Trust Center
Trust isn't a feature.
It's the foundation.
We handle sensitive health information, so we hold ourselves to real standards — and we're honest about where we stand on each. Here's how we protect your data.
Standards we hold to
Canada's federal private-sector privacy law.
Read moreBritish Columbia's privacy law — our home jurisdiction.
Read moreHIPAA-grade safeguards. OpenAI BAA in place; Google Cloud BAA in progress.
Read morePayments handled by Stripe; card data never touches our servers (SAQ A).
Read moreHow we protect your data
Documentation on request
Partners and standards reviewers can request our security overview, subprocessor list, and — as they become available — audit reports. We're building toward SOC 2; a report will be provided on request once complete. Detailed materials are shared under a mutual NDA.
Privacy contact: Brett Poulin · contact@coldstream.info