Orbis Assist Inc.
Book A Demo

Security & Compliance at Orbis Assist

At Orbis Assist, we understand that trust is the foundation of dental care. As an AI-powered partner to your clinic, we treat your patient data with the same level of care and confidentiality that you do.

This Security Policy outlines the technical, organizational, and physical safeguards we have implemented to protect Personal Health Information (PHI) and ensure compliance with the Personal Health Information Act (PHIA) of Manitoba, PHIPA (Ontario), and PIPEDA.

1. Data Residency & Sovereignty

We are proudly Canadian. We guarantee that your data is governed by Canadian privacy laws.

  • Canadian Storage: All persistent patient data, call recordings, and practice management workflows are stored exclusively in Canada (Montreal/Toronto regions).
  • No Cross-Border Replication: We do not replicate or back up your patient data to servers outside of Canada without your explicit consent.

2. Our Trusted Partners (Sub-processors)

To provide state-of-the-art AI services, we partner with industry-leading infrastructure providers. We maintain a transparent list of these partners, all of whom are vetted for security compliance (SOC 2 Type II, HIPAA) and data protection standards.

You can view our full list of approved sub-processors here: Orbis Assist Approved Sub-processors

3. Technical Safeguards

Infrastructure Security

Our platform is built on enterprise-grade cloud infrastructure utilizing industry-leading security standards.

  • Encryption in Transit: All data moving between your clinic, our AI agents, and our servers is encrypted using TLS 1.2+ (Transport Layer Security).
  • Encryption at Rest: All data stored in our databases and file systems is encrypted using AES-256 (Advanced Encryption Standard).
  • Vulnerability Management: We perform regular security scans and penetration testing to identify and remediate potential risks.

Access Control

We strictly limit who can access data based on the principle of “Least Privilege.”

  • Role-Based Access: Orbis Assist staff can only access system data necessary for their specific job function (e.g., technical support).
  • Multi-Factor Authentication (MFA): All administrative access to our production environment requires MFA.
  • Audit Logging: In compliance with PHIA, we maintain immutable audit logs that record the identity, date, time, and nature of all access to patient information.

4. AI Safety & Reliability

As an AI-first company, we implement specific guardrails to ensure our “AVA” receptionist operates safely and accurately.

  • Non-Clinical Role: Our AI is strictly trained to function as an administrative assistant. It is hard-coded with directives to never provide medical advice, diagnosis, or triage.
  • Escalation Protocols: The AI is programmed to detect keywords indicating medical emergencies (e.g., “uncontrolled bleeding,” “trauma”) and immediately route those calls to your designated on-call dentist or emergency line.
  • Training Data Privacy: We de-identify and aggregate data before using it to improve our models. Patient identifiers are removed to ensure our AI learns from patterns, not people.

5. Organizational Safeguards

Technology alone is not enough. We have built a culture of security within our team.

  • Confidentiality Agreements: Every employee and contractor at Orbis Assist signs a Pledge of Confidentiality adhering to PHIA standards before touching any code or data.
  • Privacy Training: All team members undergo mandatory privacy and security training upon hire and annually thereafter.
  • Vendor Risk Management: We rigorously vet all third-party sub-processors to ensure they meet our high standards for security and data residency.

6. Incident Response

We maintain a comprehensive Incident Response Plan to address potential security events rapidly.

  • Monitoring: Our systems are monitored 24/7 for suspicious activity.
  • Notification: In the unlikely event of a confirmed data breach affecting your clinic, we are committed to notifying you without unreasonable delay (no later than 48 hours after discovery) so you can fulfill your reporting obligations to your patients and regulators.

7. Contact Our Security Team

We value transparency. If you have questions about our security practices or need to report a potential vulnerability, please contact our Security Officer.

Email: support@orbisassist.co

Last Updated: January 26, 2026

Orbis Assist Inc. reserves the right to update this policy as our technology and regulatory landscape evolve. Significant changes will be communicated to our partner clinics.