Built for Canadian pharmacy privacy from day zero.
PIPEDA, PHIPA, FIPPA, PHIA, PHIPAA, HIPA, ATIPPA, the Quebec Loi 25 — we’re the only Canadian pharmacy platform built to all of them on day one. Data residency in Canadian regions only. Zero US fallback. Zero patient data ever used to train any general-purpose model.
Every Canadian pharmacy-privacy regulation. By name. With named accountability.
Most US-built health software claims “HIPAA compliant” and assumes that’s enough. Canadian pharmacy practice is governed by federal + provincial laws, each with its own data-handling rules. We map our platform controls against every one.
Federal baseline for personal-information handling in commercial activity. Privacy Officer, consent, breach reporting, access rights.
Ontario’s health-information statute. Defines “health information custodian,” consent rules, lock-box, IPC reporting.
BC public-sector privacy regime. Triggers when a pharmacy contracts with a BC health authority or provincial agency.
Health-information statutes for Manitoba, Nova Scotia, and (separately) Newfoundland & Labrador.
New Brunswick’s health-information statute.
Alberta (HIA) and Saskatchewan (HIPA). Custodial rules, breach notification, access rights.
Québec’s modernized privacy regime (2023). Strict consent, automated-decision disclosure, data-portability rights.
Newfoundland & Labrador public-sector regime; triggers via NL Health pharmacist contracts.
Our Privacy Officer is named in every customer DPA. Breach notification within 24h to your designated point of contact, with the regulator-required notice prepared by our team.
Everything stays in Canadian regions. No US fallback. No exceptions.
Your patient data never leaves Canada. Choose AWS Canada (Central) in Montréal or Azure Canada Central in Toronto at contract time. We do not multi-region failover to US East. The control plane (admin tools, backups) is also Canada-resident. Backup encryption keys are managed in Canadian-region HSMs.
- Primary region: AWS ca-central-1 (Montréal) or Azure Canada Central (Toronto)
- Failover region: AWS ca-west-1 (Calgary) or cross-AZ within Canada Central
- Backup storage: Glacier / Archive, Canadian region only
- Email transactional: SES Canada, never US
- Logs & metrics: Canada-region observability stack
- Support tooling: Canada-resident; staff sign Canadian-region access agreements
Independently audited. Annually re-audited. Reports available under NDA.
SOC 2 Type II
Audited annually by an independent CPA firm. Trust Service Criteria: Security, Availability, Confidentiality, Privacy. Report available under MNDA.
ISO 27001:2022
Information security management system, certified by an ANAB-accredited registrar. Re-certified annually.
Annual penetration test
Third-party pen test of all customer-facing surfaces, plus a Red-team exercise on the Admin Clerk RPA. Findings remediation tracked publicly via our security@ team.
End-to-end encryption. Customer-managed keys available.
In transit
TLS 1.3 only on all public endpoints. mTLS on inter-service traffic. HSTS enforced. Cipher suites limited to forward-secrecy AEAD.
At rest
AES-256-GCM on all PHI databases, object storage, backups, and queue payloads. Per-tenant data-encryption keys. KMS-rotated annually.
Customer-managed keys (BYOK)
Enterprise customers can provide their own KMS keys. Revoke at will. We render the data unreadable within 5 minutes.
Every PHI touch is logged. Customer-readable. Immutable.
Every read, write, export, share, and delete on patient health information is captured in the audit log. Logs are append-only, customer-readable through your admin console, and exportable in JSON / CEF for ingestion into your SIEM.
- Who: pharmacist (with college license), tech, admin, or system service
- What: resource type, resource ID, fields touched
- When: ms-precision timestamp + clock attestation
- Where: source IP, network egress region, device fingerprint
- Why: workflow context (consult ID, claim ID, support ticket #)
- Append-only · tamper-evident hashes · 7-year default retention
If something happens, you find out from us first — not from the news.
Our breach-response team is on a 24/7 page rotation. Incident detection triggers customer notification within 24 hours, with regulator-ready documentation drafted by our team. We’ll prepare your IPC notice, your patient-notification mail-merge, and your timeline.
For new deployments and material platform changes, we provide a Data Protection Impact Assessment (DPIA) template pre-filled with our controls. Your privacy officer fills the customer-specific bits and submits.
- 24h notification commitment in every contract
- Regulator-ready notice templates (IPC ON, OIPC BC, OIPC AB, OIPC NS, etc.)
- Patient-notification mail-merge generator, in EN/FR
- DPIA template + named MedMe controls list
- Subprocessor list with notice 30+ days before any change
Your patient data is yours. We don’t train general-purpose models on it. Ever.
We do train pharmacy-specific clinical templates and Scribe quality models — on opt-in, anonymized, jurisdiction-aware data, with named consent. We do not ship customer audio, transcripts, or PHI to OpenAI, Anthropic, Google, or any other foundation model provider for training, fine-tuning, or RLHF. Any LLM call we make to a third-party provider goes via a Canadian-region pass-through with redaction at the edge and contractual data-deletion clauses.
If your security review is rigorous, you’ll like ours. Talk to our team.
Get the SOC 2 Type II report, ISO certificate, pen-test summary, and a 30-minute call with our Privacy Officer. NDA available in seconds.