Technical Specifications
Encryption at Rest
AES-256
All stored data is encrypted using AES-256, the standard used by financial institutions and government agencies worldwide.
Encryption in Transit
TLS 1.3
All data transmitted between clients and our servers is encrypted using TLS 1.3, the strongest transport protocol available.
Infrastructure
AWS Canada
Hosted on AWS Canada Central (Montréal/Toronto) for data residency compliance with Québec's Law 25 and Canadian privacy law.
Audit Log Retention
7 Years
Immutable asset custody logs and access history retained for 7 years, satisfying financial and regulatory audit requirements.
Database Provider
Supabase
Supabase (PostgreSQL-backed) with row-level security, automated backups, and point-in-time recovery.
Authentication
MFA + SSO
Multi-factor authentication and SAML 2.0-based SSO compatible with Okta, Azure AD, and Google Workspace.
Global Compliance Standards
Law 25 (Québec)
Dedicated Privacy Officer, explicit consent flows, data residency in Canada, and mandatory incident reporting to the CAI.
GDPR (Europe)
Data minimization, right to erasure (where legally applicable), data processing agreements, and legitimate interest documentation.
PIPEDA (Canada)
Accountability, informed consent, limiting collection, and individual access rights under Canadian federal privacy law.
Security Architecture
A layered defence model ensuring no single failure compromises your data.
Application Layer
- Role-based access control (RBAC)
- Input validation & sanitization
- Rate limiting & DDoS protection
Network Layer
- TLS 1.3 end-to-end
- Private VPC networking
- WAF (Web Application Firewall)
Data Layer
- AES-256 encryption at rest
- Row-Level Security (RLS)
- Automated backups + PITR
Identity Layer
- SSO via SAML 2.0
- MFA enforcement
- Session token rotation
Incident Response
In the event of a security breach, our team follows a strict SLA:
< 1h
Detection & containment
< 4h
Impact assessment & notification
< 24h
Regulatory reporting (CAI / DPA)
< 72h
Full post-mortem published