Your data, protected
Observantia is a compliance platform. We apply the same personal information protection principles we help our clients put in place.
What is in place
Infrastructure
Observantia is hosted on Supabase, running on AWS in a Canadian region. Data is encrypted at rest with AES-256 and in transit with TLS 1.3. No data leaves Canada.
Authentication
Authentication is handled by Supabase Auth. Passwords are hashed with bcrypt. Sessions are secured with automatic expiration after inactivity.
Application security
Data access is controlled by defined roles (administrator, member). All significant actions are recorded in an audit log. User inputs are systematically validated.
Privacy by design
We apply to ourselves the methodology we help our clients put in place. This includes an internal governance policy, access limited to what is strictly necessary, and periodic reviews of our practices.
Data isolation
Each organization's data is logically isolated through Supabase row-level security policies. A user can never access another organization's data.
Responsible disclosure
If you discover a vulnerability or security issue, write to us at info@observantia.ca. We take these reports seriously and commit to responding promptly.
Ready to simplify your compliance?
Try Observantia free for 14 days.