HIPAA & PIPEDA Compliance

🏥HIPAA Compliance (United States)

Our Commitment

Syntac is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

What We Do

  • Data Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access ensures only authorized personnel can view PHI
  • Audit Logging: All access to PHI is logged and monitored
  • Secure Infrastructure: Hosted on SOC 2 Type II compliant infrastructure
  • Business Associate Agreement: We will sign a BAA with covered entities upon request

Important Note

If you are a covered entity under HIPAA and require a Business Associate Agreement (BAA), please contact us at compliance@syntac.org.

🍁PIPEDA Compliance (Canada)

Our Commitment

Syntac complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation for Canadian users.

PIPEDA Principles We Follow

  • Accountability: We are responsible for personal information under our control
  • Consent: We obtain meaningful consent for collection, use, and disclosure of personal information
  • Limiting Collection: We only collect information necessary for stated purposes
  • Safeguards: Personal information is protected by appropriate security safeguards
  • Access: Individuals can request access to their personal information

🔒Data Storage & Security

Where Data is Stored

All data is stored on servers located in the United States (Supabase infrastructure). Canadian users should be aware that their data is subject to US jurisdiction.

Data Retention

We retain data for as long as your account is active. Upon account deletion, data is permanently removed within 30 days.

📋Your Rights

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Export: Export your data in a machine-readable format
  • Complaint: File a complaint with the relevant privacy authority

⚠️If You're Unsure

Privacy and compliance regulations can be complex. If you're unsure about how these regulations apply to your specific situation, we recommend:

  • • Consulting with a healthcare compliance attorney or consultant
  • • Reviewing your professional regulatory body's guidelines
  • • Contacting us directly with specific questions

We're here to help. Email us at compliance@syntac.org

Contact

For compliance-related questions or to request a BAA, contact us at compliance@syntac.org

Last updated: November 2024