Trust Centre

Security. Privacy. Reliability.

Compliance Health places security, privacy, and Canadian data residency at the heart of everything we do. Explore the safeguards that protect your organization and your learners.

Highlights

  • Customer data is stored and processed in Canada by default, with platform backups and recovery copies kept in Canada unless a customer-approved exception applies.
  • Encryption in transit and at rest, RBAC and MFA for privileged access, upload validation and scanning, security-relevant logging, and monitoring.
  • AI-assisted workflows use auditable checkpoints, with human review before final compliance outcomes for consequential workflows.

Data residency

Customer Data is stored and processed in Canada by default. Platform storage, backups, and recovery copies remain Canada-hosted unless a customer-approved exception is documented, with encryption and contractual safeguards for any approved transfer.

Encryption

Core platform Customer Data stores are encrypted at rest using AES-256 or AWS KMS-backed provider encryption controls.

  • Encryption in transit: All data transfers between your browser and our servers are protected using industry-standard protocols.
  • Encryption at rest: Data stored in our systems utilize industry-standard provider-backed encryption controls.
  • Key management: Encryption keys are securely managed with managed provider key-management controls. Customer-specific key posture can be documented where applicable.

Human-in-the-loop

Compliance Health's AI-assisted workflows are governed rather than autonomous for consequential actions. AI outputs are advisory until accepted by configured workflow rules or a human reviewer, and low-confidence, ambiguous, exception, or customer-defined escalation paths route to human review. Audit logs track the steps taken and who approved what.

ISO/IEC 42001 roadmap

We align AI management practices to ISO/IEC 42001 controls and plan to pursue formal certification once sufficient operating evidence is available. We do not claim current certification; our controls catalog and roadmap support responsible AI governance today.

Status

Current state

Controls alignment

Certification status

Not currently certified

Security overview

Compliance Health's current security controls include:

  • Uploads are validated and scanned before processing, with manual review workflows for exceptions.
  • Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) protect administrative access.
  • Security-relevant application and administrative events are logged and monitored.

Evidence retention

Verified student evidence is preserved for the applicable customer contract term unless the institution instructs otherwise. Temporary processing files and abandoned, duplicate, superseded, corrupt, or incomplete uploads may be cleaned up under controlled workflows.

Policies & documentation

For detailed information about our policies and practices:

Contact us

For any questions related to security, privacy, or compliance:

Security: security@compliancehealth.com

Privacy: privacy@compliancehealth.com

For AI agents and technical evaluators

We publish a dedicated agent-discovery hub with machine-readable references for CARE Rails, trust posture, and canonical sources.

Trust by design

Built for regulated care teams

Compliance Health is designed for high-trust environments: Canadian residency, accountable automation, and clear evidence trails.

Visit Trust Centre

Canada-hosted

Customer data stored and processed in Canada (AWS ca-central-1).

Human oversight

Human-in-the-loop review with auditable checkpoints for each decision.

Audit-ready evidence

Evidence trails and logs designed for inspections and internal governance.

ISO/IEC 42001 roadmap

AI management controls in place; certification roadmap in progress.