Security at Dilato

August 8, 2025

Security at Dilato

At Dilato, protecting your data is part of our mission. Our platform was built specifically for healthcare professionals, and we understand how essential it is to keep your clinical information—and your patients’ trust—safe at every step.

This page explains how we secure your data, from encryption and access control to how we design our systems with privacy in mind.

Protecting health information

  • Clinical notes are stored on your device and automatically wiped when you log out.
  • If you use AI features, any health information sent to our servers is deleted right after processing (or within 48 hours in rare edge-case workflows).
  • We host protected health information (PHI) by default in Quebec, Canada.
  • Your data is never used for AI training or sold to third parties.
  • Your clinical notes always belong to you, and you can delete them at any time.

Secure infrastructure

  • Dilato runs on cloud infrastructure certified to SOC 2 and ISO 27001 standards, with stringent physical and digital safeguards.
  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Backups are created automatically every day and stored in an isolated environment for rapid recovery.
  • We apply security patches promptly and monitor our systems 24 / 7 for unusual activity.

Strong internal access control

  • Access to health data restricted to only a few senior engineers and the privacy officer—but in practice, we never access PHI except in case of absolute necessity.
  • All privileged roles require multi-factor authentication and are reviewed regularly.
  • Every access attempt is logged, retained for six years, and automatically monitored for anomalies.
  • All team members sign confidentiality agreements and receive annual security-and-privacy training.

Compliance & trust

  • Dilato is fully HIPAA, PIPEDA, and Law 25 compliant.
  • We have committed to the Bureau de Certification of Santé Québec and will soon undergo the TGV certification audit.

You can count on us to handle your information responsibly and transparently.

We encourage users, staff members, and other stakeholders to reach out to us with any concerns, suggestions, or requests related to our security practices: info@dilato.app.