Heidi complies with PIPEDA as well as all relevant provincial privacy legislation across Canada. These standards define how private sector organizations collect, use, and disclose personal information in the course of commercial business in Canada.

Try Heidi - it’s free
Heidi Compliance Hero Image

Secure your customers' health data

White dots

We have designated an officer responsible for ensuring our compliance with PIPEDA standards. Our policies and practices are designed to protect personal information, and our staff is trained to understand and implement these measures.

Identifying Purposes

Before or at the time of collection, we clearly identify the reasons for collecting personal information. We ensure that these purposes are specified at or before the time of collection to the individual from whom the personal information is collected.


Your knowledge and consent are essential for the collection, use, or disclosure of your personal information, except where inappropriate. We make sure you understand what you are consenting to by providing clear, understandable explanations.

Limiting Collection

The collection of personal information is limited to that which is necessary for the purposes identified by us. We collect information by fair and lawful means.

Limiting Use, Disclosure, and Retention

Personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Information is retained only as long as necessary for the fulfillment of those purposes.


Personal information is maintained as accurately, completely, and up-to-date as is necessary for the purposes for which it is to be used.


We protect personal information with security safeguards appropriate to the sensitivity of the information.


Our Privacy Policy and practices are transparent and readily available to individuals.

Individual Access

Upon request, an individual is informed of the existence, use, and disclosure of their personal information and is given access to that information. Individuals are able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Challenging Compliance

Individuals can question our compliance with the above principles. We have procedures in place to receive and respond to complaints or inquiries about our policies and practices relating to the handling of personal information at

Locally hosted data

We prioritise data sovereignty by ensuring all our data is locally hosted within Canada. This practice enhances data security and speeds, while also ensuring compliance with Canada data protection regulations.