Security & Compliance

Your data stays in Canada

Built with Canadian data residency as a core requirement — not an afterthought. Every architecture decision prioritises your data security and regulatory compliance.

Canadian data residency

All data is stored and processed in AWS ca-central-1 (Montreal). Database, storage, and AI processing stay within Canadian borders.

Encryption everywhere

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Supabase handles database encryption with per-tenant row-level security.

No model training

Your data is never used to train AI models. This is explicit in our Terms of Service. Claude via AWS Bedrock guarantees zero data retention.

Full audit trail

Every AI action is logged — what model was used, tokens consumed, cost estimate, and whether it was approved by a user. Export to CSV or PDF.

PIPEDA compliant

Built from the ground up for Canadian privacy law compliance. UBXR is trained on PIPEDA, CASL, and provincial privacy legislation.

Multi-tenant isolation

Row-level security policies ensure complete data isolation between organizations. No organization can access another's data.

SOC 2 Type II on the roadmap

We are actively working toward SOC 2 Type II certification. Contact us for our current security documentation and architecture overview.