Security at Dilato

At Dilato, protecting your data is part of our mission. Our platform was built specifically for healthcare professionals, and we understand how essential it is to keep your clinical information—and your patients’ trust—safe at every step.

This page explains how we secure your data, from encryption and access control to how we design our systems with privacy in mind.

Protecting health information

Clinical notes are stored on your device and are automatically wiped when you log out.
If you use AI features, PHI sent to our systems is deleted immediately after processing, except in rare situations where our policy requires PHI to be deleted within 48 hours.
We are committed to host PHI by default in Canada (Montreal), unless you choose another available region.
Your data is never used for AI training, and we never sell it to third parties.
Your clinical notes always belong to you, and you can delete them at any time.

Secure infrastructure

Dilato runs on secure cloud infrastructure that meets SOC 2 and ISO 27001 standards, with strong physical and digital safeguards.
All PHI data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).
Your data is backed up automatically every day and stored in an isolated environment for safety and recovery.
We regularly scan for vulnerabilities and ship security updates to keep the app safe.

Strong internal access control

Only a small number of authorized senior team members have access to clinical data, and only when strictly necessary (e.g., for troubleshooting).
We require multi-factor authentication on all critical internal systems that support it, and we assess vendor security before integrating any service.
Every Dilato team member signs a confidentiality agreement upon joining.

You can count on us to handle your information responsibly and transparently.

We encourage users, employees, and other stakeholders to reach out to us with any concerns, suggestions, or requests related to our security practices: info@dilato.app.