Lexie

Privacy Policy

Effective Date: 2025-07-26  |  Last Updated: 2026-04-22

Lexie Health Inc. (“Lexie”, “we”, “our”, “us”) provides an AI-powered medical billing platform for physicians and clinics. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when providing our services.

1. Scope

This policy applies to:

  • healthcare practitioners and clinics that use Lexie;
  • patient-related data entered by authorized users into the Lexie platform;
  • visitors to Lexie websites and support channels.

2. Information We Collect

2.1 Practitioner and Account Information

We may collect:

  • name, clinic/organization details, contact information;
  • account credentials and authentication metadata;
  • subscription, billing, and support records.

2.2 Patient and Clinical/Billing Information

When authorized users use Lexie, we process data provided by the clinic/practitioner, including patient visit notes and related information needed to generate billing suggestions.

2.3 Technical and Usage Information

We collect operational and security data such as logs, device/browser metadata, and service performance metrics.

3. How We Use Information

We use information to:

  • provide, secure, maintain, and improve Lexie services;
  • generate billing-related outputs and related workflow support;
  • provide customer support and account administration;
  • monitor, detect, and investigate security or privacy incidents;
  • comply with legal and contractual obligations.

4. AI and Product Improvement

  • Lexie does not use identifiable patient information for AI model training.
  • Lexie may use de-identified/anonymous data to improve service quality, reliability, and performance.

5. Customer Responsibilities

Healthcare practitioners and clinics are responsible for:

  • obtaining any required patient notices/consents/authorities;
  • using Lexie in accordance with professional and legal obligations;
  • ensuring appropriate local recordkeeping practices.

6. Data Storage and Transfers

  • Lexie uses a Canada-primary data handling model.
  • Some limited processing may occur outside Canada by approved subprocessors or support providers.
  • Where cross-border processing occurs, we use contractual and technical safeguards designed to provide comparable protection.

7. Disclosure of Information

We do not sell personal information. We may disclose information:

  • to service providers/subprocessors supporting our services;
  • where required by law, court order, or lawful authority;
  • in connection with a corporate transaction (subject to appropriate safeguards);
  • to protect rights, safety, and security of Lexie, customers, and the public.

8. Security Safeguards

Lexie maintains administrative, technical, and organizational safeguards, including:

  • role-based access controls and MFA for privileged access;
  • encryption in transit and at rest for sensitive data;
  • monitoring, logging, and incident response procedures;
  • workforce confidentiality and security/privacy training;
  • vendor due diligence and contractual protections.

9. Retention and Deletion

  • We retain information only as long as needed for service delivery, legal obligations, and legitimate operational requirements.
  • We apply documented retention and disposal procedures.
  • Upon contract termination, data return/deletion is handled according to contract terms and legal requirements.

10. Privacy Rights and Requests

Subject to applicable law, individuals may have rights to request access or correction of personal information.

Request channels:

For patient-related requests, patients should generally contact their healthcare provider first, as providers are typically primary custodians/controllers in clinical workflows.

11. Breach and Incident Notifications

Lexie maintains incident response and breach management procedures. Where required, we notify affected customers and regulators without undue delay once a reportable breach is confirmed.

12. Browser Extension

The Lexie browser extension is available exclusively to authorized practitioners with an active Lexie account. It is designed to support billing workflows within the practitioner’s existing Electronic Medical Record (EMR) environment.

  • The extension does not automatically read or scrape web pages. It only accesses content when a practitioner manually selects text or a specific area and triggers an action button provided by Lexie extension. No other page content, browsing history, or background data is collected or monitored.
  • To support compatibility with various EMR and practice management systems, the extension requires permission to interact with specific host domains.
  • The extension operates only on domains authorized by the practitioner or practitioner’s organization and remains inactive on all other websites, with no impact on any other sites the user visits.
  • Practitioners authenticate using their existing Lexie credentials. The extension does not handle or store passwords.
  • Session data is stored locally in secure browser storage and is purged automatically upon sign-out or uninstallation.

13. Cookies and Similar Technologies

Lexie websites may use cookies and similar technologies for essential operations, analytics, and service improvement. Browser settings may allow users to limit some cookies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date and provide notice of material changes where appropriate.

15. Contact

Privacy Officer
Lexie Health Inc.
privacy@lexiehealth.com

If you are not satisfied with our response to a privacy concern, you may contact the relevant privacy regulator, including the Information and Privacy Commissioner of Ontario, as applicable.