PHIPA Policy

This policy governs how TechGizmo Digital handles Personal Health Information (PHI) as defined under Ontario's Personal Health Information Protection Act (PHIPA). The full text is currently under review by a Canadian healthcare technology lawyer.

Key commitments that are already implemented and non-negotiable:

• ✓All patient data stored exclusively in Supabase Canada Central (ca-central-1)
• ✓PHI never included in AI prompts without explicit clinic-level configuration
• ✓Data encrypted at rest (AES-256) and in transit (TLS 1.3)
• ✓Audit logs retained for 7 years per PHIPA requirements
• ✓Right-to-deletion honoured within 30 days
• ✓Breach notification within 72 hours per PHIPA obligations

For questions about patient health information handling, contact kazi@techgizmo.cloud with “PHIPA” in the subject line.

See also: Full Compliance Overview · Privacy Policy