Security & privacy

Privacy-forward by default.

Patient and clinic financial data demand the highest care. Here’s how we protect it.

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest. Per-tenant data isolation.

Privacy-by-design

Collection limitation, consent, and breach notification practices aligned with PIPEDA, GDPR, and HIPAA expectations.

Role-based access

Owner / Admin / Staff roles with audit logs of imports, anomaly status changes, and exports.

Read-only by design

We connect via read-only APIs to your billing and accounting systems. We never move funds.

Audit logs

Every import, integration sync, and anomaly triage action is logged with user + timestamp.

Data subject rights

Export, correct, and delete your data on request. Subprocessors disclosed transparently.