Medfair
Clinic Manager

Features

Your clinic’s operating layer, a server-as-a-software.

Get started

Combine AI, your Clinic Manager.

Your clinic’s operating layer — built to serve you by taking action, not just answer questions. Combine AI is connected to the data and tools that run your day-to-day and gets smarter as your clinic grows.

Slide 1 of 4: Conversational operations
Combine AI on the clinic dashboard — drafting an invoice for a patient fitting and confirming with one tap.

01. Conversational

Create invoices, pay bills, message patients, and add vendors by simply asking. Combine drafts the work, shows you what’s about to happen, and waits for your go-ahead.

Data compliance

Built for Canadian clinics, friendly to cross-border care.

Patient communication, vendor records, payment trails — all of the back-office data Medfair touches sits under the four regimes below. We engineer the platform against each of them so your clinic inherits the controls instead of having to rebuild them on top.

This page summarizes how Medfair aligns with each regime. It is not legal advice; clinics remain the controller (or custodian) of their patient data. A signed DPA — and a BAA for HIPAA-scoped engagements — is available on request. See the Privacy Policy for the formal framing.

CASL

Canada's Anti-Spam Legislation

Canada · federal

CASL governs every commercial electronic message — appointment reminders, recall campaigns, referral follow-ups, marketing emails — that a clinic sends from Canada or to Canadian recipients. Medfair's patient email tool captures the express or implied consent record at the point of collection, stamps every send with your clinic's identification and physical address, and includes a one-click, always-honoured unsubscribe link. Suppression is enforced platform-wide, so a patient who opts out of one workflow is automatically excluded from the rest.

PIPEDA

Personal Information Protection and Electronic Documents Act

Canada · federal private sector

PIPEDA sets the ten fair-information principles every Canadian private-sector organization must follow when handling personal information — accountability, identifying purposes, meaningful consent, limiting collection and use, accuracy, safeguards, openness, individual access, and challenging compliance. Medfair operationalizes each principle: clinic data is stored in Canadian Supabase regions, encrypted in transit and at rest, scoped behind row-level security and audit logs, and a signed Data Processing Agreement is available on request for every plan tier.

PHIPA

Personal Health Information Protection Act

Ontario · health information custodians

PHIPA is Ontario's health-privacy statute and applies to the personal health information that flows through orthotics, prosthetics, and bracing practices as a normal part of patient care. Medfair treats clinic users as the health-information custodian and Medfair as the electronic service provider — with the safeguards that role demands: tenant-isolated storage, role-based access, immutable audit trails, breach-notification tooling, and the ability to return or destroy clinic data on contract end. PHIPA does not treat Medfair as your clinical EHR; we recommend keeping regulated charting in your designated record system.

HIPAA

Health Insurance Portability and Accountability Act

United States · covered entities & business associates

For clinics operating in or contracting with the United States, HIPAA's Privacy, Security, and Breach Notification Rules govern any protected health information that Medfair processes on your behalf. The platform's administrative, physical, and technical safeguards — least-privilege access, encryption, audit logging, secure backup, and incident response — are designed to support a Business Associate Agreement (BAA), which Medfair can sign with eligible US-operating clinics on request before regulated PHI is loaded into the platform.

Controls that back every regime

  • Canadian data residency (Supabase CA region)
  • Encryption in transit (TLS) and at rest (AES-256)
  • Tenant isolation via row-level security
  • Immutable audit logs on sensitive actions
  • Role-based access & least-privilege defaults
  • Patient-suppression list honoured platform-wide
  • Backups with point-in-time recovery
  • DPA on request · BAA for eligible US clinics

Availability

Built for Canadian clinics — today.

Medfair v1 is purpose-built for Canadian clinics: Canadian data residency, CAD billing, a Canadian Stripe Connect platform, and tax + messaging compliance to match. US support is on the roadmap and ships once we stand up a US-native deployment.

The reasoning — why a Canadian-first launch, and what changes when we bring up the US side — is laid out in the pricing FAQ.

Available nowCanadian clinics
  • PHIPA / PIPEDA-compliant infrastructure, Canadian data residency
  • CAD-denominated billing (Pro $20/mo, Unlimited $50/mo)
  • Stripe Connect on a Canadian platform — combined 3.1% + $0.30 CAD card processing
  • GST / HST tax handling built into invoicing
  • Patient SMS + appointment email through Canadian-verified senders
  • Same-currency vendor payments (CAD ↔ CAD)
On the roadmapAfter a US-native deployment
  • US Stripe platform — avoids the +0.8% international surcharge that hits non-CA cards through our CA platform today
  • USD-denominated billing
  • HIPAA compliance + Business Associate Agreements
  • US-region data residency (separate Supabase project)
  • US sales-tax nexus tracking
  • TCPA-compliant patient SMS via US-verified senders
  • Cross-border CAD ↔ USD vendor payments with inline FX preview

Running a US clinic and want to be notified when we open?

Join the US waitlist

See Combine running in your clinic.

Verification is free and takes minutes. Bring your clinic into the conversational operating era.

Get startedContact us