top of page

AI BASED FILE
PROCESSING 
PLATFORM

Privacy Policy

Last Updated: March 31, 2025

 

W5processing.Inc (“we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, retain, and protect personal data when you use our services through the website “https://www.dropandsort.com”, our client portal, or through any associated API integrations.

 

We comply with all applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and applicable provisions of the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) where relevant.

 

Contact Information:

Email: info@w5processing.com

Phone: +1 954 928 9101

2. Scope

This Privacy Policy applies to all personal and sensitive information (“Personal Information”) we process in the course of:

• Receiving and processing documents from clients;

• Transmitting data to and from our AI Provider (Anthropic) for analysis;

• Communicating with clients and end-users;

• Managing our client dashboard and service infrastructure;

• Complying with legal and regulatory obligations.

3. What Information We Collect

We may collect and process the following categories of data:

 

3.1. Client-Provided Data

• Uploaded medical or insurance documents (e.g., PDFs, scans, patient records);

• Embedded personal identifiers (e.g., names, birth dates, medical record numbers, insurance claim data);

• Contact information (e.g., name, company, email, phone);

• API and usage credentials.

 

3.2. Automatically Collected Data

• Browser type, IP address, device identifiers;

• Access logs, page views, referral URLs;

• Date/time of access, usage volumes.

 

3.3. Cookies and Tracking

 

We use cookies only for technical session management, user authentication, and security purposes. We do not use tracking cookies or third-party advertising pixels.

4. Legal Basis for Processing

Depending on your location, we rely on the following legal bases:

• Consent – where required under PIPEDA or GDPR;

• Contractual necessity – to deliver services;

• Legal obligations – such as retention for audit or regulatory purposes;

• Legitimate interests – including service monitoring, error detection, or anonymized analytics.

 

For medical data in the U.S., we operate under the role of a Business Associate under HIPAA and require clients to be authorized Covered Entities or Business Associates themselves.

5. How We Use Your Information

We use Personal Information strictly for the following purposes:

• To receive, process, and analyze documents using artificial intelligence;

• To generate outputs (summaries, structured data, etc.) requested by the client;

• To display or transmit those results securely to the client;

• To maintain security, audit logs, usage metrics, and service availability;

• To respond to support inquiries and manage billing;

• To comply with our legal obligations.

 

We do not use or share your data for marketing, profiling, advertising, or training of any AI systems.

6. Disclosure of Information

 

We may share Personal Information only in the following cases:

 

6.1. AI Subprocessor – Anthropic

• Documents are transmitted via encrypted API to Anthropic for AI-based processing.

• Anthropic does not use your data for training or commercial reuse.

• Anthropic is contractually bound under equivalent confidentiality, security, and data protection obligations.

• Terms available at: “https://www.anthropic.com/legal/commercial-terms”

 

6.2. Other Subprocessors

 

We may use infrastructure and cloud service providers (e.g., hosting, email delivery) who are bound by confidentiality and data security agreements.

 

6.3. Legal Disclosures

 

We may disclose Personal Information if required by law, subpoena, or regulatory demand. Where permitted, we will notify the client in advance.

7. Data Retention and Deletion

 

• Uploaded documents are retained only as long as necessary for processing and delivery.

• By default, documents and outputs are deleted or anonymized within 356 days after completion unless otherwise agreed.

• Metadata (e.g., document count, page volume) may be retained for billing and auditing.

• Clients may request early deletion via our support channel or within the dashboard.

8. Cross-Border Transfers

 

• Your data may be stored or processed in the United States or Canada, depending on infrastructure and subprocessor location.

• We apply equivalent security and privacy safeguards regardless of jurisdiction.

• For Canadian clients, we ensure compliance with cross-border data transfer requirements under PIPEDA and applicable provincial health privacy statutes (e.g., PHIPA in Ontario).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

• Access – Request a copy of your personal data;

• Correction – Request corrections to inaccurate or incomplete data;

• Deletion – Request deletion of your data, subject to legal and contractual limits;

• Restriction/Objection – Request limits on how your data is used;

• Portability – Obtain a machine-readable copy of your data.

 

To exercise these rights, contact privacy@w5processing.com. We will respond within the legally required timeframe (e.g., 30 days in Canada).

10. Data Security

We maintain physical, technical, and administrative safeguards to protect your data:

• End-to-end encryption (TLS) for data in transit;

• Encryption at rest for stored data;

• Access control policies (least privilege, MFA for admin access);

• Regular audits and logging;

• Incident response plan for breach containment and notification.

 

In the event of a breach involving PHI/PII, we will notify affected clients in compliance with applicable breach notification laws (e.g., HIPAA Breach Notification Rule, PIPEDA breach rules).

11. Children’s Privacy

Our services are not intended for use by individuals under the age of 18. We do not knowingly collect or process data from minors without verifiable parental or institutional consent.

12. Updates to This Policy

 

We may update this Privacy Policy from time to time to reflect changes in our legal obligations or service operations. Updates will be posted current page.

 

We recommend that you review this Policy periodically. Substantive changes will be communicated by email where appropriate.

13. Contact

 

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact:

 

Contact Information:

Email: info@w5processing.com

Phone: +1 954 928 9101

bottom of page