How we think about your data.
Three decisions made early, two boundary lists we hold ourselves to, and one place to ask questions.
Three things we decided early.
Not retrofitted. Not bolted on. These shaped every line of TOSC from the first commit.
No third-party cloud AI for patient data
The AI behind our apps runs on infrastructure we control, hosted in Canada. We don't route patient data through OpenAI, Anthropic, Google, or any consumer AI provider. If we ever change where the AI runs, this principle stays the same: our control, Canadian residency, no consumer AI APIs in the path.
Clinical Expansion is transparent, flagged, and clinician-signed
When Performa fills gaps in your shorthand with standard-of-care clinical context — typical barriers, typical recovery trajectories, standard outcome measures for the stated diagnosis — every inferred field is visibly flagged so you review it with extra care. Specific numbers (ROM degrees, MMT grades, dates, session counts, patient-reported specifics) are never inferred. You remain the author of record. Your signature certifies the content.
Designed around PIPA-BC and PIPEDA
BC's Personal Information Protection Act is the strictest provincial privacy law for non-public-sector organisations. PIPEDA is the federal floor. Our apps and consulting practices were built around both — not retrofitted to them. Most Canadian healthcare-tech sites name PIPEDA but skip PIPA-BC. We name both because that's the actual law for BC clinics.
No patient data in our database
We don't run a database of patient records, treatment histories, or identifiers. There's nothing to breach because there's nothing stored.
What we won't do.
Short lists — that's the point. Scope stays narrow; what you don't pay for we simply don't build.
What we won't build
We're operational, strategy, and technology — for clinical practice, not for clinical care itself.
- —Clinical decision support (treatment recommendations, diagnostics)
- —EMR replacement
- —EMR integrations
- —Patient-facing apps
If these are what you need, we'll tell you and help you find the right partner.
What we won't do with data
Pretty short list. That's the point.
- —Send patient data to third-party cloud AI
- —Store patient records in our database
- —Sell, share, or market clinical data
- —Use clinic data to train models for other customers
If we can't say “no” to each of these in writing, we shouldn't be handling the data.
When we're on-site.
Setup Sprint, Ops Audit, Growth Partner, and Enterprise engagements sometimes mean we're physically in your clinic, watching how the work moves through.
Workflows, screens, processes, tools, the order in which things happen.
Patient data. If a workflow demo requires a real patient record, we ask you to use a placeholder or work from our example patients. If real PHI is incidentally visible, we don't write it down or photograph it.
What we follow — and what we don't claim.
Clear about what shapes our posture, clear about what we haven't audited. Both matter.
These shape how our apps and consulting practices handle data — not as a retrofit, but as the starting point.
We're not formally audited against these — and we'll say so plainly rather than imply otherwise. At our current scale, these aren't proportionate. We'll pursue them when scale or contracts make them material.
For questions about how we handle data.
We respond personally, usually within a business day. No ticket queue, no CRM auto-responder.