How we handle the imaging, reports, prescriptions, and clinical notes you share with us. This page is the technical companion to our Privacy Policy — written for patients who want the operational detail.
This document is currently a working draft pending external legal review. Where wording is provisional, that's noted inline. If anything here materially affects a decision you're about to make, email hello@gaurikhealth.com and we'll answer in writing.
The typical records we receive are: imaging (X-rays, MRIs, CT scans — usually as DICOM files or PDFs), specialist reports, surgical history summaries, current medication lists, recent lab results, and copies of referral letters or insurance pre-authorisations.
You upload records through a private secure-link the care coordinator emails you after case intake. The link is signed (single-use, expires in 7 days) and tied to your specific case file. We never accept records via plain email — if you reply to an inquiry with an attachment, we delete the attachment unread and ask you to use the secure link.
In transit: every upload uses HTTPS with TLS 1.3. Direct uploads to our Storage layer use signed POST URLs so the file content never traverses our application servers.
At rest: stored in Supabase Storage with AES-256 encryption. Sensitive fields in the database (notes, imaging metadata) use additional column- level encryption with keys held in a separate vault. Encryption keys are rotated on a defined schedule.
All medical-record storage is in Canada — Supabase's ca-central-1 (Toronto) region. We selected this region specifically to align with Ontario's PHIPA framework and to keep your data inside Canadian jurisdiction by default.
Records do not leave Canadian storage unless you explicitly consent — for example, when you proceed to a partner-hospital booking and we transmit records to the surgeon for pre-operative review. Each external transmission is logged in an append-only audit log with timestamps and recipient.
Internal access is limited to authorized Gaurik staff and admins via role-gated authentication. Database row-level security ensures that even with elevated credentials, staff can only read records associated with cases they're assigned to (or, for admins, all cases). Every access is logged to an append-only audit table; the database trigger prevents edits to that log.
External access — partner hospital surgeons and clinical teams — happens only with your explicit consent, captured in writing with date and purpose. You can revoke external-access consent at any time; we will ask the receiving party to delete records on our request, though we cannot guarantee deletion outside our systems.
We maintain a tamper-evident audit log of every read, modify, or share event involving your records. Database triggers prevent the log from being modified or deleted after a row is inserted. You can request a copy of your audit log at any time by emailing hello@gaurikhealth.com.
Active patient records are retained for 10 years from your last contact — matching medical-records retention norms in Canada and most Western jurisdictions. Lead inquiries we never act on are purged after 24 months.
On your request, we delete records earlier. Hard-deletion happens within 30 days; backup copies are purged in the next backup-rotation cycle (typically 90 days). Anonymized aggregate statistics (e.g. number of inquiries received in a quarter) may remain in our internal records but contain no personally-identifying information.