AssetLab LogoAssetLab.ca
    Canadian Data Residency
    PIPEDA Compliant
    TLS 1.3 Encrypted

    Security & Trust Center

    Enterprise-Grade Security for Your Critical Asset Data

    At AssetLab, security is fundamental. We've built our platform with enterprise-grade security, privacy-first design, and transparent practices to protect your asset information.

    TLS 1.3
    End-to-End Encryption
    🇨🇦 Canada
    Data Residency
    4 Roles
    Role-Based Access Control
    Zero AI
    No AI APIs Used
    99.9%
    Uptime SLA

    Security & Data Protection

    Multi-layered security architecture built for enterprise asset management

    Infrastructure Security

    • TLS 1.3 Encryption: All data in transit protected with industry-leading encryption
    • AES-256 at Rest: Database encryption via Supabase enterprise infrastructure
    • Canadian Data Centers: Your data never leaves Canada
    • Automated Backups: Continuous backup with point-in-time recovery

    Application Security

    • Clerk Enterprise Auth: Passwordless email OTP authentication
    • Row-Level Security: PostgreSQL RLS ensures complete data isolation
    • Multi-Tenant Isolation: Organization-based data segregation
    • Audit Logging: Comprehensive activity tracking and access logs

    Access Management

    • Role-Based Access Control: Hierarchical permissions with 4 organization roles and inherited capabilities
    • 4 Organization Roles: Administrator, Manager, Staff, Requester
    • Multi-Factor Authentication: Optional MFA via Clerk
    • SSO Support: Single Sign-On available for enterprise customers

    Compliance & Standards

    Meeting Canadian standards for data protection and privacy

    PIPEDA Compliant

    Full compliance with Canada's Personal Information Protection and Electronic Documents Act

    • Privacy by design principles
    • Transparent data handling
    • User consent management

    🇨🇦 Canadian Data Residency

    Your data is stored exclusively on Canadian servers, never leaving the country

    • Supabase Canadian region
    • Subject to Canadian privacy laws
    • No cross-border data transfers

    Security Architecture

    Multi-layered security controls protecting your data at every level

    • Row-level security (RLS)
    • Multi-tenant data isolation
    • Regular security audits

    Privacy & Data Protection

    Your data, your rights, our commitment

    Zero AI Processing

    • No AI APIs: We don't use OpenAI, Anthropic, Google AI, or any third-party AI services
    • No External Processing: Your data is never sent to AI providers or analyzed by machine learning models
    • Complete Privacy: Your asset data, documents, and operational information stays within our secure infrastructure
    • No Training Data: We never use your data to train AI models or improve third-party systems

    Privacy Principles

    • No Data Selling: We never sell, trade, or rent your data to third parties
    • Minimal Collection: We only collect data necessary to provide our services
    • Transparent Processing: Clear documentation of how we use your information
    • User Control: You maintain full control over your data at all times
    Read Full Privacy Policy

    Your Data Rights (PIPEDA)

    • Right to Access: Request a copy of all your personal information
    • Right to Correction: Request corrections to inaccurate data
    • Right to Deletion: Request deletion of your account and associated data
    • Data Portability: Export your data in common formats (CSV, JSON)
    Exercise Your Rights

    Infrastructure & Reliability

    Enterprise-grade infrastructure you can count on

    Cloud Infrastructure

    • Supabase enterprise PostgreSQL
    • Canadian data centers (AWS ca-central-1)
    • Auto-scaling for peak performance
    • CDN for global asset delivery

    Uptime & Monitoring

    • 99.9% uptime SLA guarantee
    • 24/7 system health monitoring
    • Real-time performance tracking
    • Proactive incident response

    Backup & Recovery

    • Automated daily backups
    • Point-in-time recovery (PITR)
    • Geo-redundant backup storage
    • Disaster recovery procedures

    Trust & Transparency

    Open communication, responsible disclosure, continuous improvement

    Security Practices

    • Regular Security Updates: Continuous monitoring and patching of vulnerabilities
    • Incident Response Plan: Documented procedures for security incidents
    • Security Audits: Regular third-party security assessments
    • Team Training: Ongoing security awareness for all team members

    Trusted Subprocessors

    We work with carefully selected third-party service providers to deliver our platform:

    • Supabase (🇨🇦 Canada):

      PostgreSQL database hosting and storage with Canadian data residency (AWS ca-central-1)

    • Clerk (🇺🇸 USA):

      Enterprise authentication and user management

    • Vercel (🌐 Global CDN):

      Application hosting and content delivery network

    • Stripe (🇺🇸 USA):

      Payment processing and subscription management

    • Google Analytics (🇺🇸 USA):

      Website analytics with IP anonymization (consent-based)

    • View Full Terms of Service

    Questions About Security?

    Our security team is here to answer your questions and provide additional documentation for enterprise procurement and compliance reviews.

    Contact Security TeamReport Security Issue

    Responsible disclosure • Enterprise support • Compliance documentation

    Privacy PolicyTerms of ServiceContact UsSupport

    We Value Your Privacy

    We use cookies to provide essential functionality and optional analytics to improve your experience. Analytics cookies help us understand how you use AssetLab so we can make it better. Learn more in our Privacy Policy.