Security & Compliance
Built from day one to meet strict Law 25 requirements and Canadian healthcare standards.
Secure Data Flow
Audio encrypted on device (TLS 1.3)
Secure servers in Montreal (AES-256)
Audio deleted immediately after generation
Compliant with Law 25 and PIPEDA
AuraScribe strictly aligns with Quebec Law 25 (formerly Law 64) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We ensure transparency, consent management, and a high standard of protection for personal health information (PHI).
100% Canadian data residency
Your data never leaves Canada. All processing, storage, and AI inference run on secure servers physically located in Montreal, Quebec. We do not use U.S.-based cloud regions for any PHI-handling infrastructure.
Enterprise-grade encryption
Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Infrastructure access is tightly controlled through multi-factor authentication and role-based access controls (RBAC).
Zero-retention policy for audio
Audio recordings are processed ephemerally. Once transcription and SOAP generation are completed, the original audio file is permanently deleted from our servers. We do not use patient data to train our foundation models.
➜ ~ ./verify_compliance.sh --region=QC
Initializing security audit...
Checking data residency... [OK] Montreal, CA
Verifying encryption... [OK] AES-256 Active
Checking audio retention... [OK] Zero-retention enforced
Validating Law 25 status... [OK] Fully Compliant
System Secure. Ready for clinical use.
Download the Law 25 Compliance Kit
4 ready-to-use Word documents: privacy policy template, compliance checklist, incident register, and AI consent form — updated for Law 5 (in force July 2024).
