Privacy Policy

1. Overview

Billing Goat is a physician-built documentation and billing platform for Alberta dermatology clinics. This Privacy Policy explains what information we collect, how we use it, and the controls we apply to keep it safe.

2. No Patient Identifiers Required

Billing Goat does not require direct personal identifying information about patients. Clinicians log only de-identified encounter information (age, gender, clinical findings, billing-relevant details) from which the platform generates the visit note and billing block in real time. Patient names, Alberta Health identifiers, dates of birth, addresses, phone numbers, and similar direct identifiers are not needed for the product to work and should not be entered.

3. Deterministic Processing, No Third-Party AI

All chart construction, billing calculation, and live note preview happen deterministically from a fixed rules engine. Billing Goat does not transmit clinical content to any third-party artificial-intelligence provider as part of the charting workflow. Your encounter content stays within the Billing Goat system.

4. Where Your Data Lives

Encounter information entered during the day is stored encrypted on servers located in Canada (Supabase, ca-central-1). Data is encrypted in transit (TLS) and at rest. Each clinic's data is scoped to that clinic by row-level security; members of one clinic cannot read another clinic's data.

5. Daily Hard Wipe of Encounter Data

Encounter information is retained for no more than approximately 24 hours from entry. At approximately 2:00 a.m. Mountain Time each day, an automated job permanently deletes all encounter records from our servers. Billing Goat does not retain encounter data overnight. If you need a record of an encounter, copy the generated note and billing block into your EMR before the daily purge.

6. Account Information

To operate a clinic account we collect a minimum of administrative information: the clinic name and primary contact, each user's email address and display initials, the user's role within the clinic (admin, physician, nurse), and subscription billing details required to process payment. This information is retained for the life of the subscription and for a reasonable period after cancellation for legal and accounting purposes.

7. Security Logs

To protect accounts from unauthorized access, our authentication provider records sign-in events (timestamp, IP address, user agent). These logs are used solely for security monitoring and are not linked to individual encounters. They are not used for marketing or analytics.

8. Sub-processors

We rely on a small number of trusted service providers to operate Billing Goat. Each is contractually bound to protect information they process on our behalf and may use it only to provide their service to us:

• Supabase (Canadian region) — authentication, encrypted storage of encounter data and account records.
• Stripe — subscription billing and payment processing. Stripe receives billing contact details only; it does not receive clinical content.
• Vercel — application hosting and content delivery.

Cross-border processing. Stripe is based in the United States. Vercel's application hosting may cause encounter data to transit servers located outside Canada during request handling; encrypted persistent storage of encounter data remains in Canada (Supabase ca-central-1). By using Billing Goat, the clinic acknowledges this cross-border processing.

We do not sell personal information to third parties.

9. Usage Analytics

We collect aggregated, anonymized usage metrics (page views, feature activation counts, session duration) to understand what is working and to improve the product. Analytics never contain clinical content or patient information.

10. Cookies

Billing Goat uses essential cookies for authentication and session management. These are required for the service to function. You can manage cookie preferences through your browser settings; disabling them will prevent you from signing in.

11. User Responsibility for De-identification

Billing Goat is designed to work without patient identifiers. It remains the user's responsibility to avoid entering direct or contextual identifying information (names, Alberta Health numbers, dates of birth, addresses, phone numbers, or narrative details sufficient to identify a patient) into any field. Billing Goat's automated identifier stripping, where applied, is a safety net only and does not substitute for this obligation. Users are responsible for compliance with the Alberta Health Information Act (HIA) and Personal Information Protection Act (PIPA).

12. Your Rights

You may request access to, correction of, or deletion of your account information at any time. Encounter data is automatically deleted each day as described above; no separate request is required. For other data requests, please contact us.

13. Changes to This Policy

We may update this Privacy Policy as the product evolves. Changes will be posted on this page with an updated effective date. Material changes affecting how clinical data is handled will be communicated to clinic administrators directly.

14. Contact

Questions about this Privacy Policy, or any request regarding your data, can be directed to us via the contact page.