Security & Trust Center

Infrastructure Security

• TLS 1.3 Encryption — All data in transit protected with industry-leading encryption
• AES-256 at Rest — Database encryption via Supabase enterprise infrastructure
• Canadian Data Centers — Core application and asset data hosted in Canada
• Automated Backups — Regular automated backups to protect your data

Application Security

• Clerk Enterprise Auth — Passwordless email OTP and passkey authentication
• Row-Level Security — PostgreSQL RLS ensures complete data isolation
• Multi-Tenant Isolation — Organization-based data segregation
• Audit Logging — Comprehensive activity tracking and access logs

Access Management

• Role-Based Access Control — Hierarchical permissions with 4 organization roles
• 4 Organization Roles — Administrator, Manager, Staff, Requester
• SSO Support — Single Sign-On available for enterprise customers

PIPEDA Aligned

Built with Canadian privacy principles in mind.

• Privacy by Design — Security and privacy considered in every feature
• Transparent Handling — Clear documentation of data processing activities
• User Consent — Consent collected before gathering personal information

Data Residency

Core application data is stored on Canadian servers. Authentication is handled by Clerk, which processes user identity data on US-based infrastructure.

• Supabase Canadian Region — Hosted in AWS ca-central-1 (Montreal)
• Clerk Authentication — User identity data processed in the US
• Canadian Privacy Laws — Subject to PIPEDA and provincial privacy legislation

No AI Processing of Customer Data

Your customer data is never sent to third-party AI providers such as OpenAI, Anthropic, or Google AI. No customer data is analyzed by external machine learning models.

• No External AI Processing — Customer data stays within our secure infrastructure
• No Training Data — We never use your data to train AI models

Privacy Principles

• No Data Selling — We never sell, trade, or rent your data to third parties
• Minimal Collection — We only collect data necessary to provide our services
• Transparent Processing — Clear documentation of how we use your information
• User Control — You maintain full control over your data at all times

Your Data Rights (PIPEDA)

• Right to Access — Request a copy of all your personal information
• Right to Correction — Request corrections to inaccurate data
• Right to Deletion — Request deletion of your account and associated data
• Data Portability — Export your data in common formats (CSV, JSON)

Cloud Infrastructure

• Supabase Enterprise — PostgreSQL database with enterprise-grade reliability
• Canadian Data Centers — AWS ca-central-1 region in Montreal
• Auto-Scaling — Automatically scales to handle peak demand
• Global CDN — Fast asset delivery worldwide via edge network

Uptime & Monitoring

• 99.9% Uptime SLA — Guaranteed availability for business-critical operations
• 24/7 Monitoring — Continuous system health monitoring around the clock

Backup & Recovery

• Automated Backups — Regular automated backups to protect your data
• Disaster Recovery — Documented procedures for rapid recovery