Privacy & Security at Mosaic
Your clients trust you with their most personal information – and you can trust us to protect it. From day one, Mosaic builds our products with privacy, security, and compliance as our top priorities.
Regulatory Compliance
- All sensitive data is processed and stored exclusively in Canadian data centres.
- We actively align with PIPEDA (Personal Information Protection and Electronic Documents Act), PHIPA (Ontario’s Personal Health Information Protection Act), and other relevant provincial privacy laws.
Encryption & secure handling
- Mosaic encrypts all data using TLS in transit and AES-256 at rest.
- GraceNotes session audio is not retained — it’s temporarily held only for transcription, then immediately deleted.
Data Stewardship
- Mosaic does not use Personally Identifiable Information (PII) or Protected Health Information (PHI) to train our AI models.
- Session content is not sold or used for advertising, and is used only to deliver the service you request.
Your control
- Clinicians can choose to permanently delete any session note or report at any time.
- Full transparency into how your data is handled at every step.
Frequently asked questions
- No. Audio is processed to create your note and is then promptly discarded – audio is never stored.
- We retain personal information no longer than necessary for the purposes identified and as required by law, in line with our Privacy Policy.
- Yes. We provide a generalized GraceNotes client consent template which you can adapt to your setting. Click here to download the template.
- Yes – our Subscription Agreement includes a Data Protection Addendum (DPA) describing our safeguards, subprocessors, and processing locations.
Read our full Privacy Policy here