Educational Simulation Only. SimVeritas creates synthetic clinical encounters for learning purposes. It is not a clinical decision support tool and must not be used in direct patient care. Full notice →

Legal

Privacy Policy

Last updated: 2025. Applies to: www.simveritas.com

Applicable privacy law

SimVeritas operates in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law. For users in the European Union, we also respect the principles of the General Data Protection Regulation (GDPR).

What we do not collect

SimVeritas does not collect, store, or process Protected Health Information (PHI), personally identifiable patient data, or any information that would constitute a medical record under HIPAA or equivalent legislation. All simulation scenarios use entirely fictitious patient profiles. No real patient data is used at any point.

1. What we collect

When you register for a pilot programme or submit a contact enquiry, we collect:

  • Name and institutional email address
  • Institution or organisation name
  • Role (educator, administrator, or similar)
  • Content of any messages sent through our contact form
  • Authentication credentials (password stored as a one-way hash; never in plain text)

We do not use tracking pixels, cross-site advertising cookies, or behavioural analytics. Basic server access logs (IP address, request path, timestamp) may be retained for security purposes.

2. How we use your data

Personal information is collected solely for the purpose of:

  • Creating and managing your pilot programme account
  • Responding to enquiries submitted through the contact form
  • Sending programme-related communications (no marketing without consent)
  • Maintaining the security and integrity of the platform

We do not sell, rent, or trade personal information with third parties.

3. Third-party services

We use the following third-party services to operate the platform:

  • Google Firebase / Supabase — authentication and database. Data is stored in infrastructure subject to their respective privacy programmes.
  • Google Fonts — typeface delivery. Fonts are served directly from our domain where possible.
  • Vercel — hosting and edge network. Standard server access logs apply.

Each service is subject to its own privacy policy. We select services that meet adequate data protection standards.

Data retention

Account information is retained for the duration of an active pilot programme and for up to 90 days after programme completion or account deletion request. Pilot enquiry form submissions are retained for up to 12 months. You may request deletion of your data at any time by contacting us at the address below.

5. Your rights

Under PIPEDA and GDPR you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your data (“right to be forgotten” under GDPR)
  • Withdraw consent to processing at any time
  • Lodge a complaint with a supervisory authority

Privacy enquiries and requests

To exercise your rights under PIPEDA or GDPR (access, correction, deletion, or portability), contact: privacy@simveritas.com. We respond to all privacy requests within 30 days.