Partner Login

Privacy Policy

Health Core Security

Last Updated: August 6, 2025

1. Introduction

Health Core Security Inc. (“Health Core Security”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, www.healthcoresecurity.ca (the “Site”), and use our cybersecurity services (the “Services”).

2. Our Role as a Service Provider

It is crucial to understand our role in handling information:

  • For our Website: We act as a “data controller” for the personal information we collect from you when you visit our Site (e.g., when you fill out a contact form).
  • For our Clients (Healthcare Providers): When we provide our Services, we act as a “service provider,” “information manager,” or “agent” on behalf of our clients. Our clients are the Health Information Custodians (HICs) who control the Personal Health Information (PHI) and other data within their environments. Our collection, processing, and access to any data within a client’s environment, including PHI, is strictly governed by the Service Agreement and Business Associate Agreement (BAA) executed between us and our client.


This policy does not govern our clients’ privacy practices. The protection of PHI is ultimately the responsibility of the HIC, in accordance with their own privacy policies and their obligations under legislation such as Ontario’s Personal Health Information Protection Act (PHIPA).

3. Information We Collect

We collect information in two primary ways:

A. Information You Provide to Us: We collect personal information you provide directly when you register for our Services, request information, or contact us. This includes:

  • Contact Information: Your name, email address, phone number.
  • Professional Information: The name of your practice or clinic.
  • Payment Information: Credit card and billing information, processed securely by our third-party payment processor (Stripe).

B. Information We Process on Behalf of Our Clients (Service Data): To provide our Services, we deploy and manage advanced security technologies that collect operational and security telemetry from your IT environment. This data is essential for threat detection, investigation, and response. This includes:

  • Endpoint & Server Telemetry (via CrowdStrike Falcon): To provide our advanced Endpoint Detection and Response (EDR/XDR) capabilities, the sensor installed on your devices collects a comprehensive set of data, including process data, network connection details, user activity data, and file modifications. This deep visibility allows us to detect the subtle indicators of an attack.
  • Log & Observability Data (via Cribl): To provide security monitoring and compliance reporting, our platform ingests and processes log data from across your environment (e.g., firewalls, cloud services, applications). Our platform is configured to process this data for analysis and long-term storage, and can be configured to redact or mask sensitive PHI from logs to enhance privacy.

4. How We Use Information

  • To Provide, Maintain, and Improve our Services: We use Service Data exclusively to deliver the security outcomes you have contracted us for.
  • To Fulfill Contractual Obligations: To set up your account, process payments, and manage your subscription.
  • To Communicate With You: To respond to your inquiries and provide support.
  • For Security and Compliance: To protect against fraud and to generate compliance reports as part of our Service.

5. Disclosure of Information

We do not sell or rent your personal information. We may share information with:

  • Technology Partners & Sub-Processors: We share Service Data with our core technology partners (Vijilan, CrowdStrike, Cribl) as necessary to provide the Services. These partners are bound by strict confidentiality and security obligations.
  • Service Providers: We may share information with third-party vendors who perform services for us, such as payment processing (Stripe) and cloud hosting (Amazon Web Services).
  • Legal Compliance: We may disclose information if required to do so by law.

6. Data Security, Residency, and Certifications

  • Technical Safeguards: Our platform is architected with robust security controls. All data is encrypted in transit and at rest.
  • Infrastructure: Our services are hosted on secure Amazon Web Services (AWS) infrastructure located exclusively within Canada. This ensures your data, including any PHI, remains within Canadian borders.
  • Certifications: Health Core Security’s operations and controls are SOC 2 Type 2 and ISO 27001 certified.

7. Your Rights Under PIPEDA

As a Canadian company, we adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, or withdraw consent for the collection of your personal information (subject to legal or contractual restrictions). To exercise these rights, please contact our Privacy Officer at privacy@healthcoresecurity.ca.

8. Contact Information

Health Core Security Inc. 303-330 HWY 7 East, Richmond Hill, ON L4B-3P8 (905) 882-1006