Infrastructure Security & Data Privacy

What This Means for You

Your conversations are private: When you ask Aiskyra a question, we don't save your clinical notes, patient details, or any health information outside of your secure conversation history.
Conversation history is secure: Your conversation history is stored in Google Cloud SQL servers located in Toronto, Canada with full healthcare compliance (BAA, HIPAA, PHIPA).
Canadian data stays in Canada: All your data (conversations, account info) stays on Canadian servers with strict privacy protections.
We follow the rules: The partners that handle your data have signed the proper legal agreements required for handling healthcare data.
Your data isn't sold: We don't sell your information to anyone, ever. This tool exists to help healthcare professionals, not to make money from your data.

Conversation History Storage: All conversation history is securely stored using Google Cloud SQL with servers hosted in Toronto, Canada.
Business Associate Agreement: Operating under a signed BAA (Business Associate Agreement) ensuring HIPAA and PHIPA compliance.
Secure Connections: All database connections use SSL/TLS encryption with Google Cloud Connector for secure communication.
Audit Logging: Comprehensive audit logging tracks all database access and modifications for security monitoring.
Encryption: Data encrypted both at rest and in transit using:
- At Rest: AES-256 encryption with Google Cloud KMS–backed keys
- In Transit: TLS 1.3 with perfect forward secrecy
- Key Management: Google Cloud KMS with envelope encryption
- Hardware Security: Keys protected by FIPS 140-2 Level 3 Hardware Security Modules (HSMs)
Regional Compliance: Canadian data residency with strict IAM controls and VPC isolation.
Security Documentation: Google Cloud Security | GCP HIPAA Compliance

End-to-end encryption for all user interactions ensures your data is protected from the moment it leaves your device until it reaches our secure servers.
All communications use TLS 1.3+ encryption protocols with perfect forward secrecy.
Client-side encryption keys are never stored on our servers, maintaining complete privacy of your interactions.

Conversation History: Your conversation history is securely stored in Google Cloud SQL hosted in Toronto, Canada with full BAA compliance.
No clinical notes or patient identifiers are saved in Aiskyra's systems outside of your secure conversation history.
Regional Data Residency: All data stored on Canadian-based secure servers (Google Cloud SQL Toronto, Supabase/AWS Canada).
Third-Party Security: OpenAI Security | OpenAI BAA Information

Anonymized Logging: Limited to what time a question is asked for quality assurance and platform improvements.
Privacy Protection: User activity is not sold or shared with third parties.
Platform Purpose: Created for professional education and support.
Data Limitation: Only anonymized usage metrics collected to inform tool refinement.

Google Cloud SQL Implementation: Conversation history is stored in Google Cloud databases specifically designed for healthcare data with all legal protections required by Canadian and US health privacy laws.
Canadian Data Residency: All conversation data stays in Canada (Toronto servers) to follow provincial privacy laws and PHIPA requirements.
Healthcare Compliance: Full BAA coverage ensures HIPAA and PHIPA compliance for all stored conversation data.

In Transit: TLS 1.2+ with SHA256 certificates (Supabase connections)
At Rest: AES-256 encryption via Supabase on AWS infrastructure for account profiles, residency flags, and other non-PHI data
BAAs in Place: All third-party vendors operate under signed Business Associate Agreements
Data Separation: Non-PHI data (Supabase) is completely separate from conversation history (Google Cloud SQL)

Security concerns can be reported to: hello@aiskyra.com
We take all security vulnerability reports seriously and respond promptly to verified issues