> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# PIPEDA

> Learn about achieving PIPEDA compliance on Aptible

<Check>
  <Tooltip tip="This compliance framework's infrastructure controls/requirements are automatically satisfied when you deploy to a Dedicated Stack. See details below for more information.">Compliance-Ready</Tooltip>
</Check>

# Overview

Aptible’s platform is designed to help businesses meet strict data privacy and security requirements. With a strong background in serving security-focused industries, Aptible offers essential infrastructure security controls that align with PIPEDA requirements.

# Achieving PIPEDA on Aptible

<Steps>
  <Step title="Provision a Dedicated Stack to run your resources">
    Dedicated Stacks live on isolated infrastructure and are designed to support deploying resources with higher requirements like PIPEDA. As part of the shared responsibility model, Aptible automates and enforces the necessary infrastructure security and compliance controls to help customers meet PIPEDA compliance.
  </Step>

  <Step title="Review Aptible’s PIPEDA compliance resources">
    Aptible provides PIPEDA compliance resources, available upon request through [trust.aptible.com](https://trust.aptible.com). These resources outline how Aptible aligns with PIPEDA requirements, simplifying your path to compliance by inheriting many of Aptible’s pre-established controls.
  </Step>

  <Step title="Perform a PIPEDA Assessment">
    While Aptible's platform aligns with the requirements of PIPEDA, it is the **client's responsibility** to perform an assessment and ensure that the requirements are fully met based on Aptible's [devision of responsibilies](https://www.aptible.com/docs/core-concepts/architecture/reliability-division). You can conduct your **PIPEDA Self-Assessment** using the official tool provided by the Office of the Privacy Commissioner of Canada, available [here](https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-compliance-and-training-tools/pipeda_sa_tool_200807/).
  </Step>

  <Step title="Request PIPEDA Compliance Assistance">
    Aptible supports your journey toward achieving **PIPEDA compliance**. While clients must conduct their self-assessment, Aptible ensures that critical security controls—such as access management, encryption, and secure storage—are actively enforced. Additionally, the platform can streamline the documentation collection process for your compliance program.
  </Step>

  <Step title="How to request PIPEDA Assistance from Aptible">
    To get started with PIPEDA compliance or prepare for an audit, reach out to Aptible’s support team. They’ll provide guidance on ensuring all infrastructure controls meet PIPEDA requirements and assist with necessary documentation.
  </Step>

  <Step title="Show off your compliance" icon="party-horn">
    Leverage the **Security & Compliance Dashboard** to demonstrate your PIPEDA compliance to clients and partners. Once compliant, you can display the "Secured by Aptible" badge to showcase your commitment to protecting personal information and adhering to PIPEDA standards.

    <Frame>
      <img src="https://mintcdn.com/aptible/RWSo_H5DBAoWcXSD/images/secured_by_aptible_pipeda.png?fit=max&auto=format&n=RWSo_H5DBAoWcXSD&q=85&s=7328a75942b6e94548305552f5cab655" alt="" width="344" height="104" data-path="images/secured_by_aptible_pipeda.png" />
    </Frame>
  </Step>
</Steps>

***

# FAQ

<AccordionGroup>
  <Accordion title="What is the relationship between PHIPA and PIPEDA?">
    The collection, use, and disclosure of personal information within the commercial sector is regulated by PIPEDA, which was enacted to manage these activities within private sector organizations. PIPEDA does not apply to personal information in provinces and territories that have “substantially similar” privacy legislation. The federal government has deemed PHIPA to be “substantially similar” to PIPEDA, exempting custodians and their agents from PIPEDA’s provisions when they collect, use, and disclose personal health information within Ontario. PIPEDA continues to apply to all commercial activities relating to the exchange of personal health information between provinces or internationally.
  </Accordion>

  <Accordion title="Does Aptible also adhere to PHIPA?">
    Aptible has been assessed towards PIPEDA compliance but not specifically towards PHIPA. While our technology stack meets the requirements common to both PIPEDA and PHIPA, it remains the client's responsibility to perform their own assessment to ensure full compliance with PHIPA when managing personal health information within Ontario.
  </Accordion>
</AccordionGroup>