Skip to main contentSkip to navigation
    Back to Trust

    Security Overview

    Medi-Aide is built for organizations that need defensible records of care. This document summarizes the technical and organizational controls in place across the platform.

    Last updated: May 2026

    Identity and access

    Each user is provisioned through their agency workspace. Access is gated by role — coordinators, caregivers, families, and administrators only see what their role allows. Sessions use industry-standard authentication.

    Workspace separation

    Each agency operates inside its own logical workspace. Data is isolated by tenant and never co-mingled across operators. Workspaces are provisioned during implementation rather than self-serve sign-up.

    Audit trails

    Every meaningful change to a care record is captured with who, what, and when. Audit logs are retained according to agency configuration and exported on request.

    Encryption

    Data in transit is protected using TLS. Data at rest is encrypted on the underlying managed infrastructure.

    Infrastructure

    Medi-Aide runs on enterprise-grade managed infrastructure with hardened defaults, automated backups, and segregated environments for production and non-production.

    Application hardening

    The web application enforces a strict Content Security Policy, HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and Cross-Origin-Opener / Resource-Policy headers. The framework header is suppressed.

    Vulnerability management

    Dependencies are tracked and updated on a defined cadence. Security-relevant findings are triaged with explicit severity and time-to-fix targets.

    Incident response

    Medi-Aide maintains a written incident response process covering detection, containment, eradication, recovery, and customer notification commitments aligned with applicable Canadian privacy law.

    Personnel and access reviews

    Internal access is granted on a least-privilege basis and reviewed periodically. Production access is restricted to authorized personnel.

    Reporting a vulnerability

    If you believe you have found a security issue, please contact security@medi-aide.ca with steps to reproduce. We will acknowledge receipt and work with you in good faith.

    Questions about this document? Contact trust@medi-aide.ca.