Myon HealthMyon HealthSign in

Privacy Policy

Effective Date: May 1, 2026

1. Introduction

This Privacy Policy explains how Myon Health Technology (“we”, “us”, “our”) collects, uses, stores, shares, and protects personal information when you download or use our mobile application available on the Google Play Store (the App). It also describes your choices and rights regarding that information and the steps you can take to access, correct, or delete your data.

2. Data Controller and Contact

Data Controller: Myon Health Technology
Contact email: info@myonhealth.ca
Mailing address: Saskatoon, Saskatchewan, Canada

For privacy questions, data requests, or to report a suspected breach, contact us at the email above.

3. Data We Collect

3.1 Physician Facing

We store the following physician-related fields when the App is used for physician workflows:

  • Patient's HSN
  • Patient name
  • Patient date of birth (DOB)
  • Patient sex
  • Physician name
  • Physician number for billing
  • Physician clinical address
  • Physician group number

Retention: Physician data is retained for exactly 1 year from the date it is stored, unless a different retention period is required by law. After 1 year we will securely delete or deidentify the physician-related records in accordance with our data retention procedures and applicable law.

3.2 Patient Facing

On the patient-facing side of the App we store:

  • AI transcription summaries and recorded content, including the text and AI-generated summaries produced from audio or text you record or upload.
  • Signup personal information: name, email address, phone number, location.
  • Names and email addresses of people you choose to share your data with (shared recipients).

Retention: This patient-side information is stored until you close your account, or until you remove a shared email address from your account, in which case the removed shared email and its association are deleted. If you close your account, we will delete your account data except where retention is required by law; see Section 6 for step-by-step deletion instructions.

4. Purpose of Processing

We process the data above to:

  • Provide the App's core features, including recording, transcription, storage, sharing, and physician workflows.
  • Generate AI-assisted summaries and insights for your records.
  • Enable sharing with designated healthcare providers, caregivers, or third-party services you authorize.
  • Support billing and clinical workflows where physician data is required.
  • Improve and develop the App and our services.
  • Comply with legal obligations and respond to lawful requests.

5. Legal Bases for Processing

Where applicable, we rely on the following legal bases:

  • Consent: For processing that requires your explicit permission, such as recording and AI transcription features and sharing with third parties.
  • Performance of a contract: To provide the App and its features you request.
  • Legal obligation: To comply with laws and regulatory requirements.
  • Legitimate interests: For security, fraud prevention, and improving our services, balanced against your rights.

6. Retention, Deletion, and Google Play Requirements

Physician data retention: Physician fields listed in Section 3.1 are retained for 1 year. After 1 year we delete or deidentify the data.

Patient-side retention: Patient-side data, including AI transcriptions, signup info, and shared recipient names/emails, is retained until you close your account or until you delete a shared email. When you delete a shared email, the association and stored copy of that shared recipient entry are removed immediately.

Account deletion steps

  1. Open the App and sign in.
  2. Go to Settings > Account > Delete Account.
  3. Follow the on-screen prompts and confirm deletion.
  4. After confirmation we will begin deletion of your account data; deletion is completed within 30 days except where legal obligations require longer retention.
  5. You will receive an email confirmation when deletion is complete.

How to remove a shared email

  1. Sign in to the App.
  2. Go to Sharing or Connections in your account settings.
  3. Locate the person's name or email you want to remove.
  4. Select Remove or Revoke access.
  5. The shared email and its association will be deleted immediately.

Google Play explicit statements: We retain user data as described above and provide users with in-app controls to delete their account and to remove shared recipients. We will honor Google Play's data deletion and user data requests and will respond to lawful requests for data removal in accordance with applicable law.

7. Sharing and Disclosures

  • Subprocessors and service providers: We may share data with subprocessors, such as cloud hosting, analytics, and transcription providers. Subprocessors are contractually required to implement equivalent safeguards and may only process data for the purposes we specify.
  • Healthcare providers and caregivers: When you designate a provider or caregiver, we share the data you authorize with them.
  • Research and deidentified data: We may use deidentified or aggregated data for research and product development. Deidentified data will not include PHI or direct identifiers unless you give explicit consent. See our Terms for details on deidentification and commercial use.
  • Legal requests: We may disclose data to comply with legal obligations, court orders, or to respond to lawful government requests.
  • Business transfers: If we merge, are acquired, or sell assets, user data may be transferred as part of that transaction under confidentiality and data protection obligations.

8. Security Measures

We implement administrative, technical, and physical safeguards including:

  • Encryption in transit and at rest.
  • Access controls and authentication, including role-based access and least privilege.
  • Audit logging and monitoring.
  • Secure development practices and regular security assessments.
  • Contractual controls for subprocessors and background checks for personnel with access to PHI.

We strive to protect your data but cannot guarantee absolute security. We will notify affected users and authorities of breaches in accordance with applicable law.

9. International Transfers

Your data may be stored and processed in Canada, the United States, or other countries where our subprocessors operate. When we transfer data across borders we use contractual safeguards and other measures required by applicable law to protect your information.

10. User Rights and How to Exercise Them

Depending on your jurisdiction, you may have rights to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Withdraw consent for processing that relies on consent.
  • Opt out of research and development uses of your deidentified data.
  • Restrict or object to certain processing.

To exercise any right, contact info@myonhealth.ca. We will verify your identity before fulfilling requests and respond within the time required by law.

11. Research, Development, and Commercial Use of Deidentified Data

We may use deidentified or aggregated data to improve the App, support research, and develop products. Deidentified data may be shared with or sold to third parties for commercial purposes. We will not share PHI or direct identifiers for research without explicit consent unless permitted by law. See our Terms for more details.

Opt-out: To opt out of having your deidentified data used for research and development, contact info@myonhealth.ca and follow the opt-out procedures in your account settings.

12. Data Safety Form Mapping for Google Play

Data typeCollectedShared with third partiesEncrypted in transitEncrypted at rest
Identifiers (name, email, phone)YesYes; with providers you authorizeYesYes
Health and medical info (AI transcriptions, summaries)YesYes; with providers you authorize; deidentified for R&DYesYes
Patient HSN, DOB, SexYes (physician piece)Yes; with authorized providers and subprocessorsYesYes
Physician billing info, address, group numberYes (physician piece)Yes; with authorized billing/clinical partnersYesYes
Contacts (shared recipient names/emails)YesYes; only as you authorizeYesYes

13. Children's Policy

The App is not intended for children under the age of majority in their jurisdiction. We do not knowingly collect personal information from children without parental consent. If you believe we have collected information from a child in violation of this policy, contact info@myonhealth.ca and we will take steps to remove the data.

14. AI-Generated Content Disclaimer

The App may produce AI-generated summaries or insights from your recordings or records. AI outputs may be inaccurate or incomplete and are provided for informational purposes only. They do not constitute medical advice. Always consult a qualified healthcare professional for medical decisions. This aligns with our Patient Consent and Terms.

15. Changes to This Policy

We may update this Privacy Policy. When we do, we will post the revised policy with a new Effective Date. Continued use of the App after changes indicates acceptance of the updated policy.

16. How to Contact Us

Email: info@myonhealth.ca
Mail: Myon Health Technology, Saskatoon, Saskatchewan, Canada

For privacy requests, including access, correction, deletion, or opt-out requests, email info@myonhealth.ca. We will verify your identity and respond in accordance with applicable law.