Security/Fraud Prevention Partners: For example, we might use third-party services that provide us with alerts or information to help detect and prevent fraud, cyberattacks, or other unauthorized activities. These partners might provide data like IP addresses or threat intelligence that helps us keep our platform secure.
    • Marketing and Referral Partners: We could receive your information from marketing agencies, data providers, or referral programs. For example, if you attended a conference or webinar and showed interest in our product, the event organizer might share attendee contact info with us. Or, a business partner might suggest that we reach out to you and provide your name and email. We use this information to identify potential customers and inform them about our Services (in accordance with applicable marketing laws).
    • Advertising Partners: If we run targeted advertising campaigns, we might work with advertisers or analytics firms that provide us with information on how our ads perform or about your interactions with our ads (for instance, if you clicked an ad for Mejurix on a third-party site). This helps us measure the effectiveness of our advertising and reach audiences who are interested in our Services.
    • Event and Networking Contacts: If our team meets you at an industry event, trade show, or through professional networking, we might collect your business card or contact details with your consent. Additionally, organizers of events or directories may give us lists of participants which include your work contact information. We only use such information to follow up on business opportunities or connections in a professional context.
  • Publicly Available Information: We may also gather information from public sources. For example, we might use information from public websites, public profiles, or published materials to improve our Services and train our AI models. This could include publicly available medical literature, court judgments, legal filings, or other documents that are relevant to medical-legal research. We use this information to develop and refine our platform's capabilities. When we use public data, we take steps to minimize any impact on individual privacy. For instance, if we use aggregated or anonymized data sets, we will not attempt to re-identify individuals from that data (unless required by law). Publicly available information may also be used to help verify credentials or prevent fraud (for example, confirming a law firm's business address from a public registry).

We collect and use the Personal Data described above for the purposes explained in the next section. If any additional Personal Data is collected in the future, we will update this Privacy Policy or provide you with appropriate notice.

3. How We Use Personal Data

We use your Personal Data for the following purposes, all in support of providing a high-quality and secure service:

  • Providing and Improving the Services: We use information to deliver our platform and services to you, ensure they function as intended, and maintain their quality. This includes using Personal Data to set up your account, authenticate you when you log in, process transactions (such as subscription payments), and provide the features of our AI platform (such as generating medical-legal summaries). We also use data to debug and improve the platform – for example, to fix bugs, enhance AI accuracy, and develop new features or tools that make the service more useful.
  • Research and Development: Your information (along with data from other users) helps us to conduct research and analysis aimed at improving our artificial intelligence algorithms and overall Service performance. For instance, understanding how users interact with certain features can guide us in making those features more intuitive. In some cases, we may use anonymized data sets to train our machine learning models so they become more accurate over time.
  • Personalization: We may use Personal Data to personalize your experience. This could mean customizing the content you see, remembering your preferences (such as language or dashboard settings), and tailoring our Services to better suit your professional needs. For example, knowing your role (lawyer, healthcare professional, etc.) might allow us to highlight relevant features or resources when you use the platform.
  • Communicating with You: We use contact information like your email address to communicate with you. This includes sending you Service-related announcements or notifications (for example, updates about your account, confirmations of transactions, security alerts, or important updates to our platform). If you have opted in, we may also send marketing communications such as newsletters, product updates, event invites, or other information we think may be of interest to you. (You can always opt out of marketing emails as described in the Your Data Protection Rights section below.) We might also contact you to follow up on feedback or inquiries you've submitted, or to provide customer support.
  • Customer Support: If you reach out to us with a question, feedback, or an issue, we will use the information you provided (and any relevant information from your account or usage of the platform) to assist you and resolve problems. This might involve troubleshooting technical issues, responding to feature questions, or addressing any concerns you have about the Services.
  • Security and Fraud Prevention: Personal Data is used to protect our Services and our users. For example, we monitor usage patterns to detect suspicious or unauthorized activities. Information like IP addresses and device data can help us verify user identities and prevent fraudulent use of accounts. We also may use data to enforce our terms of service and to prevent misuse of the platform (such as activities that violate the law or our agreements).
  • Legal Compliance and Enforcement: We may process Personal Data as needed to comply with our legal obligations. This includes using data to satisfy reporting obligations, to respond to valid legal requests (such as subpoenas or court orders), or to establish, exercise, or defend legal claims. We also use and retain data as necessary to enforce our agreements (for example, to ensure users are abiding by licensing terms) and to protect the rights, property, or safety of Mejurix, our users, or others. For instance, if necessary, we might use account information to contact a user about an issue related to compliance or risk.

In addition to the above, we may use your information to assess eligibility for certain offers or to market our services to you (where lawful). For example, we might analyze your profile or how you use the Services to suggest other features or products that could be useful to you. If the law requires us to get your consent for certain marketing activities (such as in Canada's anti-spam laws or specific U.S. state laws), we will do so.

Aggregated and De-Identified Data: We sometimes aggregate or anonymize Personal Data so that it can no longer be linked to any specific individual. We may use this aggregated data for purposes such as statistical analysis, Service improvement, and academic or marketing insights. For example, we might publish trends or metrics (e.g., average time saved by users when using our AI summaries) that are based on aggregated usage data. This information will not identify you personally. We do not attempt to re-identify individuals from anonymized data. If, in rare cases, we ever need to re-associate anonymized data with an individual (for example, to investigate a security incident), we would only do so if permitted by law.

4. Who We Share Your Personal Data With

We do not sell your Personal Data to third parties for profit. However, we do share certain information with third parties in a few situations as part of running our business and providing our Services. The categories of recipients of Personal Data include:

  • Our Affiliates: If Mejurix ever becomes part of a group of related companies (for instance, if we establish subsidiaries or partner with another company under common ownership), we may share Personal Data with those affiliated entities. They would use the information in line with this Privacy Policy (for example, to assist in providing or improving the Services). This kind of sharing helps us operate effectively across different teams and locations. (If Mejurix does not have any affiliates at present, then your data is not currently shared in this way—this provision would apply only if we form affiliates in the future.)
  • Service Providers and Vendors: We employ trusted third-party companies and individuals to perform certain functions on our behalf – we refer to them as our service providers or vendors. These include, for example:
    • Hosting and Infrastructure Providers: companies that provide cloud storage, data centers, or server hosting for our website and platform (ensuring our Service is available online).
    • Payment Processors: services that handle billing and payments if you subscribe to a paid plan.
    • Email and Communications Providers: tools that help us send emails, notifications, or chat communications to you.
    • Analytics and Marketing Tools: services that help us understand usage of our platform or run marketing campaigns (e.g., analytics platforms that process log and usage data, or email campaign tools that manage newsletter subscriptions).
    • Customer Support Tools: software that helps our support team manage inquiries and issues (which may store the communications we have with you).
    • Other IT or Professional Services: for example, security consultants, auditors, backup services, or legal advisors who may have access to certain data when providing us their services.

These service providers are given access to Personal Data only as needed to perform their specific tasks on our behalf. We require that they protect your information and not use it for any purpose other than providing the agreed-upon service to us. In other words, they can't independently decide to use your data for their own marketing or share it with others (unless it's necessary to carry out the work we've hired them to do, and even then, under strict terms). We have contracts in place with our service providers that obligate them to safeguard your Personal Data to a standard comparable to our own safeguards.

  • Third-Party Integrations (at Your Direction): If our platform allows integrations with third-party applications or services (for example, if you choose to connect our Service with a tool like Microsoft Word or a legal practice management software via an API or plugin), then with your authorization, we will share the necessary data with that third-party application to enable the integration. Likewise, the third party might share data back to our platform. For instance, if you link your calendar app, we might receive scheduling information; or if you export a report to a third-party service, that service will receive the content you export. Please note: Any information transferred to a third-party application is governed by that third party's own privacy policy and terms. We recommend reviewing the privacy policies of any third-party services you integrate with our platform. We are not responsible for how those third parties use your data once you've directed us to send it to them.
  • Business Transfers: If Mejurix undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, your Personal Data may be disclosed to potential buyers or other parties involved in the transaction (e.g., as part of a confidential due diligence process). If the transaction is completed, your information may be transferred to the successor or new owner so that the Service can continue to operate. In such cases, we will require that your Personal Data remains subject to protections at least as strict as those outlined in this Privacy Policy. We will also provide notice on our website (and, if applicable, directly to you) if a new company will be taking ownership of your Personal Data, along with any choices you may have. Similarly, if Mejurix ever undergoes bankruptcy or other change of control, Personal Data could be considered an asset and transferred accordingly, but again, the use of your data would remain subject to this Privacy Policy (unless you are notified of changes).
  • Legal and Regulatory Disclosure: We may share your Personal Data with third parties such as law enforcement agencies, regulators, government authorities, or other organizations when we believe it's legally necessary or appropriate to do so. Situations where this might occur include:
    • Compliance with Laws: If we receive a valid legal order, subpoena, warrant, or request that compels us to disclose information (for example, a court order to provide data for a legal proceeding), we will comply as required by law.
    • Protecting Rights and Safety: We might disclose information if we believe it's necessary to prevent or address fraud, security breaches, or other illegal activities. For example, if someone is suspected of hacking into our system, we may share data with law enforcement to investigate. Likewise, if a user's actions threaten the safety of other people, property, or our systems, we may report that to appropriate authorities.
    • Enforcing Our Agreements: We may share information with our attorneys or advisors in order to enforce or apply our Terms of Service or other agreements, and to investigate potential violations. For instance, if needed to collect a debt or resolve a dispute, relevant data might be shared with parties involved in that process.
    • Professional Advisors: In the normal course of business, we may also share relevant parts of your information with our professional advisors (such as our lawyers, accountants, insurers, and auditors) when it's necessary for them to provide us with advice or to protect our legal rights. These advisors are typically bound by confidentiality obligations.

In all cases of sharing, we only share the minimum amount of Personal Data necessary for the purpose at hand, and we strive to ensure that any third parties who receive the data handle it with appropriate care and security. We do not sell personal information to data brokers or unrelated parties for their own marketing. We also do not share your personal information with third parties for their independent use unless you have specifically requested or consented to such sharing.

5. How We Keep Your Personal Data Secure

The security of your Personal Data is very important to us. We use a combination of technical and organizational measures to protect your information from unauthorized access, use, alteration, or destruction. For example, we employ measures such as encryption (to protect data in transit and at rest), access controls (so that only authorized personnel can access data on a need-to-know basis), and network security technologies (like firewalls and intrusion detection systems). We also train our staff on data protection best practices and limit access to Personal Data only to those employees and contractors who need it to perform their jobs.

In addition, we periodically review our security procedures to consider appropriate new technology and updated methods. We also engage in testing and monitoring of our systems to prevent vulnerabilities. If we use third-party service providers to store or process data (such as cloud hosting services), we choose reputable providers and require them to maintain strong security practices.

Despite all these efforts, it's important to understand that no method of transmitting or storing data is 100% secure. While we strive to protect your Personal Data, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact and notify you and/or the appropriate authorities as required by law.

6. International Data Transfers

Mejurix is a Canada-based company, but we serve users in both the United States and Canada (and potentially elsewhere). As a result, your Personal Data may be transferred to and stored in different countries. For example, information we collect might be processed on servers located in the United States or in another country outside of your home jurisdiction. Similarly, some of our service providers might be located in the U.S. or other countries, so your data could be accessible to them from those locations.

Different Privacy Laws: If you are located in Canada, please note that when your Personal Data is transferred to the United States (or another country), it will be subject to the laws of that country. For instance, data stored in the U.S. might be accessed by U.S. government or law enforcement agencies under U.S. laws. Likewise, if you are in the U.S. and your data is processed in Canada, it will be subject to Canadian law. The privacy protections in these jurisdictions may differ from the protections in your country. However, regardless of where your data is processed, we will protect it as described in this Privacy Policy.

Our Safeguards for Cross-Border Transfers: Whenever we transfer Personal Data across borders, we take steps to ensure appropriate safeguards are in place to protect your information. These safeguards may include:

  • Contractual Protections: We may implement standard data protection clauses (standard contractual clauses) or similar agreements with our service providers to contractually require that your data receives a high level of protection, no matter where it is transferred.
  • Access and Security Measures: We limit which of our team members and service providers can access Personal Data based on necessity, and we use technical measures like encryption to add an extra layer of protection during transfer.
  • Policy and Procedure: Our internal policies ensure that any transfer of data is done in compliance with applicable privacy laws. We also assess the risk of each transfer and adapt our practices as needed to maintain the confidentiality and integrity of your data.

By using our Services or providing information to us, you consent to the transfer of your Personal Data to countries outside of your own country (including the United States and Canada). We will of course continue to safeguard that Personal Data in accordance with this Privacy Policy. If you have questions about international data transfers or require more specific information about the safeguards we use, you can contact us using the information in the How to Contact Us section.

7. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In other words, we will keep your information for as long as you are a user of our Services or as long as needed to achieve the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Here are some factors we consider when determining how long to retain data:

  • Providing the Service: If you have an account or subscription with us, we will keep the information associated with your account while your account is active. We retain this information to provide you with the Service, maintain your account, and to be able to address any issues that arise. If you close your account, we will delete or anonymize your Personal Data within a reasonable period after account closure, except for data we must keep for legal reasons (explained below).
  • Contractual Commitments: For our business customers, the terms of the customer agreement may specify retention requirements. For example, our contract with a law firm might state how long we will retain uploaded content or account data. In such cases, we follow the contractual requirements. If a customer asks us to delete certain data as part of the service, we will do so as outlined in our agreement with them.
  • Legal Obligations and Disputes: We may need to retain certain information to comply with legal obligations. For instance, financial records (which may include transaction history and billing information) might be kept for a number of years as required by tax law or accounting rules. If we're involved in a dispute or investigation, we might retain relevant information until the matter is resolved, to protect our legal rights. We also keep records to demonstrate compliance with privacy and other laws (for example, keeping track of who has opted out of marketing, or records of consents given).
  • Business Needs: In some cases, we might retain limited information for business operations. For example, if you contacted customer support, we might keep a record of that correspondence to help us if you contact us again or to improve our support processes. Also, basic contact information might be kept to follow up on potential business opportunities if you expressed interest in our Services.

When we no longer have a legitimate business need or legal reason to keep your Personal Data, we will take steps to delete, destroy, or permanently anonymize it. If deletion (or anonymization) is not immediately possible – for example, because the data is stored in a backup archive that is not easily accessible – we will securely store the data and isolate it from any further use until deletion is possible. In practical terms, this means the data may remain in our archives for a certain period, but we will not process or use it for any other purpose during that time.

8. Jurisdiction Specific Provisions

This section provides additional information for individuals located in certain jurisdictions, namely the United States and Canada, and explains how we fulfill requirements specific to those regions.

For Users in the United States:

If you are a resident of the United States, and particularly if you are a California consumer, you may have certain privacy rights under U.S. state laws (such as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act, or similar laws in other states). We honor applicable U.S. privacy laws and provide U.S. consumers with the following notices and rights:

  • No Sale of Personal Data: We do not sell your Personal Data to third parties for money. We also do not share your Personal Data with third parties for their independent marketing purposes. However, we want to be transparent that we do use cookies and third-party analytics/advertising services that may collect information about your visits to our site to show you Mejurix ads on other websites. Some state laws (like California's CCPA) define this type of sharing as a "sale" or "sharing" of personal information, even if no money is exchanged. In those cases, you have the right to opt out of such sharing. We provide mechanisms to do so (for example, a "Do Not Sell or Share My Personal Information" link on our website, if required). We also confirm that we do not knowingly sell or share personal information of minors under 18 years of age.
  • Right to Know: You have the right to request that we disclose what personal information we have collected about you. Once we receive and confirm a verifiable consumer request from you, and as required by law, we will provide you with information such as: the categories of personal information we collected, the sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we shared or disclosed the information. We will also, if requested, provide the specific pieces of personal information we collected about you. (Please note that we may be limited by law in what specific data we can disclose in order to protect the security and privacy of you and others—for example, we won't disclose sensitive information like passwords or any specific pieces of data that could create a security risk.)
  • Right to Delete: You have the right to request deletion of personal information we have collected from you and retained, subject to certain exceptions. Our global practice (as described in Section 10 below) is to allow you to request deletion of your data. If you ask us to delete your personal information, we will do so unless retaining the information is necessary for us to complete a transaction with you, detect security incidents, comply with a legal obligation, or another exception permitted under applicable law.
  • Right to Opt Out of "Sale" or "Sharing": As mentioned, while we don't sell data for money, we may share some data for advertising purposes which could be considered a "sale" or "sharing" under California law. You have the right to direct us not to sell or share your personal information in this way. If you prefer that we not use your data for targeted advertising or any similar purpose that falls under "sale/sharing," you can opt out. To exercise this right, you can use the "Do Not Sell or Share" link on our website (if available) or contact us directly (see How to Contact Us). Once we process your opt-out request, we will stop the disclosure of your data to advertising partners for targeted advertising. (Please be aware that this does not stop all ads – you may still see non-targeted ads about Mejurix, but they would not be based on your personal data).
  • Right to Correct: Under some state laws (like California's CPRA), you have the right to request that we correct inaccurate personal information we hold about you. If you believe any of your information is incorrect, you can contact us to request a correction. We may need to verify the accuracy of the new information you provide and certain documentation may be required for verification, depending on the nature of the information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights. This means if you choose to exercise your privacy rights (such as requesting deletion or opting out of sale/sharing), we will not deny you our Services, charge you a different price, or provide you a lower quality of service just because you exercised your rights. (Note: If deletion of data or opt-out from certain processing impacts our ability to provide the Service, we will inform you of the consequences. But we will never retaliate or impose punitive effects due to your privacy choices.)

How to Exercise U.S. Rights: If you are a U.S. consumer and would like to exercise any of the above rights, you (or an authorized agent acting on your behalf) can submit a request to us. The easiest way is to contact us via email or mailing address provided in How to Contact Us (Section 12). Please clearly state that you are making a "U.S. Privacy Rights Request" and specify which right you wish to exercise (e.g., access request, deletion request, opt-out of sale/sharing). We will need to verify your identity to process certain requests – this might involve confirming details we have on file (such as your email address or last interaction with us) to ensure we are fulfilling requests for the correct individual. We will respond to your request within the timeframe required by law (generally within 45 days for California, with the possibility to extend once for an additional 45 days with notice to you). If we need more information to verify or complete your request, we will let you know. For opt-out of sale/sharing requests, we will comply as soon as feasibly possible.

For Users in Canada:

If you are in Canada, your personal information is protected by laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, as well as provincial privacy laws in certain jurisdictions (for example, Alberta's PIPA, BC's PIPA, or Quebec's privacy act for the private sector). Mejurix is committed to complying with these Canadian privacy laws. Here's what that means for you:

  • Consent and Purpose: We will collect, use, and disclose your personal information with your knowledge and consent, except where otherwise permitted or required by law. In practice, this means that when you provide us personal information, we assume you consent to our reasonable use of that information in line with this Privacy Policy and the nature of our dealings with you. We will not use your information for a new purpose that we haven't informed you about without obtaining any necessary consent. For example, if we wanted to use your information for a purpose not covered by this policy, we would seek your consent first.
  • Access to Your Information: You have the right to request access to the personal information we hold about you. Subject to certain exceptions (for instance, if providing access would reveal personal information about another individual or if it's subject to legal privilege or security concerns), we will let you know what personal data we have, what it's being used for, and to whom it has been disclosed. You can make an access request by contacting us (see How to Contact Us). We may need to verify your identity and may ask for specifics about the information you need. We will respond within a reasonable time, and we may charge a minimal fee if required by law (we will inform you of any fee in advance).
  • Correction: If any of your personal information is inaccurate or incomplete, you have the right to request a correction. We rely on you to provide accurate information and to update us on any changes. If you find that we have incorrect information about you (for example, an outdated email or an incorrect name spelling), please let us know. We will correct the information where appropriate and send the corrected information to any third party that we may have shared it with (where necessary). If for some reason we cannot make the requested correction (for example, if it's information that we did not originally create or if there is a legal reason we cannot change it), we will explain the reason and note your request in our records.
  • Withdrawal of Consent: You have the right (with reasonable notice to us) to withdraw your consent to our continued use or disclosure of your personal information. For example, if you previously consented to receive our newsletter, you can unsubscribe at any time (withdrawing consent for that specific use). If you withdraw consent for us to use your information in a manner that is necessary for us to provide the Services, we will let you know if your withdrawal may mean we can no longer provide you with certain features or Services. Withdrawing consent will not retroactively undo any processing we have already done, but we will stop the future use of your data for those purposes. Note that sometimes we might have legal grounds to continue processing some of your data even after you withdraw consent (for instance, to retain transaction records for legal compliance), but we will inform you if that is the case.
  • Data Storage and Transfers: In compliance with Canadian best practices, we inform you that your personal information may be stored or processed outside of Canada, including in the United States. As described in Section 6 (International Data Transfers), if your data is in another country, it is subject to that country's laws (which might be different from Canadian law). We will ensure, through contracts or other means, that if your data is handled by third parties outside Canada, they will provide a comparable level of protection for your privacy. You can contact us for more information about our policies regarding offshore processing of personal data.
  • No Sales of Personal Information: Similar to our U.S. statement, Mejurix does not sell your personal information to third parties. We handle personal information in accordance with the purposes described in this policy or as otherwise authorized by you. Any disclosures to third-party service providers are for the identified business purposes and not for those parties to use your data for their own unrelated purposes.
  • Questions or Complaints: If you have a question or complaint about how we handle your personal information, we encourage you to contact us first so we can address your concern. We will investigate and attempt to resolve any complaints. However, you also have the right to contact the Privacy Commissioner of Canada or your provincial privacy commissioner (if applicable) to discuss any concerns or file a complaint. For example, if you're in Canada and not satisfied with our response, you can reach out to the Office of the Privacy Commissioner of Canada (OPC) at https://www.priv.gc.ca/ or via mail/phone as listed on their website. We will cooperate with any inquiries or guidance from privacy authorities to resolve the matter.

We value the privacy of our Canadian users and strive to handle personal information in a transparent and accountable manner, consistent with the principles of Canadian privacy law (such as the Ten Fair Information Principles under PIPEDA).

9. Minors' Data

Our Services and website are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from anyone under 18 years old. If you are under 18, please do not use our platform or provide any information about yourself.

If we discover that we have inadvertently collected Personal Data from a person under 18, we will take prompt steps to delete such information from our records. For example, if a minor were to sign up with false information and we later learn of their age, we would remove their account and data.

Parents and Guardians: If you believe that a child under 18 may have provided us with personal information, please contact us immediately (see How to Contact Us below). We will investigate and, if appropriate, delete the information to ensure it is removed from our systems.

By using our Services, you represent that you are at least 18 years of age. We reserve the right to request proof of age from users if we suspect someone using our Service might be underage.

10. Your Data Protection Rights

We believe in user empowerment and transparency. Depending on where you reside and subject to applicable laws, you have a number of rights regarding your personal data. Below is an overview of those rights and how you can exercise them:

  • Right to Access: You have the right to request access to your Personal Data that we hold. This means you can ask us to confirm whether we are processing your Personal Data and request a copy of that data, as well as information about how we use it. We will provide you with a copy of the Personal Data we have about you, in a commonly used format, if you request it. (For U.S. users, this encompasses the "Right to Know" described in the U.S. section above; for Canadian users, this is the right of access under PIPEDA.)
  • Right to Correction: You have the right to request that we correct any inaccuracies in your Personal Data. If you find that any information we have is wrong or incomplete (for example, your name, contact info, or account details), please let us know. We will correct it where appropriate. We may need to verify the new information you provide, but once that's done, we'll update our records and inform any third parties (who received the incorrect data from us) of the change if necessary.
  • Right to Deletion (Right to Erasure): You have the right to request deletion of your Personal Data. This is sometimes called the "right to be forgotten." Upon your request (and in line with applicable law), we will delete your Personal Data from our active systems. Keep in mind there may be situations where we cannot delete data entirely – for example, if we are required by law to keep certain records (like invoices), or if the data is needed to exercise or defend legal claims. If we must retain information for legal reasons, we will inform you. Otherwise, we will make good faith efforts to comply with your deletion request and will also direct our service providers to delete your information from their records where applicable.
  • Right to Object to Processing: You have the right to object to our processing of your Personal Data in certain circumstances. For example, if we are processing your data based on our "legitimate interests" (a concept under European and similar laws) or for direct marketing, you can object to that. While this specific legal term of "legitimate interest" is a concept under laws like the GDPR (which we are not explicitly subject to in the U.S./Canada context of this policy), as a general practice, if you have an objection to how we are handling your data, we want to know and we will consider your request seriously. In some cases, we may have compelling legitimate grounds to continue processing (for instance, security or legal compliance reasons), but we will evaluate each request on its merits.
  • Right to Restrict Processing: You have the right to ask us to limit or "pause" the processing of your Personal Data in certain situations. This could apply if you contest the accuracy of the data (until we verify it), or if you believe our processing is unlawful but you prefer we restrict use of the data rather than delete it, or if you need us to keep the data longer than our retention period for the establishment, exercise, or defense of legal claims. When processing is restricted, we will store your data securely and not use it except to the extent allowed by you or as necessary for legal compliance.
  • Right to Data Portability: You have the right to request a copy of certain Personal Data in a machine-readable format, and you have the right to have that data transmitted to another organization, where technically feasible. This right typically applies to information you provided to us (and that we processed with your consent or to perform a contract, if applicable). In practice, if you request it, we can provide you with an electronic file of your basic account information and data you've provided to us, so that you can transfer it to another service if you wish.
  • Right to Opt Out of Marketing: You can opt out of receiving marketing communications from us at any time. If you no longer want to receive emails about product updates, events, or other news, you can click the "unsubscribe" link that we include in all our promotional emails. Alternatively, you can contact us at any time to let us know your preferences (see How to Contact Us). Please note that even if you opt out of marketing messages, we may still send you important administrative or transactional messages (for example, an email to reset your password, a notice about a security update, or information about your account usage) since these are not marketing communications.
  • Right to Withdraw Consent: In cases where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. For instance, if you consented to us using your testimonial on our website, you can later ask us to remove it. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal – in other words, it won't undo past actions – but it will stop us from continuing the specific activity you withdraw consent from. If you withdraw consent for something that is necessary for us to provide the Service (for example, use of your email address), we will let you know if that withdrawal means we cannot continue to provide you some features of the Service.
  • Right to Complain to a Regulator: We take your privacy seriously and will do our best to address any concerns you have directly. However, if you believe we have not handled your Personal Data properly or have violated your rights, you have the right to file a complaint with a supervisory authority or regulator. For example:
    • In Canada, you can contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner (if applicable) to discuss any concerns or file a complaint.
    • In certain U.S. states, you may have the right to contact your state's Attorney General or a dedicated privacy regulator (for example, the California Privacy Protection Agency for issues relating to CCPA/CPRA) to lodge a complaint.
    • If other laws apply to you (for instance, if you are a visitor from the EU or UK), you may contact a Data Protection Authority in the appropriate country. (Note: Since this policy is focused on U.S. and Canada, we are not detailing EU/UK authorities here, but you still have that right if applicable.)

We encourage you to reach out to us first, and we will do our best to resolve your issue. But we want you to know that these formal channels are available to you as well.

Exercising Your Rights: To exercise any of the rights described above, please contact us using the information provided in How to Contact Us (Section 12). In your request, clearly describe which right you are seeking to exercise and the scope of the request. For example, if you want a copy of your data, specify the data you're referring to (certain data might be exempt from portability, for instance). If you want us to delete certain information, it helps to specify which information (e.g., "please delete my account and associated data" or "please remove my email from your mailing list and delete any records of my inquiry from last year").

Verification: For your protection, we will need to verify your identity before fulfilling certain requests (such as access or deletion requests) to ensure that your Personal Data is not disclosed to someone impersonating you. Verification might involve confirming some information we already have on file (e.g., responding to an email from your registered email address or providing a piece of identifying information).

Authorized Agents: If you wish to have an authorized agent make a request on your behalf (applicable notably for California residents), we will require proof of the agent's authority to act and may still ask you to verify your identity directly with us.

Response Time: We will respond to your request within a reasonable timeframe. Our goal is to address requests within 30 days. If we need more time (due to complexity or number of requests), we will let you know and explain the reason for the delay.

No Fee (Generally): You will not have to pay a fee to exercise your rights. However, if a request is excessive or manifestly unfounded (for example, repetitive requests), applicable law may allow us to charge a reasonable fee or refuse to act on the request. We will never charge a fee without explaining why.

Finally, if we cannot fulfill a request in whole or in part, we will provide an explanation. For instance, if you request deletion of data that we are legally required to keep, we will inform you of that requirement.

11. Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our business practices, to address new legal requirements, or if we add new features to our Services that impact how we handle personal data. When we make changes, we will change the "Last updated" date at the top of this Privacy Policy to indicate the revision date.

If we make any material (significant) changes to the way we treat your Personal Data or to the Policy's terms, we will take steps to notify you in advance. For example, we might post a prominent notice on our website or send an email notification to we might post a prominent notice on our website or send an email notification to our registered users explaining the changes and any choices you may have. We do this because we want you to be informed and to continue using our Services with confidence.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Privacy Policy have been posted will signify your acceptance of the updated terms (to the extent permitted by law). If we seek to use your Personal Data for a new purpose not originally disclosed to you, we will obtain your consent if required.

12. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your Personal Data, please do not hesitate to reach out to us. We are here to help and address any issues you may have.

Contact Information:

  • Email: You can email our team at privacy@mejurix.com. This is the fastest way to reach us for privacy-related inquiries or requests. Please include in the subject line or body that your message is regarding "Privacy" or "Personal Data" so we can direct it to the right personnel.
  • Mailing Address: You can also write to us at the following address:

    Mejurix Inc.
    Attn: Privacy Officer
    1110 Finch Aven West Unit 310
    Toronto, Ontario, L4C 7Z6 Canada
    jcho@medicalsummary.ai

    (If you prefer to contact us by mail, please allow additional time for us to receive and process your request. If your inquiry is urgent (for example, a time-sensitive request to exercise rights), we recommend sending an email as well for a quicker response.)

We will endeavor to respond to all legitimate inquiries promptly, typically within a few business days. If you are contacting us to exercise a specific privacy right, please refer to Section 10 above for information on what to include in your request and any verification steps.

Thank you for reading our Privacy Policy. We value your trust in Mejurix and are committed to safeguarding your personal information while providing you with a powerful platform to manage medical-legal information securely. If you have any questions or need further clarification on any aspect of this Policy, please contact us – we're here to help.