Privacy-first data handling and enterprise-grade security designed for clinical environments.
Privacy & data handling
AR is designed to support clinical workflows while respecting patient privacy and data governance requirements.
What data we process
AR processes only the data required to support diagnostic workflows, such as:
- Appointment identifiers
- Diagnostic measurements
- Reports and structured outputs
We do not collect consumer analytics or sell data.
How data is used
Data is used solely to:
- Match studies to appointments
- Generate diagnostic reports
- Return results to the EMR
- Maintain auditability
Data is never used for advertising or unrelated purposes.
Data ownership and retention
- Clinics retain ownership of their data
- AR acts as a processor, not a data owner
- Data retention aligns with clinical and regulatory requirements
Data is not retained beyond what is necessary for the service.
Third-party services
AR uses trusted infrastructure providers (such as cloud hosting and security services) strictly to operate the platform.
No data is shared for marketing or profiling.
Your rights and controls
Access to data is role-based and auditable.
Administrative controls allow clinics to manage users, access, and permissions.
Canadian privacy compliance
AR is designed to support compliance with Canadian privacy requirements, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial health privacy legislation.
Patient data is:
- Processed solely to support clinical diagnostic workflows
- Access-controlled and auditable
- Not sold, shared, or used for secondary purposes
Data handling practices align with Canadian healthcare privacy expectations. AR infrastructure can be deployed in Canadian cloud regions where required.
Security foundations
AR is designed with healthcare security principles from the start:
- Encryption in transit and at rest
- Role-based access controls
- Auditability of access and actions
- Least-privilege design throughout the system
Security is enforced at the platform level — not left to individual users.
Cloud architecture & hosting
AR is cloud-native and hosted on AWS.
- No local servers required
- Centralized updates and patching
- Scalable infrastructure designed for high-volume clinics and long-term archiving
- Secure browser-based access
This reduces on-site IT burden while maintaining enterprise-grade controls.
Access control & auditability
- User access is role-based and scoped
- All significant actions are logged
- No silent overwrites
- Complete audit trails support clinical, legal, and compliance review
Every change is attributable. Nothing disappears.
Integration philosophy
We integrate—we don’t isolate.
- Works alongside existing PACS and EMR systems
- Standards-based interfaces where appropriate
- Incremental adoption with no rip-and-replace
Your existing systems remain the systems of record.
Questions from IT or procurement?
Review AR’s privacy and security architecture with our team.