Security

We make your practice secure and compliant with provincial and federal regulations. Colib's security features protect your data at every level and meet your PHIPA, PIPEDA, LPRPSP, HIA, PIPA and La loi 25 (Québec) requirements. We take all the necessary steps to ensure your practice data is always safe and secure.

Security is a top priority for Colib

lock
Data Access

Administrators and practitioners each access Colib using their own account secured by a username and password. If an account has multiple users, administrators can control access permissions for each user, which includes control of accessing patient charts & schedule records and modification/read only rights.

router
IP Access Control

You may restrict user login from a specific IP address - for example, only from your clinic, or other approved IP addresses if remote work is required.

manage_search
Access Logs

Every time a practitioner views customer data, a record is created. You can access these records at any time in your secure area. These records include additional details such as the IP address and browser used for enhanced security.

backup
Data Loss Protection

With Colib, your data is backed up every day on our servers, so you never need to worry about losing practice data. There's no need for finicky backup hard-drives or difficult recoveries.

enhanced_encryption
Data Encryption

Colib Data is encrypted using 256 bit encryption when sent between your device and our servers (in the same way as your banking information would be). Furthermore, our data and files are encrypted at Rest in our databases located exclusively in Canada.

verified_user
Multi Factor Authentication

Colib empowers both practitioners and clients with the added security of Two-Factor Authentication (2FA), ensuring safer and more secure access to the platform.

school
Annual Employee Training

We conduct annual training sessions for all company employees. During these sessions, we communicate to our staff our clear procedures in place to handle and report any suspicious activity to our Chief Privacy Officer.

shield
No Payment Information Stored

No credit card data is stored onto our platform. When you enter credit card information into our platform, Colib creates and keeps a token that can be used to reference that information. But the actual sensitive information is sent to and stored within our payment partner Stripe, which holds the highest security certification in the industry.

bug_report
Regular Penetration Testing

We regularly commission independent, third-party penetration tests to proactively identify and address potential vulnerabilities. These assessments are conducted by certified external security firms to ensure an unbiased evaluation of our infrastructure and application security. Our most recent penetration test was completed in April 2026.

security
Attack Protection

Colib implements multiple layers of defense against malicious attacks. Our platform includes Cross-Site Scripting (XSS) protection to prevent injection of harmful scripts, as well as rate limiting mechanisms to guard against brute-force and denial-of-service attempts. These safeguards work together to keep your data and your patients' data secure at all times.

Learn more about compliance