Healthcare-Grade Security

Your health data is sacred. We treat it that way.

Built for Canadian healthcare privacy law from day one. Defense-in-depth security with comprehensive controls for protecting your health information.

AES-256

Encryption at Rest

TLS 1.3

All Traffic Encrypted

Canada

Data Residency Only

Zero

AI Training — Your Data Never Used

Data Never Leaves Canada

All infrastructure runs in Azure Canada Central. Your documents, conversations, and health data stay within Canadian borders—always.

PHI De-identified Before AI

Your name, health card number, and personal identifiers are removed before any AI model sees your data. The AI only sees medical facts.

Fail-Closed Security

If de-identification fails for any reason, your message is blocked—never sent to AI. We choose security over convenience, every time.

Private Network Architecture

Database and storage run on private endpoints with no public internet exposure. All internal traffic flows through a secured virtual network.

Role-Based Access Control

Granular permissions for owners, caregivers, and providers. Circle-of-care validation ensures only authorized individuals access your records.

Complete Audit Trail

Every document view, download, and access is logged. You can see exactly who accessed your records and when—full transparency.

Our security philosophy: fail closed.

If de-identification fails for any reason, your data is blocked—never sent to AI. Your data is never used to train any AI model. We choose your privacy over convenience, every time.

How we protect your identity

Original

"John Smith's A1C was 7.2% at Toronto General on Jan 15, 2024"

De-identified

"[PATIENT]'s A1C was 7.2% at [FACILITY] on [DATE]"

AI sees

Only the medical facts: A1C = 7.2%

Your identity is removed before AI sees anything

PHIPA / PIPEDA Compliance

Built for Canadian healthcare privacy requirements

Consent Management

Privacy by Design

Audit Logging

Access Controls

De-identification

Encryption

Data Residency

Retention Policies

Technical Details

Defense in Depth

Multiple layers of security protect your data at every level of our infrastructure.

Infrastructure

Azure Container Apps (Canada Central)
Private Virtual Network (VNet)
Azure Application Gateway
No public database endpoints

Data Storage

PostgreSQL on Azure Flexible Server
Azure Blob Storage with encryption
Azure Key Vault for secrets
Redis for secure session management

AI Privacy

Azure Language Service de-identification
No PHI in AI training data
Automatic PHI redaction in responses

Your Rights

You Own Your Data

We believe your health information belongs to you. Here's what that means in practice.

Export Anytime

Download your complete health record in multiple formats—PDF for sharing, JSON for portability. No lock-in.

Delete Everything

Request deletion of all your data at any time. We'll remove it from our systems completely—no hidden copies.

See Who Accessed

Full audit log shows every time your records were viewed, by whom, and when. Complete transparency.

Never Sold

Your data is never sold, shared with advertisers, or used for anything except serving you. We're a nonprofit initiative that raised $732k+ for cancer research—we exist to help patients, not monetize them.

Ready to Take Control?

Your health data, protected by healthcare-grade security. Start organizing your medical records today.

Get Started Free