Usually, we get asked this question because of a security person, or a compliance person is asking you to provide it. The problem is, it's sort of a loaded question. What they are really trying to answer is where patient sensitive information is being stored or accessed. Doxy.me does not store or access patient health information.
Doxy.me servers are used to establish a connection between the provider and the patient. Doxy.me video calls are peer-to-peer, meaning the audio-video data flows directly between the two individuals on the call, not through Doxy.me servers. So if you are a provider in Canada, having a one-on-one call with a patient in Canada, no unencrypted data is ever accessed or stored in the USA.
No patient data is stored on any Doxy.me servers. Doxy.me relies on redundant AWS supported servers located in the United States to support the service. AWS servers are SOC 2 certified, abide by FIPS 140-2 standards, and are maintained in compliance with HIPAA regulations.