Klinifai, Inc. – Terms of Service
Last updated: September, 20, 2025
**By creating a Klinifai account or clicking “I Agree,” you (the “Clinic” or “Health Information Custodian”) acknowledge and agree to these Terms and Klinifai’s Data Processing Agreement. If you do not agree, do not use Klinifai’s services.
1. Purpose
Klinifai, Inc. (“Klinifai,” “we,” “our,” “us”) provides software that records and transcribes patient–provider interactions and generates clinical notes and templates.
When using Klinifai for patients, you act as a Health Information Custodian (HIC) under the Personal Health Information Protection Act, 2004 (PHIPA), and Klinifai acts as your agent / service provider.
2. Role of the Parties
- You (the Clinic/HIC): remain the custodian and controller of all Personal Health Information (PHI).
- Klinifai: acts solely as your agent and processes PHI only to provide the agreed services. Klinifai does not sell, rent, or use PHI for unrelated purposes.
3. Information Processed
Klinifai processes the following information on your behalf:
- Audio recordings of clinical conversations.
- Transcripts and structured notes generated from recordings.
- Metadata (timestamps, access logs).
- De-identified, anonymized metadata about procedures and techniques used, which may be used to train and improve Klinifai’s models.
All personal identifiers are removed before model training.
4. Safeguards
Klinifai maintains administrative, technical, and physical safeguards consistent with industry standards and PHIPA/PIPEDA requirements, including:
- Encryption in transit (TLS 1.2/1.3) and at rest (AES-128).
- Access controls and authentication measures.
- Logging and audit trails.
- Secure deletion and retention policies.
5. Cross-Border Data Flows
Klinifai uses infrastructure and sub-processors (e.g., Amazon Web Services and OpenAI) that may store or process data in the United States.
While information is outside Canada, it may be subject to the laws of the foreign jurisdiction. Klinifai ensures through contractual and technical measures that comparable protection is maintained in line with
PIPEDA and
PHIPA.
6. Breach Notification
If Klinifai becomes aware of any unauthorized access, loss, or disclosure of PHI, we will:
- Notify you (the HIC) at the first reasonable opportunity.
- Provide sufficient details to support your legal obligations to notify affected individuals and the
Information and Privacy Commissioner of Ontario (IPC).
7. Retention & Deletion
- PHI is retained only as long as necessary to provide services or as directed by you.
- Upon termination or request, PHI will be securely deleted or returned.
- Klinifai may retain
anonymized, non-identifiable data for analytics and service improvement, which cannot be linked to an individual.
8. Sub-Processors
Klinifai may use trusted sub-processors (e.g., AWS, OpenAI) to deliver the service. Klinifai ensures these vendors provide comparable protection through contractual terms and technical safeguards.
A current list of sub-processors is available upon request.
9. Compliance with Law
Both parties agree to comply with PHIPA, PIPEDA, and any other applicable privacy legislation governing personal health information.
10. Limitation of Liability
To the maximum extent permitted by law, Klinifai’s liability under these Terms shall not exceed the fees paid by the Clinic for the six (6) months preceding the event giving rise to the claim. Klinifai shall not be liable for indirect, consequential, or punitive damages.
11. Termination
Either party may terminate the agreement by closing the Clinic account or providing written notice. Upon termination, Klinifai will delete PHI per Section 7.
12. Acceptance
By checking the box or clicking “I Agree,” you acknowledge that:
- You have read and understood these Terms.
- You have the authority to bind your organization (Clinic/HIC).
- You agree to be bound by these Terms and Klinifai’s Privacy Policy.
