Last updated: February 17, 2026
This Privacy Policy is a legal notice that explains how slashMD Inc. and its affiliates (collectively, "slashMD", "we", "us", or "our") collect, use, disclose, protect, and retain personal information when individuals access or use the slashMD website, applications, APIs, and related services (collectively, the "Services").
This Policy is intended to support compliance with applicable Canadian privacy requirements, including Ontario's Personal Health Information Protection Act (PHIPA), and to reflect a security program designed to align with ISO/IEC 27001 and ISO/IEC 27002 control expectations.
This Policy applies to personal information processed in connection with the Services, including information provided directly by users, information generated through account and platform usage, and information processed by our contracted subprocessors under documented instructions. This Policy does not apply to third-party sites, tools, or services that are not controlled by slashMD, even when referenced from within the Services.
Where legal terminology differs across jurisdictions, this Policy shall be interpreted in a manner consistent with applicable law and the operational role slashMD performs for the relevant data set, including processor or service-provider functions where users or organizations determine the purposes of use.
slashMD operates a medical education and clinical support platform and generally functions as an information service provider and technology processor. Unless expressly agreed in writing for a specific workflow, slashMD is not acting as the Health Information Custodian for patient care records and does not assume custodial clinical decision-making responsibilities.
Users and customer organizations remain responsible for determining what data is entered into the Services, confirming they have lawful authority to use that data, and satisfying their own statutory and professional record-management duties. slashMD provides contractual, technical, and organizational controls intended to support those obligations.
We collect information required to provision accounts, maintain platform security, provide requested functionality, and meet legal obligations. Categories generally include account identifiers, organization and role metadata, authentication and session events, user-generated workspace materials, support communications, and operational telemetry required for service reliability.
The Services are designed using data minimization principles. slashMD does not require identifiable patient information to use core product functionality and does not intentionally solicit unnecessary sensitive personal data.
slashMD processes personal information to authenticate users, enforce role-based access controls, deliver and secure product features, provide customer support, investigate misuse, maintain auditability of privileged operations, and improve performance through aggregate or de-identified analytics where appropriate.
slashMD does not sell personal information and does not use identifiable personal or clinical free-text content for advertising profiling. We do not use identifiable user-submitted clinical text to train generalized models for unrelated commercial purposes.
Where required, slashMD relies on user consent, contractual necessity, compliance with legal obligations, and legitimate interests in security, fraud prevention, and service continuity. By using the Services, users acknowledge that processing may be required for account integrity and operational security even where optional product preferences are disabled.
Users may withdraw consent for optional processing activities where such withdrawal is legally available; however, withdrawal does not invalidate processing already performed lawfully and may limit access to features that depend on the affected information.
slashMD discloses personal information only where necessary to operate the Services, comply with law, protect rights and safety, or complete a lawful corporate transaction. Authorized subprocessors are contractually bound to confidentiality, security safeguards, and use limitations consistent with the purpose for which data was provided.
When disclosure is compelled by statute, regulation, subpoena, court order, or regulatory authority, slashMD will limit disclosure to what is legally required and, where permitted, document and communicate the disclosure through appropriate channels.
Personal information may be processed or stored in jurisdictions outside a user's province or country, including jurisdictions where lawful access rights of public authorities differ from local standards. slashMD applies transfer safeguards, contractual controls, and risk-based security measures intended to provide a comparable level of protection.
slashMD maintains layered administrative, technical, and physical controls designed to protect confidentiality, integrity, and availability. These controls include encryption in transit with TLS 1.2 or higher, encryption at rest through managed infrastructure controls, role-based access governance, audit logging for security-sensitive operations, and formal incident response procedures.
Our architecture is designed so authentication tokens are managed using server-side session controls rather than browser token persistence, and so PHI, clinical free text, and user-entered sensitive text are not intentionally persisted in browser localStorage, sessionStorage, IndexedDB, or filesystem caches as part of normal platform operation.
slashMD retains personal information only for as long as reasonably necessary to provide the Services, enforce contractual rights, resolve disputes, satisfy audit and compliance obligations, and meet statutory retention requirements. Retention periods may differ by data category, legal obligation, and documented customer instruction.
When retention obligations expire, information is deleted or irreversibly de-identified using methods appropriate to the storage medium and risk profile, subject to backup lifecycle constraints and lawful preservation requirements.
Subject to applicable law, individuals may request access to personal information, correction of inaccuracies, information regarding disclosure practices, and deletion of account information where no overriding legal basis for retention exists. Requests may require identity verification and may be limited where disclosure would infringe the rights of others or violate legal restrictions.
Where slashMD acts as a processor for an institutional customer, requests may be referred to the relevant customer or custodian responsible for the underlying record in accordance with contractual and statutory obligations.
slashMD maintains a documented incident response process for triage, containment, eradication, recovery, and post-incident corrective action. Where a privacy or security breach creates a legal notification duty, slashMD will issue required notifications within timelines mandated by applicable law and contractual commitments.
The Services are intended for professional and adult users and are not directed to children under the age of majority in their jurisdiction. slashMD does not knowingly collect personal information from children through the Services.
slashMD may revise this Privacy Policy to reflect legal, regulatory, operational, or technical changes. Updated versions will be posted within the Services and become effective on the stated revision date unless a later effective date is specified.
Privacy questions, access requests, and complaints may be directed to the slashMD Privacy Officer at privacy@slashmd.com. Where concerns remain unresolved, individuals may also contact the Information and Privacy Commissioner of Ontario or another competent supervisory authority, as applicable.
Last updated: February 17, 2026
These Terms of Service ("Terms") form a legally binding agreement between you and slashMD Inc. ("slashMD", "we", "us", or "our") governing your access to and use of the slashMD website, applications, APIs, and related services (collectively, the "Services").
By accessing or using the Services, you confirm that you have read, understood, and agree to be bound by these Terms and any incorporated policies, including the Privacy Policy and PHIPA Compliance Statement.
You represent that you are at least 18 years of age, have legal capacity to enter into this agreement, and will use the Services only for lawful purposes consistent with professional and regulatory obligations applicable to you. If you use the Services on behalf of an entity, you represent that you have authority to bind that entity to these Terms.
slashMD is a medical education and clinical support platform intended to assist professional workflows. The Services do not provide diagnosis or treatment, do not establish a provider-patient relationship, and do not replace independent clinical judgment, institution-specific policy requirements, or legal standards of care.
You are responsible for maintaining accurate account information, safeguarding credentials, and controlling access to your account. Authentication and multi-factor challenges may be provided through a trusted identity provider. You must promptly notify slashMD of unauthorized access, suspected compromise, or misuse associated with your account.
You acknowledge that security controls, including MFA requirements, session controls, and device trust policies, may be updated to address evolving risk and compliance requirements.
You shall not use the Services to violate law, infringe rights, compromise security, interfere with platform operation, or transmit malicious code. You shall not attempt to bypass access controls, probe vulnerabilities without authorization, reverse engineer restricted components, or use automated methods to extract data in a manner inconsistent with permitted use.
Where you input regulated or sensitive information, you remain responsible for ensuring lawful authority, minimum necessary use, and compliance with all professional confidentiality duties.
You retain ownership of content you submit or create through the Services ("User Content"). You grant slashMD a non-exclusive, limited, revocable license to host, process, transmit, and display User Content solely as necessary to operate, secure, maintain, and improve the Services in accordance with these Terms and applicable law.
You represent that you have all rights required to provide User Content and that such content does not violate law, contract, or third-party rights.
Use of the Services is subject to the Privacy Policy and PHIPA Compliance Statement, each of which forms part of these Terms. You agree to use the Services in a manner consistent with applicable privacy law, including PHIPA and other requirements relevant to your jurisdiction and professional context.
The Services may interoperate with third-party products, links, infrastructure providers, or identity services. slashMD does not control third-party terms, security posture, or availability and is not responsible for losses caused solely by third-party services outside slashMD's reasonable control.
If paid subscriptions or premium features are offered, pricing, billing cadence, renewal terms, and applicable taxes will be disclosed before purchase. Unless otherwise stated in writing, subscriptions renew automatically for successive periods and may be cancelled in accordance with the applicable plan terms.
slashMD may modify pricing or plan packaging on prospective basis with reasonable notice. Non-payment may result in suspension or restricted access.
slashMD may suspend, restrict, or terminate access where required to protect security, comply with law, prevent misuse, enforce these Terms, or respond to material risk. You may terminate your account at any time, subject to outstanding financial obligations and lawful retention requirements.
Except for User Content and third-party materials, all rights in the Services, including software, interface design, trademarks, and documentation, are owned by slashMD or its licensors and are protected by intellectual property law. No rights are granted except as expressly stated in these Terms.
To the maximum extent permitted by law, the Services are provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or error-free operation.
To the maximum extent permitted by law, slashMD and its directors, officers, employees, and affiliates shall not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, loss of profits, loss of data, or loss arising from clinical decision outcomes, even if advised of the possibility of such damages.
Where liability cannot be excluded, slashMD's aggregate liability for all claims arising out of or relating to the Services shall be limited to the amount paid by you to slashMD for the Services in the twelve months preceding the event giving rise to liability, or one hundred Canadian dollars (CAD $100) where no fees were paid, unless applicable law requires a greater minimum.
You agree to defend, indemnify, and hold harmless slashMD from claims, liabilities, damages, costs, and reasonable legal fees arising from your use of the Services, your User Content, your breach of these Terms, or your violation of law or third-party rights.
slashMD may modify, suspend, or discontinue all or part of the Services, and may update these Terms to reflect operational, legal, or regulatory changes. Updated Terms become effective on posting unless a later date is stated. Continued use after the effective date constitutes acceptance of the revised Terms.
These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. Unless otherwise required by non-waivable law, the parties attorn to the exclusive jurisdiction of the courts of Ontario for disputes arising from these Terms.
Legal notices and Terms-related questions may be sent to legal@slashmd.com. Privacy matters should be directed to privacy@slashmd.com in accordance with the Privacy Policy.