Login

Privacy Policy

Last Updated February 12, 2025

Bisiuss is committed to protecting the privacy and security of our users’ personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy outlines how we collect, use, and safeguard the personal information you provide when using our website and platform.

Data Collection and Usage

We collect only the personal information necessary to provide and improve our services. Examples include contact details, payment information, and information provided through support interactions. If you are a healthcare provider, we may also process Protected Health Information (PHI) as part of our services, in compliance with HIPAA.

How We Use Data

•Internal operations, such as customer communication, feedback collection, and support ticket resolution.

•Secure payment processing via Stripe, which is PCI DSS compliant.

•Storage of data on AWS servers, which are SOC 2 Type 2 certified and ISO 27001 compliant.

We never sell or share personal information with unauthorized third parties.

Third-Party Sharing

We may share user data only in the following cases:

1. Payment Processing:

Payment information is securely processed by Stripe.

2. API Integrations:

Information shared from external platforms (e.g., Google, Facebook, Instagram) occurs through their APIs and is not shared with third parties.

3. Compliance Requirements:

If legally required, we may disclose data to authorities to comply with regulations or legal obligations.

For healthcare-related data, all third-party vendors and subcontractors are required to sign Business Associate Agreements (BAAs) to comply with HIPAA regulations.

Data Retention and Storage

User data is securely stored on AWS servers. Data is retained only as long as necessary to:

• Fulfill service delivery.

• Comply with legal, regulatory, and contractual obligations.

Protected Health Information (PHI) is stored and disposed of in accordance with HIPAA’s Privacy and Security Rules.

When data is no longer required, we ensure its secure deletion through methods such as encryption shredding or data wiping.

User Rights

As part of our commitment to transparency, users have the following rights regarding their personal information:

• Access: Request a copy of the data collected about them.

• Rectification: Request corrections to any inaccurate or incomplete personal data.

• Erasure: Request the deletion of personal data, subject to legal retention requirements.

• Portability: Receive personal data in a structured, machine-readable format and transfer it to another controller.

For healthcare-related users, these rights extend to PHI, as stipulated under HIPAA.

Security Measures

We employ robust measures to ensure the confidentiality, integrity, and availability of personal information:

• Access Controls: Two-factor authentication (2FA) and OTP codes are required for platform access.

• Data Encryption: All data, including PHI, is encrypted during storage and transmission.

• Server Security: AWS servers are protected by advanced firewalls, intrusion detection systems, and access logging.

• Website Security: DNS encryption and premium security features protect against unauthorized access and hacking attempts.

Regular audits are conducted to ensure ongoing compliance with PIPEDA, HIPAA, and other relevant security standards.

HIPAA Compliance

For users in the healthcare sector, Bisiuss complies with HIPAA by:

• Limiting access to PHI to authorized personnel only.

• Implementing physical, administrative, and technical safeguards.

• Signing BAAs with all third-party service providers involved in handling PHI.

Contact Us

For questions or concerns regarding this policy, or to exercise your privacy rights, please contact our Privacy Officer:

Email:

[email protected]

Phone:

(604) 259-1131‬

We reserve the right to update this policy to reflect changes in our practices, technologies, or legal requirements. Users will be notified of significant updates through our platform.