Medi-Aide processes personal information on behalf of agencies that subscribe to the platform. This document summarizes how data is governed across the workspace.
Last updated: May 2026
For most personal information processed in the workspace, the subscribing agency is the controller (or equivalent), and Medi-Aide is the processor. The agency is responsible for the lawful basis of collection; Medi-Aide is responsible for processing the data as instructed.
Workspaces are configured to collect only what the agency needs to operate. Optional fields are clearly marked. WellArc™ check-ins are opt-in and aggregated by default.
Retention policies are configurable per workspace within the bounds set by Medi-Aide and applicable law. Audit trails are retained to support defensibility.
Where individuals exercise data subject rights (access, correction, deletion, portability), Medi-Aide supports the agency in responding through configured workflows.
Medi-Aide is configured to host Canadian customer data in jurisdictions that align with Canadian privacy expectations. Subprocessors are listed in the Subprocessors document.
Customers may request a Data Processing Addendum (DPA) covering processor obligations, security controls, breach notification, and subprocessor governance.