Privacy Policy

EdEHR Privacy Policy

Last updated: January 4, 2024  |  Previous updates: January 14, 2023; May 4, 2022

This Privacy Policy explains how EdEHR Technologies Inc. ("EdEHR", "we", "us") protects personal information when you visit our website athttps://edehr.org and any subdomains, or when you use the EdEHR platform and related services (the "Services").

Information processed on our website

We do not store personal information when you simply browse our public website. Like most websites, we collect basic access logs such as IP address, browser type, and operating system to operate the Services securely, maintain reliability, and mitigate malicious traffic.

Information collected when using EdEHR

We intentionally limit the personal data we collect. Learners only see their own coursework and submissions as authorized by their institution. Instructors can see the work related to assignments they are permitted to access, and may collaborate on content built within their institution.

Demonstration environment

If you explore our demonstration environment, we collect only the details you enter while completing the sample activities. This data may be purged periodically. Avoid entering personally identifiable information unless you do so voluntarily.

Data retention

We may remove older data from time to time, typically data that is more than two years old, unless required for regulatory or contractual reasons.

Sharing your personal data

EdEHR does not sell or share personal information with third parties. All data transmitted between your browser and the Services is encrypted.

Data residency is managed to match regional requirements:

  • Canadian users: data is processed and stored in Canada.
  • American users: data is processed and stored in the United States.
  • European users: data is processed and stored in the European Union, with limited processing in Canada when required to deliver the Services.

Data security

We apply technical, administrative, and physical safeguards to protect information, but no internet service can guarantee absolute security. By using the Services you acknowledge that residual risks exist. The most current version of this Policy will always be available on this page, and we encourage you to review it regularly for updates.

Privacy breach response plan

Institutions using EdEHR provide designated contacts for potential privacy incidents. If a breach is suspected, EdEHR will immediately coordinate with those contacts and act according to the steps below:

  1. Contain and investigate the incident, including temporarily shutting down affected services if required.
  2. Notify the designated institutional contacts to maintain transparency and coordinate remediation.
  3. Work with institutions to assess risk to individuals and reduce potential harm.
  4. Restore services safely after completing required corrective actions.
  5. Review the incident thoroughly and implement improvements to prevent recurrence.
  6. Share post-incident findings with affected institutions.

Policy changes

We may update this Privacy Policy at any time. Changes take effect once published on this page. Your continued use of the Services constitutes acceptance of the current wording.