Canner for Healthcare.
Patient data belongs in Canada. So do the tools your clinic builds to manage it.
Canner hosts intake forms, patient portals, and internal clinic tools on Canadian-owned infrastructure in Quebec — health information stays under Canadian and provincial privacy law.
Health information is the most sensitive personal data there is, and the most regulated — covered by PIPEDA, Quebec’s Law 25, and provincial health-privacy statutes. Clinics and allied-health practices increasingly want their own small tools: patient intake, booking, follow-up reminders, an AI scribe. Building them is now easy; hosting them safely is the question. A US-hosted app puts patient data within reach of the CLOUD Act. Canner keeps it in Montreal, on Canadian-owned infrastructure.
The most regulated data there is
Patient information is subject to provincial health-privacy law on top of PIPEDA and Law 25. Cross-border exposure isn’t a paperwork detail — it’s a serious liability.
SaaS sprawl and shadow IT
Staff adopt US tools to fill gaps in the EMR. Each one is a new data-residency question, and few clinics have the bandwidth to vet them all.
Clinics aren’t software shops
Small teams, no DevOps. They need somewhere to host a tool that’s simple to use and safe by default — not a cloud console with a hundred switches.
Patient intake & booking
Deploy a secure intake form or booking tool that writes to a Postgres database hosted in Montreal, served over HTTPS with automatic TLS.
Internal clinic dashboards
Scheduling, inventory, reporting, referral tracking — build them as small apps behind a private URL or a custom domain your staff use.
AI scribe & triage helpers
Host an AI helper with your LLM API key kept server-side, so patient text is processed by your Canadian server rather than an unvetted US SaaS.
Canner is 100% Canadian-owned and hosts solely in Montreal, Quebec — not subject to the US CLOUD Act. That gives you a clean data-residency story for PIPEDA, Law 25, and provincial health-privacy requirements. A signed Data Processing Agreement and a data-residency attestation are available for your privacy file (included with the Sovereignty & Enterprise SLA add-on). You remain the custodian responsible for your application’s own privacy controls; Canner provides the Canadian foundation it runs on.
Is patient data kept in Canada?
Yes. Compute and managed Postgres both run in Montreal, and Canner has no US affiliate — so there is no CLOUD Act exposure.
Can we sign a DPA?
Yes — a DPA and a data-residency attestation are available on their own, and included with the Sovereignty & Enterprise SLA add-on.
Who is responsible for app-level compliance?
You are, as the custodian of the data. Canner provides Canadian-owned, Quebec-hosted infrastructure and the paperwork to evidence residency; how your app handles consent and access is yours to design.
Do we need developers?
Not necessarily. Simple tools can be deployed by drag-and-drop; developers get GitHub push-to-deploy and a CLI. Either way it goes live over HTTPS in Montreal.
Build without the sovereignty headache.
Tell us about your use case and we’ll help you scope it — from a single internal tool to a firm-wide rollout. For detailed or regulated projects, this reaches our team directly.