Every byte of customer data, transcripts, recordings, case metadata, lives in Canadian cloud regions. Nothing is trained on. Nothing crosses the border. We'll send any InfoSec team the evidence to prove it.
Data Residency
No multi-region failover to the US. No "edge nodes" in Virginia. No telemetry quietly routed offshore. If your regulator asks where the data sits, the answer is one line.
All compute, storage, databases, backups, and logs run in Canada. Disaster recovery uses a second Canadian availability zone, never a cross-border region.
Model inference runs inside the Canadian cloud boundary. Your prompts and transcripts never leave the country, and are never used to train any model.
AES-256 at rest via a managed key service with customer-scoped keys. TLS 1.3 in transit. Call recordings encrypted per-tenant. Key rotation on a 90-day cycle.
Every access event, human or service, is logged, immutable, and queryable. Infrastructure audit logs and application logs for case data are both retained seven years.
Certification Posture
We don't use compliance vocabulary loosely. Here's what's certified, what we're architected to, and what's on the roadmap, stated plainly.
Terminology: Eligible / Capable, architecture supports the framework; deployment configuration completes it for your use case. Aligned, our controls are designed against the framework's requirements; third-party audit not yet held. Ready, framework-specific documentation and contractual terms are available on request. Roadmap, certification is planned and scoped but not yet held.
How we handle data
Most "AI platform" vendors are fuzzy here. We'll be specific.
Audio streams through ca-central-1 infrastructure. Transcription and model inference happen in-region. Nothing is cached outside Canada, ever.
Transcript, sentiment, intent, and resolution are written to your system of record. The case in your CRM is the source of truth, our copy is operational only.
Default retention is 90 days for transcripts and 30 days for raw audio. You can shorten these, extend them, or disable retention of either, contractually.
Customer data (prompts, transcripts, recordings, case content) is never used to train or fine-tune any model. This is contractual, not just a policy.
Access & AI Safety
SAML / OIDC single sign-on via your IdP. Role-based access control with tenant-level isolation. Just-in-time access for our support engineers, every session logged and time-boxed.
Customer-supplied content is handled as data, not instructions. Prompt-injection resistance is tested continuously. System prompts are versioned and reviewable.
Every escalation path is configurable. The AI can be set to always hand off on specific intents (legal, medical emergencies, billing disputes), regardless of confidence score.
24/7 security on-call. Notification within 72 hours for any incident affecting customer data, by contract. Post-mortems shared with affected customers within 10 business days.