Arkans← Back to Home

Data Practices & Patient Rights

Effective: February 25, 2026  |  Published by: Arkans Corporation

1. About This Notice

Arkans Corporation (“Arkans”, “we”, “us”) provides software that enables healthcare and wellness businesses (“Providers”) to manage appointments, communicate with patients, and operate their practices. As a platform operator, Arkans acts as a Business Associate (under HIPAA) and a service provider (under PHIPA and PIPEDA) on behalf of your Provider.

This notice explains what personal health information may be collected through our platform, how it is used, with whom it is shared, and the rights available to you as a patient or client. If you have questions about how a specific Provider handles your records, please contact that Provider directly.

2. Data We Collect

When you book an appointment through an Arkans-powered website, Arkans and your Provider may collect the following categories of information:

  • Contact Information— Name, email address, and phone number.
  • Appointment Details— Service type, scheduled date and time, and appointment duration.
  • Health Notes— Clinical or wellness notes recorded by your Provider about your visit. These records are encrypted at rest.
  • Technical Data— IP address (stored only as a one-way hash for privacy), device type, and browser type, collected automatically when you interact with the platform.
  • Consent Records— Timestamps and version identifiers of consents you have provided (e.g., booking consent, privacy policy acceptance).

3. How We Use Your Data

Your information is used for the following purposes:

  • Appointment management— Confirming, updating, or cancelling your appointments.
  • Transactional communications— Sending booking confirmations and appointment reminders via email or SMS.
  • Provider health records— Enabling your Provider to maintain accurate and up-to-date records of your visits.
  • Legal compliance— Meeting obligations under applicable laws including HIPAA, PHIPA, and PIPEDA.
  • Promotional communications— Only if you have explicitly opted in, we may send promotional messages on behalf of your Provider. You may withdraw this consent at any time.

We do not use your personal health information for advertising, profiling, or sale to third parties.

4. Who Has Access

Your Provider

The healthcare or wellness business you booked with has full access to the records created through their Arkans account. Arkans does not restrict Providers from accessing their own patient data.

Arkans Corporation

As the platform operator, Arkans processes data on behalf of your Provider. We do not sell, rent, or share your personal health information with third parties except as strictly necessary to deliver the service or as required by law. Arkans personnel access records only for technical support, security investigation, or compliance purposes, and only on a need-to-know basis.

Service Providers

Arkans uses the following categories of sub-processors, each governed by a Data Processing Agreement:

  • Cloud infrastructure— Amazon Web Services (AWS), Canada (ca-central-1 region), which is HIPAA-eligible under the AWS Business Associate Agreement.
  • Transactional email delivery— AWS Simple Email Service (SES), ca-central-1, used exclusively for appointment confirmations, reminders, and account notifications.

5. Your Rights

Under HIPAA, PHIPA, and PIPEDA you have the following rights with respect to your personal health information:

  • Access— Request a copy of your personal information held by your Provider.
  • Correction— Request that inaccurate or incomplete information be corrected.
  • Deletion— Request deletion of your records, subject to any legal retention requirements (see Section 6 below).
  • Data Portability— Receive a copy of your records in a structured, machine-readable format.
  • Withdraw Consent— Unsubscribe from non-essential communications at any time using the unsubscribe link in any email, or by contacting us directly.

To exercise any of these rights, please contact your Provider directly. You may also reach Arkans’s Privacy Officer at privacy@arkanscorp.com if you believe a request has not been handled appropriately.

6. Data Retention

  • Appointment records — Retained for a minimum of 7 years from the date of service, in accordance with PHIPA record-keeping requirements.
  • Deleted or closed accounts — Data is held for 3 months after account closure to allow for recovery requests, then removed from our production systems.
  • Consent logs— Retained for the duration of the relationship plus a minimum of 7 years to support audit and compliance obligations.

After the applicable retention period, records are deleted from our production database. Infrastructure backups exist solely for disaster recovery purposes and follow a separate, shorter lifecycle; they do not extend the retention period of personal information.

7. Contact Us

If you have questions about this notice or wish to exercise your privacy rights, please contact:

Privacy Officer: Karan Adapala, President
Email: privacy@arkanscorp.com
Organization: Arkans Corporation, Canada

We will acknowledge your request within 10 business days and aim to respond in full within 30 days, as required by applicable privacy legislation.