Privacy & Security at Mosaic
Your clients trust you with their most personal information – and you can trust us to protect it. From day one, Mosaic builds our products with privacy, security, and compliance as our top priorities.
Regulatory Compliance
- All sensitive data is processed and stored exclusively in Canadian data centres.
- We are fully compliant with PIPEDA (Personal Information Protection and Electronic Documents Act), PHIPA (Ontario’s Personal Health Information Protection Act), and all other relevant provincial privacy laws, including Québec’s Loi 25.
Encryption & secure handling
- End-to-end encryption using AES-256 in transit and at rest, travelling through secure HTTPS protocols
- GraceNotes session audio is never stored — it’s temporarily held only for transcription, then immediately deleted.
Data Stewardship
- GraceNotes is not trained on your data.
- Your session data and notes are never shared, sold, or used for any purpose outside of delivering the service you’ve requested.
Your control
- Delete any transcript or insight report at any time – instantly and permanently.
- Full transparency into how your data is handled at every step.
Frequently asked questions
- No. Audio is processed to create your note and is then promptly discarded – audio is never stored.
- We retain personal information no longer than necessary for the purposes identified and as required by law, in line with our Privacy Policy.
- Yes. We provide a generalized GraceNotes client consent template which you can adapt to your setting. Click here to download the template.
- Yes – our Subscription Agreement includes a Data Protection Addendum (DPA) describing our safeguards, subprocessors, and processing locations.
Read our full Privacy Policy here