Your data, protected
Observantia is a compliance platform. We apply the same personal information protection principles we help our clients put in place.
What is in place
Encryption and data residency
Data is encrypted in transit with TLS and at rest with AES-256, and HTTPS is enforced through HSTS. Your compliance data is stored in Canada. A few supporting providers (such as payment processing, email, and error monitoring) may process limited operational data outside Canada under contractual safeguards.
Authentication
Passwords must meet complexity requirements, and sessions expire automatically after a period of inactivity.
Application security
Security headers (including a Content Security Policy and clickjacking protection) and rate limiting guard against abuse. Data access is controlled by defined roles, user inputs are validated, and sensitive actions are recorded in an audit log.
Privacy by design
We apply to ourselves the methodology we help our clients put in place: an internal governance policy, access limited to what is strictly necessary, and periodic reviews of our practices. Error monitoring is hosted in the European Union, with personal information removed before transmission.
Data isolation
Each organization's data is isolated at the database level through per-organization row-level security policies. A user can never access another organization's data.
Responsible disclosure
If you discover a vulnerability or security issue, write to us at info@observantia.ca. We take these reports seriously and commit to responding promptly.
Ready to simplify your compliance?
Try Observantia free for 14 days.