Biftoo

Privacy Policy

Biftoo Labs Inc. · Last Updated: February 2026

1. Introduction

Welcome to Biftoo ("we," "our," or "us"). Biftoo Labs Inc. is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare SaaS platform and related services.

2. Data Residency & Sovereignty

We are committed to data sovereignty and compliance with local regulations regarding data residency.

  • Canadian Data: Information pertaining to Canadian entities and individuals is stored and processed exclusively within data centers located in Canada.
  • US Data: Information pertaining to US entities and individuals is stored and processed exclusively within data centers located in the United States.

We strictly adhere to data routing rules to ensure Protected Health Information (PHI) and Personally Identifiable Information (PII) do not cross borders irrespective of compliance requirements.

3. Business Associate Agreements (BAA)

We maintain robust Business Associate Agreements (BAA) with our cloud infrastructure providers and all relevant sub-processors. Where we process or store protected health information (PHI), these relationships are governed by executed BAAs, which mandate appropriate safeguards, encryption standards, and breach notification obligations in strict accordance with HIPAA and other applicable health privacy regulations.

4. Encryption & Security Standards

We utilize enterprise-grade security measures to ensure the confidentiality and integrity of your data:

  • At Rest: All data is encrypted using AES-256 standards.
  • In Transit: Data transmission is protected using TLS 1.3 (or equivalent high-security protocols).
  • Monitoring: We employ continuous automated threat monitoring and infrastructure reliability protocols.

5. Information We Collect

To provide our services, we may collect the following types of information:

  • Account Information: Name, email address, phone number, and organization details.
  • Authentication Data: Secure tokens and login credentials (e.g., via Google Sign-In).
  • Client/Patient Data: Data entered into the platform for processing. In this capacity, we act as a Data Processor acting solely on your instructions.
  • Usage Logs: Audit trails and system logs required for security, troubleshooting, and compliance.

6. How We Use Your Information

We use your information to operate our service, improve platform performance, comply with legal obligations, and communicate with you.

Communication Consent:

By providing your contact information, you consent to receive transactional notifications, including appointment reminders, security alerts, and system updates. You may opt-out of non-essential communications at any time by replying STOP or contacting support. Standard message and data rates may apply.

Data Sharing & Third Parties:

We do not sell, rent, or share personal information or patient data with third parties for marketing or promotional purposes. SMS opt-in data and communication consent will not be shared with any third parties under any circumstances.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our public website (https://biftoo.com) and within our platform to analyze traffic, maintain user sessions, and improve platform functionality. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

8. Children's Privacy

Our platform is not directed at children under the age of 13 (US) or under applicable age thresholds for consent in Canada. We process the personal or health data of minors solely under the direction, explicit consent, and authorization obtained by the Healthcare Provider (the clinic), who acts as the Data Controller under applicable laws like COPPA and PIPEDA.

9. Third-Party Infrastructure

We utilize industry-leading cloud infrastructure providers, authentication services, and PCI-DSS compliant payment processors to support our platform. All third-party providers are vetted for strict security and privacy compliance standards. We do not store raw payment card information; all financial transactions are processed via secure tokens.

10. Your Rights

Depending on your jurisdiction, you have specific rights regarding your data:

  • Access & Correction: The right to access your data and request corrections.
  • Portability: The right to request a copy of your data in a structured format.
  • Deletion: The right to request the deletion of your personal information. Note: Certain medical and patient data may be exempt from deletion requests due to mandatory legal retention periods for healthcare records.

How to Exercise These Rights: Patients must contact their Healthcare Provider (the clinic) directly to request data deletion or modification, as the clinic is the legal custodian of the medical record. Clinic users and account owners may exercise their rights directly within the platform or by emailing our Privacy Officer. Canadian users have rights protected under PIPEDA, and US users are protected under HIPAA and applicable state laws.

11. Contact Us

For privacy-related inquiries, data requests, or compliance questions, please contact us:

Biftoo Labs Inc.
Suite 314 - 5204 Dalton Dr NW, Calgary, AB, Canada

Email: privacy@biftoo.com
Phone: 1-833-811-9862