Privacy Policy

Last updated: January 29, 2026

Introduction

UnicornCRM Inc. ("UnicornCRM", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management software and services.

As a Canadian company providing services to healthcare practitioners, we comply with the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable provincial privacy legislation.

Information We Collect

Account Information

When you register for UnicornCRM, we collect:

  • Name and professional credentials
  • Email address and phone number
  • Practice name and address
  • Billing and payment information
  • Professional license numbers (where applicable)

Client Information

Healthcare practitioners using our platform may store client information, including personal health information (PHI). This information is entered and controlled by the practitioner, who remains the custodian of the health information under PHIPA.

Usage Information

We automatically collect certain information when you use our services:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and feature interactions

How We Use Your Information

We use collected information to:

  • Provide and maintain our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions
  • Improve our services and develop new features
  • Comply with legal obligations

Data Storage and Security

All data is stored in Canada. We use Amazon Web Services (AWS) data centers located in the Canada (Central) region to ensure your data never leaves Canadian jurisdiction.

We implement industry-standard security measures including:

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Role-based access controls
  • Comprehensive audit logging

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

  • With your consent
  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • With service providers who assist in operating our platform (under strict confidentiality agreements)

Your Rights

Under Canadian privacy law, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Withdraw consent (subject to legal restrictions)
  • Request deletion of your information
  • Receive a copy of your data in a portable format

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Healthcare practitioners should be aware of their own obligations regarding health record retention under applicable regulations.

Upon account termination, we will retain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements, after which it will be securely deleted.

Cookies and Tracking

We use essential cookies to operate our services. We do not use third-party advertising cookies. You can control cookie settings through your browser preferences.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Email: privacy@unicorncrm.ca
Address: Toronto, Ontario, Canada

If you have a complaint about our privacy practices, you may also contact the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario.