Baobab TreeProactives
Healthcare-Grade Security

Your health data is sacred. We treat it that way.

Built for Canadian healthcare privacy law from day one. Defense-in-depth security with comprehensive controls for protecting your health information.

AES-256
Encryption at Rest
TLS 1.3
All Traffic Encrypted
Canada
Data Residency Only
25+
Audit Event Types

Your records. Locked down. Never sold. Always yours.

If you're about to upload medical records, you deserve answers in plain language before you get to the technical part. Here they are.

Where do my records live?

On Canadian cloud infrastructure (Azure Canada Central). Primary storage and processing stay in Canada.

Who can see them?

Only you, and people you explicitly invite (a spouse, a sibling, a caregiver). Proactives staff access is restricted, logged, and limited to specific support cases you authorize. Your doctor doesn't get automatic access. Advertisers never.

Does the AI see my name?

No. We remove your name and health-card number before any AI model processes your records. Provider names, facility names, and treatment dates remain — that's what makes your summary clinically accurate and the citations point to the right source.

Are you training AI on my data?

No. Our contracts with the AI providers we use prohibit training on your data. We don't sell it. We don't share it with anyone you haven't authorized.

What if I want to leave?

You can export everything as PDFs and delete your account and records from the app. We tell you exactly what's removed and when. Standard disaster-recovery backups are retained for a limited period — full details in our privacy policy.

What if something happens to me?

Your records are yours. You can export them as PDFs at any time so a family member has a copy outside our system. A formal account-handover feature is on our roadmap — until then, exports are the recommended approach.

Want the technical version? Keep scrolling — encryption details, network architecture, audit logs, the whole stack.

Data Never Leaves Canada

All infrastructure runs in Azure Canada Central. Your documents, conversations, and health data stay within Canadian borders—always.

Your name and health-card number are removed before AI processes your data

We remove your name and health-card number before any AI model processes your records. Provider names, facility names, and treatment dates remain — they're what make your summary clinically accurate and your citations point back to the right source document.

If we can't keep it private, we don't send it

If our system can't strip your identity from a message for any reason, that message is blocked — never sent to AI. We picked safety over speed, on purpose, every time.

Private Network Architecture

Database and storage run on private endpoints with no public internet exposure. All internal traffic flows through a secured virtual network.

Role-Based Access Control

Granular permissions for owners, caregivers, and providers. Circle-of-care validation ensures only authorized individuals access your records.

Complete Audit Trail

Every document view, download, and access is logged. You can see exactly who accessed your records and when—full transparency.

How we protect your identity

We strip your name and health-card number before AI processes your records. Provider names, facility names, and dates stay — without them, your summary wouldn't be clinically accurate and the citations couldn't point back to the right source.

Original
"John Smith's A1C was 7.2% at Toronto General on Jan 15, 2024 (HCN 1234-567-890)"
What AI sees
"[PATIENT]'s A1C was 7.2% at Toronto General on Jan 15, 2024"
Name and HCN removed before AI processes records; clinical context preserved

Built for PHIPA and PIPEDA

Aligned with Canadian healthcare privacy requirements

Consent Management
Privacy by Design
Audit Logging
Access Controls
De-identification
Encryption
Data Residency
Retention Policies

Technical Details

Defense in Depth

Multiple layers of security protect your data at every level of our infrastructure.

Infrastructure

  • Azure Container Apps (Canada Central)
  • Private Virtual Network (VNet)
  • Azure Application Gateway
  • No public database endpoints

Data Storage

  • PostgreSQL on Azure Flexible Server
  • Azure Blob Storage with encryption
  • Azure Key Vault for secrets
  • Redis for secure session management

AI Privacy

  • Azure Language Service de-identification
  • No PHI in AI training data
  • Automatic PHI redaction in responses

Your Rights

You Own Your Data

We believe your health information belongs to you. Here's what that means in practice.

Export Anytime

Download your complete health record in multiple formats—PDF for sharing, JSON for portability. No lock-in.

Delete Your Account

Email us to request deletion of your account and its records. We document exactly what's removed and when. Standard disaster-recovery backups are retained for a limited period — full details in our privacy policy.

See Who Accessed

Full audit log shows every time your records were viewed, by whom, and when. Complete transparency.

Never Sold

Your data is never sold, shared with advertisers, or used for anything except serving you. Period.

Ready to Take Control?

Your health data, protected by healthcare-grade security. Start organizing your medical records today.

Get Started Free
2026-05-19 10:05:40 PM EDT