Your personal and health information deserves the highest level of protection. Here is how we safeguard it.
All client data is stored exclusively in Canada. Our infrastructure runs entirely within Canadian data centres and your information never leaves the country.
Your data is encrypted both in transit and at rest. All connections are secured with TLS 1.2 or higher, and stored data is protected with industry-standard encryption.
Our systems are hosted on infrastructure that maintains SOC 2 Type II, ISO 27001, and PCI DSS Level 1 certifications, with regular independent audits.
Staff access is restricted by role. Each team member can only access the information required for their responsibilities, and all sessions expire automatically.
Login credentials are protected with Argon2id, the most advanced password hashing standard available. Access to our systems is restricted to authorized networks.
Our applications are hardened with a comprehensive suite of security headers, rate limiting on sensitive endpoints, and protection against common web vulnerabilities.
As an Ontario health information custodian, we follow the requirements of the Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA). These laws govern how we collect, use, store, and disclose your personal and health information.
We collect only the information necessary to provide your care. We do not sell, rent, or share your personal information with third parties for marketing purposes.
For more details on how we handle your information, please review our published policies.
If you have questions about how your information is handled, or if you would like to make a privacy-related request, please contact us.
Contact Us
