SMYLS complies with applicable legal and regulatory requirements as well as best practices. This includes SMYLS's compliance with all Canadian Privacy laws, GDPR, HIPAA, and Standard Codes of Practice across multiple health professions.

SMYLS never stores or processes credit card information, we are PCI compliant. Actually processing of credits cards completed by our third party credit processing partner, which are all PCI compliant.

We have a dedicated Security and Privacy Team that regularly reviews our policies, updates training and ensures that SMYLS is one of the top health companies to secure data.

At SMYLS, we implement regular security training. The training that we provide is developed by our very own Security and Privacy Team, which covers our information security policies, security best practices, and privacy principles.

SMYLS employees sign a confidentiality agreement upon hire. We also have a strict policy that we only access your account when you request assistance from us.

SMYLS maintains a Disaster Recovery Plan, which is regularly reviewed and updated by our Security and Privacy Team.

SMYLS maintains an incident response program that defines the conditions and procedures we have in place to assess any relevant vulnerabilities or security incidents and establishes remediation and mitigation actions for all events.

We follow the BC Privacy Commissioner's 4 Step Privacy Breach Response Protocol. The documentation can be found here: Privacy Breach Policy.