Security & Data — Fluid Medical


Data Sovereignty

Your data. Your rules.

We designed Oria’s infrastructure around one constraint: your health data should be mathematically impossible for us to misuse — not just contractually prohibited.

Core commitments

Five things we will never do.

These are not aspirational. They are baked into the architecture, not just the terms of service.

No data selling

We do not sell, lease, or syndicate your health data to any third party — not insurers, not pharma companies, not data brokers. This is a hard architectural constraint, not a policy that can be reversed by a terms update.

No third-party access

No analytics platform, advertising network, or external service receives access to your individual health records. Aggregate, anonymised research insights — only ever with explicit opt-out consent, and only in fully de-identified form.

No inference without consent

Oria AI generates insights about your data for your benefit only. We do not build external-facing models trained on individual user data. Your records are not used to improve AI systems without your explicit permission.

No unencrypted storage

All health records are encrypted at rest using AES-256 with per-user key derivation. Even our own infrastructure team cannot read your records. Encryption keys are derived from your credentials — we do not hold a master key.

Regional data residency

Your data is stored in the jurisdiction where you are. Canadian users: hosted in Canada under PIPEDA. UAE users: hosted in the UAE under MOHAP and Federal Law No. 2 of 2019. US users: hosted in US infrastructure under HIPAA and applicable state law. We do not move your data across borders for our convenience.

Full portability on exit

You can export your complete health record at any time in standard formats (HL7 FHIR, CSV, PDF). Deleting your account triggers permanent, verified deletion within 30 days — not archiving.

Technical architecture

Security by design.

The architecture is layered so that a breach at any single layer cannot expose readable health data. Here is how it works.

01
Client-side encryption
Health data is encrypted on your device before transmission. The server receives ciphertext only — never plaintext biomarker readings or health records.
AES-256-GCM

02
Per-user key derivation
Encryption keys are derived from your credentials using PBKDF2. No centralised key store exists. Fluid Medical staff cannot decrypt your records even with direct database access.
PBKDF2 / HKDF

03
Permission-gated sharing
Sharing with a clinician, carer, or organisation requires an active permission grant from you. Revocation takes effect immediately — access tokens expire with zero grace period.
OAuth 2.0 / FHIR

04
Regional sovereign hosting
Data is stored in the jurisdiction where you are. Canadian users: infrastructure in British Columbia. UAE users: in-country UAE infrastructure under MOHAP. US users: US infrastructure under HIPAA. We do not move data across borders for operational convenience.
Canada · UAE · US

Compliance by jurisdiction

Fluid Scientific Development Limited is incorporated in British Columbia. We meet the strictest applicable privacy standard in every market we serve — we do not structure our operations to take advantage of looser foreign jurisdictions.

  • Canada: PIPEDA (federal) and British Columbia’s PIPA — primary jurisdiction
  • United States: HIPAA technical safeguard standards + applicable state law (CCPA, etc.)
  • UAE: Federal Law No. 2 of 2019 and MOHAP data residency requirements

Under PIPEDA, individuals have the right to know what personal information we hold, to correct it, and to withdraw consent for its use. These rights are implemented as self-service functions in the Oria app — no support ticket required.

  • Data access requests processed within 30 days
  • Correction requests processed within 7 business days
  • Consent withdrawal is immediate and irrevocable
Jurisdiction note

We are not incorporated in the US and are not subject to CLOUD Act data requests from foreign governments for data outside US infrastructure. Legitimate law enforcement access requires a court order from the relevant jurisdiction.

HIPAA alignment

While Fluid Medical operates under Canadian law rather than US HIPAA, we design to HIPAA technical safeguard standards for all storage and transmission of health information. This means our architecture satisfies HIPAA’s requirements, even where we are not legally obligated to follow them.

For enterprise clients operating in the US healthcare system, we can execute Business Associate Agreements and provide HIPAA-aligned infrastructure documentation on request.

  • Encryption at rest and in transit meets HIPAA technical standards
  • Audit logging on all PHI access events
  • BAAs available for enterprise clients on request

Data retention

We retain your health data for as long as your account is active. If you delete your account, a 7-day recovery window remains before permanent deletion begins. Permanent deletion is verified and confirmed by a system audit log entry — we do not “archive” deleted accounts.

You can delete individual records, specific strips, or your full history at any time without deleting your account. Deletion of individual records is immediate and permanent.

  • Account deletion: 7-day recovery window, then permanent deletion within 30 days
  • Individual records: immediate and permanent
  • Backup copies deleted within the same 30-day window

Breach response

In the event of a confirmed data breach, we notify affected users within 72 hours of confirmed discovery — the same standard required by GDPR, and stricter than PIPEDA’s “as soon as feasible” requirement. Notification includes: what data was accessed, how, the likely impact, and what we are doing to remediate.

Why this matters architecturally

Because health records are encrypted client-side with per-user keys, a breach of our servers yields only ciphertext. An attacker with full database access cannot read a single health record without the corresponding credential-derived key.

AI & your data

Oria’s AI features run on your data, for your benefit. We do not train shared AI models on individual health records without explicit, informed, and separately obtained consent.

When you use Ask Oria or receive DailySignal pattern insights, the AI processes your data in an isolated inference context. Your records are not added to a shared training corpus by default.

  • AI inference is always displayed as insights, not medical advice
  • No model training on individual records without explicit opt-in
  • Research contributions: anonymous, aggregated, and separately consented

Organisational data

For employers, long-term care homes, and clinical teams using Fluid Medical’s enterprise platform: individual health records remain under individual user sovereignty even within an organisational deployment. Organisations see aggregate, de-identified population analytics — not individual records — unless an individual explicitly shares their data.

We will not provide your employer or insurer access to your individual records under any circumstances. Organisational contracts explicitly prohibit any attempt to compel individual record access.

Regulatory alignment

Standards we design to.

PIPEDA
Canadian federal law — primary jurisdiction
HIPAA
US health privacy — technical standards met
BC PIPA
British Columbia provincial privacy act
UAE Federal Law No. 2 / MOHAP
UAE in-country data residency
SOC 2 Type II
In preparation — target 2026

End-to-end encrypted
Permission-based sharing only
Never sold to advertisers or insurers
UAE MOHAP & regional data residency
Read the full policy above



Scroll to Top