Built for organizations where data security isn't a feature.

Sovereign by architecture. Encrypted in transit and at rest. Audit-ready. Zero training on customer data. Documentation available for procurement review.

Law 25 · Quebec privacyPIPEDA · Federal privacyCPCSC · Defence-alignedSOC 2 Aligned · Provider stackISO 27001 Aligned · Provider stack

On this page

01Data sovereignty
02Encryption
03Compliance frameworks
04Access controls
05No training on customer data
06Infrastructure

Your data stays in Canadian jurisdiction.

All Augure services operate within Canadian jurisdiction. Your data — prompts, documents, outputs, metadata — is stored on Canadian infrastructure. AI inference runs on Canadian infrastructure or audited sovereign sub-processors — never US infrastructure, and never subject to the US CLOUD Act.

Augure has no US corporate parent, no US investors, and no US infrastructure providers. There is no legal pathway for US authorities to compel access to your data under the CLOUD Act.

Encrypted in transit and at rest.

Industry-standard encryption everywhere data lives.

In transit — TLS 1.3 between your browser and our servers.
At rest — AES-256 across all stored data.
Key management — managed via industry-standard key rotation and access controls.

Aligned with the Canadian frameworks your team has to answer to.

Augure's architecture is designed to support compliance with the following Canadian frameworks.

Law 25 (Quebec) — Privacy Impact Assessments. Canadian-only architecture eliminates cross-border data flow documentation.
PIPEDA (Federal) — All data handling follows PIPEDA principles for consent, purpose limitation, and accountability.
CPCSC — Eliminates AI tooling as a compliance gap for defence contractors requiring jurisdictional control.

We can't make your organization compliant — that depends on your full security posture. But we eliminate AI tooling as a compliance risk.

Authentication, authorization, and audit trails by default.

Authentication, authorization, and audit trails as a default — not a feature gate.

Secure session management with encrypted tokens.
Role-based access controls for Knowledge document management.
Audit logging for administrative actions and data access events.
Session timeout and automatic logout after inactivity.

Your data never trains a model. Not ours, not anyone's.

Your data is never used for model training, fine-tuning, or any form of model improvement. This applies to prompts, uploaded documents, AI responses, Knowledge contents, and usage metadata.

This is a hard architectural boundary, not a policy choice. Customer data and model training pipelines are completely separated.

Built on Canadian infrastructure.

All Augure services run on Canadian infrastructure with no US corporate parent — providing an additional layer of jurisdictional separation from US legal reach.

Geography — Canada only.
Provider stack — SOC 2 Aligned, ISO 27001 Aligned.
No US cloud services in the data path.

Need procurement-grade documentation?

We share security questionnaires, architecture diagrams, and audit artefacts on request. Tell us what your team needs.

Email security See enterprise services