Your Privacy
How Medveil protects your health information under Canadian privacy law.
Last updated: April 2026. Effective for all users in Ontario.
Medveil is a telehealth platform operating in Ontario that connects patients with licensed Nurse Practitioners for prescription-based treatment of weight loss (GLP-1 medications), hair loss, erectile dysfunction, and PrEP. We are committed to protecting your privacy and complying with the Personal Health Information Protection Act (PHIPA) of Ontario.
This Privacy Policy explains how we collect, use, store, and protect your personal health information (PHI). It applies to all users of the Medveil platform, including the website, mobile app, and patient portal.
If you have questions about this policy, contact our privacy team at privacy@medveil.ca.
When you complete your intake form, we collect detailed health information including:
Why: This information is necessary for a Nurse Practitioner to assess whether treatment is clinically appropriate and safe for you. Without it, we cannot provide our service.
We collect your name, email address, phone number, date of birth, and Ontario residential address to set up and manage your account, communicate with you, and process payments.
Why: This allows us to verify your eligibility (Ontario residency, age 18+) and contact you about your treatment.
Once a Nurse Practitioner has reviewed your intake, we retain the prescription issued, medication dosage, refill history, and notes about your treatment plan.
Why: This documents the clinical decision made by the prescribing practitioner and ensures continuity of care for future consultations.
We retain copies of all text-based communications between you and Nurse Practitioners, including follow-up questions, treatment updates, and side effect reporting.
Why: This creates a medical record of your care and allows for continuity when speaking with different practitioners.
We collect payment method information (credit card, debit card) to process your monthly platform fee. We share your name, address, and prescription details with our pharmacy partner to fulfill medication orders.
Why: We need payment information to charge your account. We share minimum necessary information with the pharmacy to send you medication.
We automatically collect information about how you interact with our platform, including IP address, browser type, pages visited, time spent, and device information. This is collected via standard web analytics and does not identify you personally.
Why: We use this to improve platform performance, detect fraud, and understand how patients use our service.
All personal health information is stored on Canadian servers located in Ontario or another Canadian province, ensuring that your data remains under Canadian jurisdiction and protected by Canadian law. Your data is never stored on servers outside Canada.
All personal health information is encrypted in two ways:
Payment information is processed by a PCI-compliant payment processor and is never stored on our servers in readable form.
Access to your personal health information is restricted to authorized personnel who need it to provide care or support (licensed Nurse Practitioners, patient support staff, pharmacy partners). All staff members sign confidentiality agreements. Access is logged and monitored.
We retain your personal health information for the duration of your treatment relationship with Medveil, plus a minimum of seven years after your account is closed, in compliance with medical record retention standards. After seven years, we securely delete your information unless legally required to retain it.
Licensed Nurse Practitioners have access to your medical history, intake information, and communication records only to provide clinical assessment and prescribing services. They are bound by professional codes of conduct and confidentiality requirements.
We share your name, address, prescription details, and medication history with our licensed compounding pharmacy partner solely to fill and ship your prescriptions. The pharmacy is bound by PHIPA and pharmaceutical confidentiality regulations.
Our customer support and technical teams may access your account information (name, contact details, account status) to troubleshoot technical issues, answer billing questions, and provide customer service. They do not access your medical information unless necessary to resolve a specific issue you report.
We do not share, sell, rent, or license your personal health information to:
Your health information is never monetized or used for commercial purposes other than providing you with the Medveil service.
We may disclose your personal health information if required by law, court order, or regulatory authority. Examples include:
When legally compelled, we will attempt to notify you unless legally prohibited.
Under the Personal Health Information Protection Act (PHIPA), you have the following rights regarding your personal health information:
You have the right to access all personal health information we hold about you. Submit a written request to privacy@medveil.ca with your full name and account email. We will provide your information within 30 days, or 60 days if the request is complex. There is no charge for reasonable access requests.
If you believe any of your personal health information is inaccurate or incomplete, you can request that we correct it. Submit a written request to privacy@medveil.ca describing what you believe is incorrect. We will investigate and respond within 30 days.
You can request deletion of your personal health information in the following circumstances:
Medical records must be retained for a minimum of seven years from your last visit, in compliance with professional standards. Submit deletion requests to privacy@medveil.ca.
You can withdraw consent for us to use or disclose your personal health information at any time. However, this may prevent us from continuing to provide services to you. Email privacy@medveil.ca to withdraw consent.
This Privacy Policy serves as notice of how we collect and use your personal health information. You also consent to collection of health information by completing the intake process.
We take the security of your information seriously. In the unlikely event that there is a breach of your personal health information, we will:
Upon discovery of a breach, we will immediately investigate the scope and cause, secure our systems, and determine what information was affected and whether your privacy has actually been compromised.
If the breach creates a real risk to your privacy, we will notify you in writing within 30 days via email or registered mail to your address on file. The notification will include:
We are required by law to report breaches that create a real risk to your privacy to the Information and Privacy Commissioner of Ontario (IPC). We will comply with this requirement.
If your financial information is compromised in a breach, we will offer you access to free credit monitoring and fraud prevention services for at least two years.
We use cookies and similar technologies to improve your experience on the Medveil website and track how the platform is used. This helps us understand which features are most helpful and identify technical problems.
If your browser sends a "Do Not Track" signal, we honor it by not using third-party analytics or advertising cookies on the Medveil platform.
We use Google Analytics to understand website traffic. Google may collect data about your visit. We have configured Google Analytics to not share data with other Google services and to not use your data for Google's own advertising purposes.
If you have questions about this Privacy Policy, believe we have violated your privacy rights, or want to exercise any of your rights under PHIPA, please contact our privacy team:
Medveil Privacy Team
Email: privacy@medveil.ca
Mail: [Your Legal Business Address], Ontario
We will respond to all privacy inquiries within 30 days.
If you are not satisfied with our response, you have the right to file a complaint with the Information and Privacy Commissioner of Ontario:
Information and Privacy Commissioner of Ontario (IPC)
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Phone: 438-PRIV-IPC (1-800-387-0073)
Website: www.ipc.on.ca
We may update this Privacy Policy from time to time as our practices evolve or as required by law. When we make material changes, we will notify you by email at least 30 days before the change takes effect. Your continued use of the Medveil platform after any changes become effective constitutes your acceptance of the updated Privacy Policy.
The date of the most recent update is shown at the top of this page.
This Privacy Policy was written to comply with the Personal Health Information Protection Act (PHIPA) of Ontario and reflects industry best practices for health information protection. It applies to all residents of Ontario who use the Medveil platform.