Security built for organizations where it isn't a feature — it's a requirement.
Anitarian's posture is shaped by the buyers it serves: regulated, audited, and accountable.
Where Anitarian runs.
Canadian by design
All services operate within Canadian jurisdiction. Prompts, documents, outputs, and metadata are processed and stored exclusively on Canadian infrastructure.
No CLOUD Act pathway
No US corporate parent. No US investors. No US infrastructure providers. No legal pathway for US authorities under the CLOUD Act.
Encryption everywhere.
In transit
TLS 1.3 for all data between browser and servers.
At rest
AES-256 for user content and personal information.
Key management
Industry-standard with regular rotation.
Frameworks aligned to Canadian buyers.
We can't make your organization compliant — that depends on your full security posture. But we eliminate AI tooling as a compliance gap.
Law 25 (Quebec)
PIAs for AI systems. Canadian-only architecture eliminates cross-border documentation.
PIPEDA (Federal)
Full alignment with consent, purpose limitation, and accountability principles.
CPCSC
Removes AI tooling as a compliance gap for defence contractors.
Who can do what.
Encrypted sessions
Secure session management with encrypted tokens.
Role-based access
Knowledge Base supports Admin, Editor, and Viewer roles.
Audit logging
Administrative actions and data access are logged for compliance.
Auto-logout
Session timeout and automatic logout after inactivity.
Where the bits live.
| Location | Canada |
| Certifications | SOC 2 Type II, ISO 27001 (provider level) |
| US cloud services | None — no AWS, Azure, or GCP in the data path |
For security inquiries, vulnerability reports, or compliance documentation: team@anitarian.ai