Security and confidentiality

Yes. GOrendezvous complies with Law 25 (Québec) as well as the Act Respecting the Protection of Personal Information in the Private Sector (ARPPIPS), PIPEDA (Canada), and PHIPA (Ontario).

With two founders from the IT sector, GOrendezvous has always taken a proactive approach to privacy and data protection since the company was founded in 2012. Our platform already met the requirements of Law 25 before it even came into force.

Our Privacy Policy and Terms of Use were drafted with the support of a team of specialized privacy and cybersecurity lawyers.

Yes — always.

All your data are hosted on Amazon Web Services (AWS) data centers located in Canada, and your data never leave Canadian territory.

AWS Canada complies with the highest international security standards and undergoes regular audits conducted by independent external firms.

Professional regulatory bodies generally do not endorse or certify external software providers directly. Therefore, there is no official certification issued by these organizations.

However, GOrendezvous works closely with its users and maintains ongoing dialogue with professional orders and associations to adapt the platform to the realities of each practice.

Our team also closely monitors evolving technological standards, legal requirements, and ethical considerations to continuously improve our security and privacy features.

Yes, your patients will be able to share files with you directly from their intake form, in a secure way. They will be virus-checked, then centralized in their client file.

Your colleagues will only have access to your files if you activate the necessary permissions. There are several levels of permissions, depending on your preferences.

No. Never.

GOrendezvous processes and stores data strictly for the purpose of delivering our services.

We:

• Do not sell any data to third parties
• Do not create advertising profiles from patient data
• Do not share information with commercial partners for marketing purposes

All clinical data benefit from the same high level of encryption and protection.

Mental health session notes are accessible only to the professional who created them. Sharing them with colleagues always requires explicit authorization from the practitioner.

GOrendezvous complies with the specific requirements of the Ordre des Psychologues du Québec (OPQ) regarding record management and destruction.

Yes.

External non-intrusive social engineering tests have been conducted with GOrendezvous employees to evaluate resistance to phishing attempts.

The results confirmed that:

• Email filtering systems effectively protect against common and advanced phishing attacks
• Google-recommended security best practices are properly implemented

This evaluation is conducted annually.

These tests are carried out by Cybersécurité 42 inc., led by Guy-Paul Dubois.

GOrendezvous relies on Amazon Web Services (AWS) Canada and Cloudflare, two global leaders in digital infrastructure security and availability.

• AWS is regularly audited by independent cybersecurity firms and agencies.
• Cloudflare continuously protects the platform from various types of cyberattacks and helps maintain service availability.

Yes.

The infrastructures supporting the platform undergo regular audits conducted by independent external firms, helping maintain a high level of security and reliability.

No.

Your textual or audio data are never used to train, improve, or fine-tune artificial intelligence models.

GOrendezvous AI operates in an isolated environment without persistent memory. Each AI process is intentional, temporary, and task-specific, and the data are not retained once the task is completed.

GOrendezvous has automated monitoring systems and alerts in place to detect suspicious activity.

Our data are replicated in real time on a secondary AWS server. In the event of an incident, AWS can fail over to a new server without service interruption.

In compliance with Law 25, any confidentiality incident is recorded in a breach register, and affected individuals are notified according to legal requirements.

Yes. A formal evaluation of GOrendezvous’ privacy policies and procedures was conducted by Me René W. Vergé, a lawyer specializing in cybersecurity and privacy protection.

The analysis concluded that GOrendezvous has implemented appropriate policies and procedures that comply with the requirements of PIPEDA and PHIPA.

Even after canceling your subscription, you retain free read-only access to your account.

You can export client files in PDF format at any time.

If you need to modify or complete a file, a temporary monthly reactivation will restore full editing access.

GOrendezvous continues hosting your data free of charge after cancellation.