Enterprise-Grade Security
Your patient data deserves the highest level of protection. We take security seriously.
Security Features
End-to-End Encryption
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your patient data is never exposed.
SOC 2 Type II Certified
Our infrastructure is independently audited and certified for security, availability, and confidentiality.
Canadian Data Residency
All data is stored exclusively in AWS Canada (ca-central-1). Your patient data never leaves Canadian borders.
Multi-Factor Authentication
All accounts require MFA. Support for authenticator apps, SMS, and hardware security keys.
Role-Based Access Control
Granular permissions ensure users only access the data they need. Full audit trail of all access.
Automatic Session Timeout
15-minute idle timeout and 60-second background timeout to prevent unauthorized access.
Certifications & Compliance
SOC 2 Type II
Security, availability, and confidentiality
HIPAA
Healthcare data protection compliance
PIPEDA
Canadian privacy law compliance
PHIPA
Ontario health privacy compliance
Complete Audit Trail
Every action in Onalyst is logged for compliance and accountability:
- User login/logout events with IP address and device info
- All access to patient records with timestamp
- Document creation, editing, and deletion
- EHR integration events
- Administrative changes to user permissions
- Audio recording access and playback
Audit logs are retained for 7 years per HIPAA requirements and cannot be modified or deleted.
Questions about security?
Our security team is happy to discuss our practices in detail.