Healthcare-grade by design

Compliance isn't an afterthought. It's the foundation.

Dental and physio clinics in Canada operate under strict regulations — PHIPA, CASL, AODA, and the provincial colleges. We built ClinicOS to meet those standards on day one, not after the first audit letter arrives.

PHIPA

Personal Health Information Protection Act (Ontario)

Patient health information never leaves Canadian soil. All data — conversations, bookings, patient records, audit logs — is stored in Supabase Canada Central, not the US.

  • Personal Health Information is never included in prompts to third-party LLMs without explicit clinic-level configuration
  • All data at rest encrypted AES-256; all data in transit TLS 1.3
  • Access logs retained for 7 years; full audit trail on every conversation
  • Role-based access controls for clinic staff; Claude API calls use clinic-scoped keys

CASL

Canada's Anti-Spam Legislation

Every patient interaction starts with explicit consent capture. One-tap unsubscribe on every SMS and email. Consent records kept as long as the law requires, and proof available on demand.

  • Express consent captured at first interaction, with timestamp and method
  • STOP/UNSUBSCRIBE processed instantly; no 24-hour lag, no manual review
  • Separate consent streams for appointment confirmations vs. marketing
  • Sender identification on every outbound message, per CASL requirements

AODA

Accessibility for Ontarians with Disabilities Act

Every surface patients interact with — the chat widget, booking flows, email templates — meets WCAG 2.1 AA. Screen-reader support, keyboard navigation, and high-contrast modes built in.

  • Semantic HTML, proper ARIA labels, keyboard-navigable throughout
  • Colour contrast ratios meet or exceed AA standards
  • Alt text on all content; captions on all video
  • Option for patients to always speak with a human

Insurance & Risk

Errors & Omissions coverage

TechGizmo carries E&O insurance on every clinic engagement. Your clinic is protected in the unlikely event that something goes sideways — because healthcare is not a space where "move fast and break things" applies.

  • Commercial General Liability coverage
  • Errors & Omissions / Professional Liability
  • Cyber liability including incident response
  • Certificate of insurance available on request

Data Rights

Your data. Your control.

You own every piece of patient data in ClinicOS. We store it. You control it. Any time you want an export, you get it — no extraction fees, no lock-in, no games.

  • Full data export in standard formats (CSV, JSON) on request
  • Right-to-deletion honoured within 30 days per PHIPA
  • No data used to train AI models — not ours, not Anthropic's
  • Clear incident response protocol; breach notification within 72 hours

Questions about compliance? Ask directly.

Our founder is a PMP-certified professional with 15+ years in regulated health industries. Nothing technical is too detailed.

Book a compliance call Read our privacy policy