Fabric
You're on the list! We'll be in touch when we launch.
Please enter a valid email address.
Something went wrong. Please try again.

Privacy Policy

Effective Date: March 8, 2026

Fabric Labs Inc. (“Fabric,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals whose information is processed through the Fabric platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information and personal health information in connection with our electronic medical record (EMR) services.

This policy applies to Subscribers (healthcare providers), Authorized Users (clinic staff), and to the Patient Data processed on behalf of Subscribers through our platform. This policy does not limit or exclude any rights you may have under applicable law.

1. Applicable Legislation

Fabric Labs Inc. operates in compliance with applicable Canadian privacy legislation, including:

  • The Personal Health Information Protection Act (PHIPA) – Ontario
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) – Federal
  • Applicable provincial privacy and health information statutes as relevant to each Subscriber’s jurisdiction

We are committed to maintaining compliance with applicable standards and any certification requirements as our platform evolves.

2. Information We Collect

2.1 Subscriber and User Account Information

When you register for and use the Services, we collect:

  • Name, professional credentials (e.g., CPSO registration number), and contact information of Authorized Users
  • Clinic name, address, billing information, and administrative contact details
  • Login credentials (passwords are stored in hashed form and never in plaintext)
  • Usage logs, session data, and audit trail information for security and compliance purposes

2.2 Patient Data

As an agent of Health Information Custodians, we process Patient Data as directed by Subscribers. This may include:

  • Patient demographics, contact information, and health card numbers
  • Clinical notes, encounter records, diagnoses, and treatment plans
  • Laboratory results (including OLIS-delivered results), referral letters (HRM), and diagnostic imaging
  • OHIP billing information and claims data
  • Medications, allergies, immunizations, and preventive care records
  • Correspondence and communications transmitted via secure messaging

2.3 Automatically Collected Technical Data

We automatically collect certain technical information to operate and improve the Services, including IP addresses, browser type and version, operating system, device identifiers, session timestamps, pages visited, and error logs. This information is used for security monitoring, performance optimization, and diagnosing technical issues.

2.4 AI-Assisted Feature Data

When you use AI-assisted features (such as clinical documentation or inbox summarization), interaction data may be processed to generate outputs. We do not use identifiable Patient Data to train our AI models without explicit Subscriber consent.

3. How We Use Your Information

3.1 Service Delivery

We use collected information to provide and operate the Platform, process clinical workflows including billing, referrals, and lab results, send notifications and reminders as configured by Subscribers, and maintain audit logs for accountability and regulatory compliance.

3.2 Platform Improvement

We may use de-identified or aggregated data to analyze usage patterns, diagnose technical issues, and improve the functionality and performance of the Platform. Any such use will not involve identifiable Patient Data unless explicitly authorized.

3.3 Communications

We use contact information to send service-related communications, security alerts, and product updates. Marketing communications are only sent to Subscribers and Authorized Users who have opted in and may be withdrawn at any time.

4. How We Share Your Information

Fabric Labs Inc. does not sell, rent, or trade personal information or Patient Data. We may share information only in the following circumstances:

4.1 With Your Direction

We share Patient Data with third-party systems (such as OLIS, HRM, pharmacies, or specialists) only as directed by Subscribers in the course of clinical care.

4.2 Service Providers

We engage trusted sub-processors (such as cloud hosting providers and communication services) who are contractually obligated to process data only on our behalf and in accordance with applicable privacy law. A list of our sub-processors is available upon request.

We may disclose information where required by law, court order, or regulatory authority, or where necessary to prevent fraud, protect the safety of any person, or enforce our legal rights. We will, where permitted by law, notify affected Subscribers of such disclosures.

4.4 Business Transactions

In the event of a merger, acquisition, or sale of assets, Patient Data and personal information would only be transferred to a successor who is bound by obligations at least as protective as those in this policy and under applicable privacy legislation.

5. Data Retention

We retain Patient Data and Subscriber records for as long as necessary to provide the Services and meet legal, regulatory, and contractual obligations. Under PHIPA and applicable regulations, health records must generally be retained for a minimum of 10 years from the last date of care, or until a patient reaches the age of 18 (whichever is later). Upon termination of a subscription, data will be made available for export for 30 days, after which it will be securely deleted in accordance with applicable law.

6. Data Security

Fabric Labs Inc. implements industry-standard technical, administrative, and physical safeguards to protect personal information and Patient Data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication
  • Comprehensive audit logging of all access to Patient Data
  • Regular vulnerability assessments and security monitoring
  • Hosting within Canadian data centres to maintain data residency within Canada

In the event of a privacy breach, Fabric Labs Inc. will notify affected Subscribers and, where required by law, report to the applicable privacy commissioner, in accordance with PHIPA and PIPEDA breach notification requirements.

7. Data Residency

All Patient Data and personal health information is stored and processed within Canada. We do not transfer Patient Data to jurisdictions outside Canada without the explicit written consent of the applicable Subscriber and compliance with applicable cross-border data transfer requirements.

8. Your Rights

8.1 Access and Correction

Subscribers and Authorized Users may access, update, or correct their account information directly within the Platform. Requests to correct Patient Data are handled by the Subscriber as the Health Information Custodian, with Fabric Labs Inc. providing technical support as required.

8.2 Patient Rights

Patients seeking access to their health records should contact their healthcare provider (the Subscriber) directly. Fabric Labs Inc. will cooperate with Subscribers to facilitate any legally required patient access requests.

Where processing is based on consent, you may withdraw consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal.

9. Cookies and Tracking

Our web platform uses cookies and similar tracking technologies for session management, security, and performance analytics. Strictly necessary cookies are required for the Platform to function. Analytics cookies are used to understand how the Platform is used and may be disabled through your browser settings. We do not use advertising or cross-site tracking cookies.

10. Children’s Privacy

The Services are not directed at children and are designed exclusively for licensed healthcare professionals and administrative personnel. Patient records for minors are processed exclusively at the direction of Subscriber healthcare providers, who bear responsibility for compliance with applicable consent and capacity requirements.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to Subscribers via email or in-platform notice at least 30 days before taking effect. The current version of this policy will always be available on our website.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Fabric Labs Inc.
Privacy Officer
Email: [email protected]
Website: fabricemr.com

You also have the right to lodge a complaint with the applicable privacy commissioner: the Office of the Information and Privacy Commissioner of Ontario (IPC) or the Office of the Privacy Commissioner of Canada (OPC).