Coldstream Informatics
Compliance

Data handling

Data protection & residency

Where your data lives, who's responsible for what, how we protect it, and what we will never do with it.

Where your data lives

Your health records are stored in Canada. Patient databases and uploaded documents are held in Google Cloud regions in Montréal and Toronto (northamerica-northeast1 and northamerica-northeast2).

Some processing happens outside Canada: our serverless functions, application hosting, and AI features currently run in United States regions, under our business associate agreements and with provider data-logging disabled. So while your data is stored in Canada, it may be processed in the US today. We’re working to bring more processing into Canadian regions as our providers support them. You can see exactly where each provider operates on our Subprocessors page.

Who is responsible for what

Coldstream follows a shared-responsibility model:

How we protect it

We take reasonable administrative, physical, and technical measures to help protect personal information against loss, theft, and unauthorized access:

What we will never do

If something goes wrong

If a privacy breach affecting information under our care occurs, we will notify the affected custodian(s) without undue delay and cooperate with any mandatory reporting to the relevant privacy authority (for example, under PIPEDA and BC PIPA).

Questions

Our privacy contact is Brett Poulincontact@coldstream.info.

Last reviewed 2026-07-04T00:00:00.000Z · Questions? contact@coldstream.info