Security at Dilato

February 27, 2026

Security at Dilato

At Dilato, protecting health data is an integral part of our mission.

Our platform was designed specifically for healthcare professionals, with careful consideration of the high standards required for confidentiality, security, and patient trust.

Official Certification

Dilato has successfully completed the process leading to TGV certification by Santé Québec, confirming that the platform meets requirements for security, confidentiality, and data governance for digital tools used in clinical settings.

Regulatory compliance

Dilato is compliant, in the contexts where they apply, with the following regulatory frameworks:

  • HIPAA (United States)
  • PIPEDA (Canada)
  • Law 25 (Quebec)
  • GDPR (European Union)

Protection of health information

  • Health information is automatically deleted within 48 hours following processing.
  • By default, health information is hosted in Quebec, Canada.
  • Your data is never used to train AI models or sold to third parties.
  • Your clinical notes always remain your property, and you may delete them at any time.

Secure infrastructure

  • Dilato operates on a cloud infrastructure certified SOC 2 and ISO 27001, with rigorous physical and digital security measures.
  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Backups are created automatically every day and stored in an isolated environment for rapid recovery.
  • We promptly apply security patches and monitor our systems 24/7 to detect any unusual activity.

Strict internal access controls

  • Access to health data is restricted to a small number of lead developers and the privacy officer—in practice, we do not access it except in cases of absolute necessity.
  • All privileged roles require multi-factor authentication and are reviewed regularly.
  • All team members sign a confidentiality agreement and receive annual training on security and privacy protection.

You can rely on us to handle your information responsibly and transparently.

We invite users, staff members, and all stakeholders to contact us with any concerns, suggestions, or requests related to our security practices: info@dilato.app.