Launch Offer

Founding 100 View terms

Grace App, AI practice management for Canadian mental health professionals

Data Processing Addendum

Disclaimer: This is a plain-language template and should be reviewed by legal counsel. Last updated: [Date]

Roles and Responsibilities

Clinic/customer is responsible for clinical operations and determining the purpose of processing. Grace App provides the service and safeguards as a processor/agent.

Data Residency

Grace App maintains a Canada-first hosting posture, meaning data is hosted within the Montreal region in Canada.

Security Measures

  • Encryption at rest and in transit
  • Audit logging of PHI access and key actions
  • Role-based access controls and tenant isolation

Subprocessors

A list of authorized subprocessors is maintained. We communicate material updates to this list prior to bringing a new subprocessor online handling PHI.

Incident Response and Breach Notification

In the event of a security breach involving personal health information, we will notify affected customers promptly, assisting with their compliance obligations.

Data Return and Deletion

Upon termination of the service, data will be returned or deleted in accordance with the agreement, subject to any legal retention obligations.

AI Processing Clause

AI outputs are drafts; consent gating is required for audio workflows. Customers retain controls to disable AI features entirely per user or per client.

Book a demo Join Founding 100

Join the Founding 100

3 months fully free. No commitment. No credit card.

3 months freeNo commitmentNo credit cardThen $99/mo, rate guaranteed

Limited to the first 100 founding partners.