Our Commitment: Protecting Your Data

Petal empowers healthcare organizations with a data-driven cloud platform designed to orchestrate all care delivery workflows in real-time. As such, Petal places the utmost importance on data security.

Data used through Petal solutions remains the client’s property and is hosted in Canada.

• In transit using TLS 1.2 or better;
• At rest using AES 256 or better;
• SSAE-16 certified hosting.

Petal's policies and procedures are based on cybersecurity and privacy best practices, including compliance with PIPEDA and GDPR. We officially started the process of getting SOC2 certified.

Petal customers have full control and can determine the type of permissions and roles assigned to users.

To increase data protection, the Petal platform limits the ability to save personal health information on local or personal devices.

In order to offer the highest level of security and confidentiality, the Petal platform is hosted on the renowned Microsoft Azure cloud servers.

Microsoft Azure complies with the highest security standards as well as several international standards and certifications such as ISO/IEC 27001: 2013, ISO 27018, HDS, FedRAMP, SOC 1, 2 and 3, PCI DSS, HIPAA.

Petal works continuously to prevent, detect and respond to cyber-attacks and incidents beyond its control.

Petal's security policies and practices are based on the industry’s best standards, such as ISO 27001, NIST and OWASP for application security.

Petal has established a comprehensive incident management reporting process in the event of an incident, outage or privacy breach.