Serviced in
  • Canada
  • USA
  • Europe

Our Commitment: Protecting Your Data

Protecting your healthcare data with high security standards

Health Data Security



Data plays a critical role in healthcare for measuring performance and is essential for continuous improvement. This is why it is important that it is kept in a safe place. At Petal, cybersecurity is of the utmost importance.

Data Ownership and Residency

The data used via Petal’s solutions remains the customer’s property. They are replicated and hosted in a location that meets your requirements.

Data Encryption

  • Encryption in transit using TLS 1.2 or higher
  • SSAE-16-certified hosting
  • Encryption at rest with minimum AES-256 encryption settings with TLS 1.2 connections (SHA-256 with RSA encryption)

Compliance With Privacy and Security Standards

We have several procedures in place that meet high standards and even exceed legal requirements in each jurisdiction in which we operate.


Canada's federal Personal Information Protection and Electronic Documents Act governs how private sector organizations collect, use and disclose personal information to ensure data confidentiality.



The General Data Protection Regulation increases protection for persons whose personal information has been processed as well as the accountability of those involved in this processing.


Access Control

Our customers can have full control and determine the type of permission and role assigned to users.

Personal Health Information

In order to protect personal health information, the Petal platform does not permit backup to local or personal device.

A Highly Secure Cloud Environment

We follow the healthcare industry’s best practices to meet security needs.


Microsoft Azure
In order to provide foolproof security, maximum privacy and the best protection against cybersecurity threats, the Petal platform is hosted on reputable Microsoft Azure cloud servers.

Microsoft Azure complies with the highest security standards as well as several international standards and certifications such as ISO/IEC 27001: 2013, ISO 27018, HDS, FedRAMP, SOC 1, 2 and 3, PCI DSS, and HIPAA.

Proven Security Measures

To counter potential vulnerabilities, we deploy the full force of our perfectionism. We maintain state-of-the-art security policies and controls. This covers internal processes such as IT management of applications, authentication and access to infrastructure.

External processes are also controlled, in particular the management of suppliers and subcontractors.

Our Measures

We have established a comprehensive incident management reporting process in the event of an outage or breach of privacy.

We perform rigorous external security audits on all our applications and infrastructure.

Petal undergoes third party audits to perform network scans in addition to self-assessments and rigorous testing.

We have an intrusion detection system installed on all our virtual machines in order to proactively detect the slightest vulnerability.