DedendumDEDENDUMai
Book an audit

Data & security

What we have shipped, what we are mid-implementation on, and what is still certification-path. No inflation.

Residency

All tenant production data in Canada Central (Azure). No replication outside Canada without explicit tenant authorization.

Tenant isolation

DB-per-tenant. Each customer gets its own Postgres database. No shared-row pattern. Cross-tenant queries are architecturally impossible, not policy-gated.

Encryption

TLS 1.2+ in transit. AES-256 at rest via Azure-managed keys. Customer-managed keys available on Growth and Enterprise plans.

Access control

Role-based access in the product (worker, expert, tenant admin). Internal staff access is gated by email + TOTP, logged to an append-only audit trail retained 730 days.

AI boundaries

Voice, transcripts, and structured knowledge are never used to train foundation models. All LLM calls run through our AI gateway with per-tenant quotas and full token metering. Providers: OpenAI, Anthropic — switchable per-tenant from the admin panel.

Certifications

SOC 2 Type 1 certification path begins H2 2026. PIPEDA-aligned on day one. We will update this page when the SOC 2 audit completes — not before.

Responsible disclosure

Report security issues to [email protected]. We commit to an initial response within two business days and credit in a public changelog on resolution.