Our Commitment: Protecting Your Data

Protecting your healthcare data with high security standards
Health Data Security



Petal empowers healthcare organizations with a data-driven cloud platform designed to orchestrate all care delivery workflows in real-time. As such, Petal places the utmost importance on data security.

Data Ownership and Residency

Data used through Petal solutions remains the client’s property and is hosted in Canada.

Data Encryption

  • In transit using TLS 1.2 or better;
  • At rest using AES 256 or better;
  • SSAE-16 certified hosting.

Compliance With Privacy and Security Standards

Petal's policies and procedures are based on cybersecurity and privacy best practices, including compliance with PIPEDA and GDPR. We officially started the process of getting SOC2 certified.


Canada's federal Personal Information Protection and Electronic Documents Act governs how private sector organizations collect, use and disclose personal information to ensure data confidentiality.



The General Data Protection Regulation increases protection for persons whose personal information has been processed as well as the accountability of those involved in this processing.


Platform Access Management

Petal customers have full control and can determine the type of permissions and roles assigned to users.

Personal Health Information

To increase data protection, the Petal platform limits the ability to save personal health information on local or personal devices.

A Highly Secure Cloud Environment

In order to offer the highest level of security and confidentiality, the Petal platform is hosted on the renowned Microsoft Azure cloud servers.

Microsoft Azure complies with the highest security standards as well as several international standards and certifications such as ISO/IEC 27001: 2013, ISO 27018, HDS, FedRAMP, SOC 1, 2 and 3, PCI DSS, HIPAA.

Proven Security Measures

Petal works continuously to prevent, detect and respond to cyber-attacks and incidents beyond its control.

Petal's security policies and practices are based on the industry’s best standards, such as ISO 27001, NIST and OWASP for application security.

Incident Management

Petal has established a comprehensive incident management reporting process in the event of an incident, outage or privacy breach.