Your AI Medical Assistant

Security & privacy

Privacy isn't a feature. It's the foundation.

Sylvia was built for Canadian healthcare organizations from the start. Data is hosted in Canada, in line with Loi 25 and PIPEDA. Patient data remains your organization's property and is never used to train Sylvia's models. For organizations with specific sovereignty or security requirements, Sylvia can also be deployed on dedicated infrastructure or fully on-premise (on-prem).

Loi 25PIPEDACanadian-hostedDedicated or on-prem deployment

Canadian data. Canadian control.

Production infrastructure, databases, and backups are hosted in Canada.

Patient data is never used to train Sylvia's models, whether identifiable or de-identified. It is never sold or shared for advertising or third-party model-training purposes.

Your organization keeps control of its data at all times.

Regulatory compliance

Loi 25 (Quebec)

Sylvia is designed to support the requirements of Quebec's Act to modernize legislative provisions respecting the protection of personal information. Privacy impact assessments (PIA) can be conducted as part of a deployment.

PIPEDA (Canada)

Minimal data collection, consent management, access controls, and mechanisms allowing access to and correction of information when required.

TGV / Relevance filter

  • Only the data needed for the clinical task is processed.
  • Sylvia is never trained on your patient data — even anonymized.
  • No reuse for third-party models, external analytics, or advertising.

Technical measures

  • Data encrypted at rest and in transit (AES-256, TLS 1.3+)
  • Data isolation between organizations, with dedicated or on-premise (on-prem) deployment options for organizations with specific requirements
  • Single sign-on (SSO) and multi-factor authentication (MFA) available
  • Comprehensive logging of access and sensitive actions, with retention compliant with regulatory requirements
  • Daily encrypted backups and regularly tested restoration procedures
  • Scribe audio processed securely to generate clinical documentation, with no retention of raw audio recordings by default
  • Continuous system monitoring and security alerting

Certifications & process

Privacy impact assessments (PIA)Available on request
SOC 2 Type II auditIn preparation
Human clinical validationRequired before any clinical use
Incident managementDocumented procedures and continuous monitoring

Need more detail for your security team?

Request our compliance package