Home

Privacy Policy

Last updated: May 2026

Elevation Technology Labs Inc. (“Elevation Technology Labs”, “Joud AI”, “Joud”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us. This Privacy Policy describes how we collect, use, store, disclose, and protect personal information when you access our websites (elevationlabs.io, joudhealth.ai) or use our clinical-grade AI voice agent, in-clinic patient kiosks, and related operational services (collectively, the “Services”), in compliance with Alberta’s Health Information Act (HIA), Personal Information Protection Act (PIPA), Canada’s Anti-Spam Legislation (CASL), and other applicable privacy legislation. If we provide services to individuals outside Alberta or Canada, international frameworks such as the General Data Protection Regulation (GDPR) may also apply.

Elevation Technology Labs Inc. acts as a service provider / data processor to healthcare practitioners, who remain the data custodians of patient records under applicable healthcare privacy laws.

1. Introduction & Scope

Elevation Technology Lab’s Joud AI product provides a clinical-grade AI voice agent and automated workflow platform designed specifically for healthcare environments, including primary care clinics, specialty clinics, and allied health practices. Our Services support operational tasks such as:

  • Answering inbound clinic phone calls.
  • Appointment booking, cancellations, and rescheduling.
  • In-clinic patient check-in and intake registration via localized kiosks.
  • Administrative queue monitoring and call tracking via secure dashboard interfaces.

2. Information We Collect

2.1 Website Information

  • Information You Provide Voluntarily: When you interact with our website (e.g., contact forms, demo requests, waitlists), we may collect your name, email address, phone number, clinic or organization name, and any information you include in your message.
  • Information Collected Automatically: We may automatically collect system telemetry, including your IP address, browser type, operating system, pages visited, interaction patterns, and the date/time of visits. This data is collected using cookies and similar technologies strictly to improve website performance and user experience.

2.2 Healthcare Practitioner & Clinic Information

When a clinic subscribes to Joud, we collect “Account Information” to manage the service, including:

  • Practitioner or clinic administrator names and contact details.
  • Staff dashboard account credentials (which are encrypted using bcrypt and managed securely via a hardened subsystem).
  • Configuration settings for workflows, provider preferences, and integration identifiers.

2.3 Patient Information

Joud AI only processes patient information provided or authorized by the healthcare practitioner. This occurs across two primary interfaces:

  • AI Voice Agent Calls: Caller phone numbers, call timestamps, turn-by-turn text transcripts, automated summaries, intent classification, and any personal health details the caller voluntarily speaks during the call.
  • In-Clinic Patient Kiosks: Patient identity and demographic data (such as name, date of birth, gender, address, contact details, and Health Care Numbers), medical/surgical history (such as chronic conditions or allergies), family/social history, and policy consent acknowledgments.

Important: Joud AI does not independently access patient medical records and does not retrieve data from EMRs unless explicit consent is instructed through an authorized integration.

3. Use of Information

We use information to:

  • Deliver, protect, and operate the core functionalities of our Services.
  • Route inbound clinic interactions and manage appointments.
  • Securely synchronize kiosk intake registrations directly to the clinic’s Electronic Medical Record (EMR) system.
  • Maintain comprehensive, tamper-resistant security logs and audit trails to prevent system abuse.

Protection measures include industry standard encryption methods, access controls and threat monitoring.

4. Legal Basis for Processing

Depending on the jurisdiction, Joud AI only ever processes personal information if the following legal bases are established:

  • Consent – obtained by healthcare practitioners from patients.
  • Contractual Necessity – to deliver Services to clinics.
  • Legitimate Interests – maintaining platform reliability, safety, and usability.
  • Legal Obligations – compliance with applicable healthcare, tax, and security laws.

Healthcare practitioners maintain ultimate responsibility for ensuring appropriate patient consent.

5. Audio Recordings & Voice Data

5.1 AI Voice Agent Calls

  • Calls are processed securely to generate transcripts and structured summaries for clinic staff.
  • Patient voice recordings are retained in accordance with applicable local laws and regulations, and are used solely for quality assurance and to maintain the performance and reliability of the platform. They are never used to train foundation AI models.

5.2 Retention Periods

  • Call Audio: Raw audio files are retained only as long as necessary, in line with applicable local laws and regulations, strictly to support quality assurance, system optimization, and issue resolution.
  • Transcripts & Call Summaries: Retained on secure cloud infrastructure in accordance with applicable local data retention requirements, and may be deleted earlier at the clinic’s request.
  • De-identified Metadata: Aggregated, non-identifying telemetry may be retained for service optimization and operational monitoring.
  • Kiosk Data: Patient-submitted details are securely transmitted to the central database; local tablet and session storage are automatically purged immediately upon check-in completion.

6. Disclosure of Information

We disclose personal information only to compliant downstream service providers (including cloud hosting platforms, secure database managers, and automated telephony infrastructure) who are contractually obligated to protect it and adhere to strict privacy safeguards.

We do not disclose data to third-party advertising or consumer analytics companies. We disclose information only where explicitly required to do so by applicable law.

7. Data Storage & International Transfers

  • All patient information, persistent database storage, and operational platform compute are strictly hosted and pinned within Canadian cloud regions (Montréal, Quebec).
  • Data transmitted between user interfaces and our servers is fully encrypted and does not reside outside of Canada.

8. Data Security

We implement robust administrative, technical, and physical safeguards to defend your data, including:

  • Strict encryption of all data both in transit (TLS 1.3) and at rest (AES-256).
  • Role-based access controls for clinic staff.
  • Continuous event logging and tamper-resistant audit trails tracking all system-level and EMR-level interactions.

While we employ industry-standard safeguards to secure your data, no method of digital storage or internet-based transmission can ever be guaranteed as entirely immune to risk.

9. Individual Rights and Patient Choices

  • Human Escalation: Joud AI provides an explicit, uninterruptible greeting message at the beginning of every call explaining the automated nature of the system. Patients maintain the right to opt-out and speak with a human staff member at any point.
  • Access and Correction: Because we process data as an Information Manager on behalf of your healthcare clinic, requests to access, delete, or correct medical records must be directed to your clinic’s data custodian. We will fully support the clinic in executing these requests.

10. Breach Notification

Joud AI complies with HIA s.60.1 and OIPC guidance. If personal or health information is lost, stolen, or accessed without authorization and there is a risk of harm, affected clinics/data custodians and the Alberta OIPC will be notified.

11. Changes to this Policy

Joud AI will update this Privacy Policy as laws and practices evolve, including anticipated changes under Canada’s proposed Consumer Privacy Protection Act (CPPA). Users are encouraged to review this Policy regularly as we will publish the changes to our website.

12. Contact Us

If you have questions or concerns about privacy or data handling, contact us at:

Email: privacy@elevationlabs.io