Built for trust-sensitive work.
Grace is designed for mental-health practices where privacy, documentation, accountability, and professional judgment matter. Security and compliance are not treated as afterthoughts or marketing language they are part of how the platform is structured.
From access controls and audit visibility to review-aware workflows and privacy-conscious system design, Grace is built to support Canadian practices that need software they can understand, govern, and trust.
Clear controls. Visible workflows. Human review where it matters.
01 / Visibility
Trust starts with visibility
In trust-sensitive practice environments, confidence comes from knowing how the system behaves.
Grace is designed to keep important actions visible, roles and permissions structured, records reviewable, and operational activity easier to trace. The goal is not only to protect information, but to make accountability easier to maintain across the practice.
Active Roles
Recent Activity
Note signed by Dr. Chen
2 min ago
Record accessed (scheduled)
8 min ago
Billing workflow staged
15 min ago
Multi-tenant architecture, organization controls, user invitations
Suspicious login detection, device and session awareness
Role-based access, permissions, access governance
Multi-factor authentication, session controls
02 / Foundation
Security built into the foundation
Grace includes security and access foundations designed for structured, multi-user, privacy-sensitive practice environments.
A safer system starts with disciplined access.
03 / Privacy
Privacy-aware by design
Grace is designed to support privacy-aware workflows for Canadian mental-health practices. That includes structured access, reviewable actions, controlled records, and system behavior designed to reduce unnecessary exposure of sensitive information.
The platform is built to support Canadian data-hosting preferences and trust-sensitive operational design as practices manage personal and clinical information.
Privacy-aware workflow design
Access-sensitive record handling
Data visibility tied to roles
Structured handling of sensitive information
Canadian data-hosting preferences
04 / Review
Review stays part of the workflow
In clinical and operational work, not everything should happen invisibly.
Grace is designed so important actions remain visible and reviewable especially where documentation, communication, submissions, or record changes require professional accountability.
AI-generated outputs are drafts. Workflow steps can be staged before approval. Human review remains central wherever judgment, authorship, or responsibility matters.
Workflow Progression
Draft
AI prepares
Review
Clinician evaluates
Approve
Human signs off
Record
Audit trail created
05 / Auditability
Auditability where accountability matters
Grace includes audit-aware operational foundations designed to help practices understand who accessed what, what changed, and when important actions occurred.
Accountability is easier when the system keeps the trail visible.
06 / Operational Trust
Designed for clinical and operational trust
Grace supports more than record storage. It supports the broader operational trust a practice needs to function well.
That includes permissions, structured documentation flows, billing visibility, communication workflows, audit support, and a calmer way to manage the systems around care without losing control of what is happening inside them.
07 / Reviewable AI
AI that stays reviewable
Grace's intelligence is designed to support the workflow without bypassing the people responsible for it.
AI-generated outputs are drafts. Confidence and review remain part of the process. Important outputs are designed to stay visible, legible, and easier to evaluate before becoming part of the record or workflow.
08 / Access & Control
A structured approach to access and control
Practices need more than passwords. They need structure.
Grace includes system-level support for user roles, session management, multi-factor authentication, invitations, organization setup, access boundaries, and more granular control over how people interact with the platform.
Role-based permissions
Fine-grained access control
Session management
User and org governance
Structured multi-user access
09 / Canadian Practices
Built to support Canadian practice expectations
Grace is designed to support Canadian mental-health practices that need software aligned with privacy-sensitive operations, review-aware workflows, and accountable handling of personal and clinical information.
Practices may still need their own policies, professional judgment, and legal or compliance review depending on how they use the platform. Grace is designed to support that work more clearly not replace it.
Software can support responsible practice. It should not pretend to replace it.
09b / Compliance Landscape
Designed to support Canadian privacy legislation
Canadian breach notification requirements vary by jurisdiction. Grace is designed to support practices in meeting their obligations across provinces.
PIPEDA requires notification "as soon as feasible" to affected individuals and the OPC when a breach poses a real risk of significant harm, with mandatory 24-month breach record retention. Quebec's Law 25 requires notification to the CAI within 72 hours. PHIPA requires notification to the IPC in the event of theft, loss, or unauthorized access to PHI.
PHIPA (Ontario)
Health information custodian obligations, Canadian data storage requirement
Law 25 (Quebec)
Privacy impact assessments, 72-hour breach notification, data portability
HIA (Alberta)
Health information protection for health service providers
PIPEDA (Federal)
Applies where no substantially similar provincial legislation exists, data mobility framework
10 / In Practice
What this means in practice
A platform where drafts stay drafts until reviewed, records stay easier to govern, and operational steps remain visible.
More structured access, better visibility into activity, and a stronger foundation for handling sensitive workflows with confidence.
For both, it means security and compliance are treated as part of the product experience not as a promise hidden behind a badge.
Trust is built through structure, visibility, and review.
11 / Documentation
Supporting trust documentation
Grace provides a broader trust foundation through dedicated materials and supporting documentation.
Trust Center
Overview of security, privacy, and trust foundations
Data Processing Agreement
How Grace processes information on behalf of practices
PHIPA / PIPEDA
Canadian health privacy legislation support
Data Hosting
Canadian data residency and infrastructure
Terms of Service
Platform terms and conditions
Privacy Policy
How personal information is handled
Explore the trust foundation behind Grace
See how Grace is designed to support security, privacy-aware workflows, reviewable AI, and accountable handling of sensitive practice operations.
Start free. No commitment. No credit card.
Join the Founding 100 and get 3 months fully free to experience Grace.