logo

Privacy Policy for GoAutomate Inc

Last Updated: November 2025

1. Introduction

GoAutomate Inc. ("we," "us," or "our") is committed to protecting the privacy and security of your personal information and, most importantly, Personal Health Information ("PHI"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services (as defined below). By using our Services, you consent to the practices described in this policy and confirm your understanding and acceptance of the terms outlined herein.

We are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the Personal Health Information Protection Act (PHIPA) in Canada, and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

We collect information in several ways, depending on how you interact with our Services.

A. Information You Provide to Us

  • Account Information: Name, email address, phone number, professional credentials, and billing information when you register for our Services.
  • Support Data: Information you provide when contacting customer support.

B. Information Collected via the Services (PHI/ePHI)

In the course of providing our automation tools, we process Personal Health Information (PHI) on behalf of our clients (Healthcare Providers, Covered Entities, or Health Information Custodians). This may include:

  • Patient names and demographics.
  • Medical history, diagnoses, and treatment plans.
  • Prescription information (via GoAutomateRX).
  • Laboratory results (via GoAutomate/LAB).
  • Medical imaging and DICOM data (via GoAutomateRAD/GoAutomateDC).
  • Cardiac data (via GoAutomateCARD).
  • Emergency ward records (via GoAutomateER).

C. Automatically Collected Information (Website Data)

When you visit our website, we may collect:

  • Log Data: IP address, browser type, operating system, referring URLs.
  • Cookies: Data used to enhance site functionality and analyze usage patterns.

3. How We Use Your Information

A. To Provide Services

We use PHI solely for the purpose of providing the information services requested by our clients. This includes processing prescriptions, analyzing lab results, automating imaging workflows, and managing patient records.

B. Communication

We may use contact information to send administrative information, such as updates to terms, security alerts, and support messages.

C. Service Improvement and AI Training (De-identified Data)

We may use de-identified or anonymized data to train our Artificial Intelligence (AI) or Machine Learning (ML) models.

However, we may de-identify or anonymize data in accordance with the Safe Harbor method under HIPAA and relevant standards for PHIPA/PIPEDA. Once data is fully de-identified, meaning it can no longer be linked to a specific individual, we may use the modified data to:

  • Train and improve our AI algorithms.
  • Enhance the accuracy of our automation tools.
  • Conduct statistical analysis and research.

4. Data Residency and Sovereignty

We understand the critical importance of data sovereignty for healthcare data.

  • For Canadian clients, data will be stored on servers physically located and retained exclusively within Canada. We utilize secure data centers hosted within Canadian borders to comply with provincial and federal regulations.
  • GoAutomate acts as a "Business Service Provider" and/or "Agent" in "Health Information Custodians." We comply with the requirements of PHIPA regarding the collection, use, and disclosure of personal health information. We ensure that all data remains within Canada and is protected for safeguards comparable to the territoriality of the information.
  • For United States clients, all Personal Health Information (PHI) will be stored, processed, and retained exclusively within US borders to comply with HIPAA regulations.

If we engage third-party "Business Associates" or "Covered Entities" clients, We comply with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. We may sign a Business Associate Agreement (BAA) with such service-based clients upon request.

5. Disclosure of Information

We do not sell your data. We may disclose information in the following circumstances:

  • Business Associates / Third-Party Vendors: We may share data with trusted third-party vendors (e.g., cloud hosting providers) who assist us in operating our Services. These vendors are bound by strict Business Associate Agreements (BAAs) requiring them to comply with privacy laws and use PHI only for the purpose of providing services on our behalf.
  • Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public or authorities (e.g., a court order or government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, user information may be transferred as part of that transaction, subject to the same privacy protections.

6. Security of Your Information

We employ administrative, technical, and physical safeguards designed to protect PHI and personal information. These measures include:

  • Encryption: Data is encrypted both in transit using TLS 1.2 (or later) using AES-256.
  • Access Controls: Strict role-based access controls (RBAC) ensure only authorized personnel can access sensitive data.
  • Audits: Regular security audits and vulnerability assessments.
  • Compliance: Adherence to HIPAA Security Rule and PHIPA security requirements.

7. Your Rights

A. For Patients

If you are a patient, or one of your clients, please direct your privacy inquiries (such as requests to access, correct, or delete your medical records) directly to your healthcare provider (or data processor/service provider, GoAutomate Inc. functions primarily as a "Business Associate" or "Agent" for the purpose of processing information on behalf of healthcare providers.

B. For Clients (Healthcare Providers)

You have the right to:

  • Access and correct your account information.
  • Request data export or deletion upon termination of services, subject to data retention laws.

B. Data Retention

We retain PHI only for as long as necessary to fulfill the purposes for which it was collected, and to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Canadian Data: Retained in accordance with provincial health data retention schedules.
  • US Data: Retained in accordance with HIPAA and state-specific retention laws.

9. Cookies and Tracking Technologies

We use cookies to enhance your experience on our website. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

10. Children's Privacy

Our Services are intended for use by healthcare professionals. We do not knowingly collect personal information from children under the age of 13. Patient data regarding children is processed under the strict authorization of the healthcare provider.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or if you wish to report a privacy concern, please contact our Privacy Officer:

GoAutomate Inc.

Attn: Privacy Officer

Email: privacy@goautomate.com

We use cookies to enhance your experience and for analytics.You can accept or reject analytics cookies.