Are you SOC 2 certified?

No, and we will not pretend otherwise. We are a consultancy that deploys into your cloud, which shifts most of the trust question to infrastructure you already control. Our controls are aligned with SOC 2 Trust Services Criteria, our subprocessors hold their own attestations (linked above), and we claim no certifications we do not hold.

Will you sign our DPA?

Yes. Send it to the security contact and we will turn it around, or ask for ours. We also share a security one-pager that answers the common questionnaire items.

What happens if there is a breach?

We notify you promptly with what we know, what is affected and what we are doing, then keep you updated until it is closed. The audit trail lives in your accounts, so your own team can verify scope rather than waiting on ours.

Where does our data actually live?

In your accounts. The default deployment is your own cloud, with Canadian residency options (Azure Canada East and Central, AWS Bedrock ca-central-1) where data must stay in Canada. We hold revocable operator access, not custody.

Do the model providers train on our data?

No. We use commercial API tiers from Anthropic and OpenAI whose terms exclude training on API inputs and outputs by default, with zero-data-retention terms negotiated where an engagement requires them. Both providers publish these terms on their trust pages.

Security

We deploy inside your cloud. Your data never leaves your environment.

Systems run in accounts you control, under model API terms that exclude training on your data. This page states exactly what we do, what we align with, and what we do not claim.

Last updated 2026-06-10 · Security contact: James Booth · info@advizr.ca

One client, one database. No shared anything.

Authentication is isolated from client data.

Login and identity run in their own database that holds no client business data. A compromise of one layer does not expose the other.

Each client gets an isolated database.

Your engagement runs on its own database instance. No shared tables, no pooled storage, no schema where a bad query could cross tenants.

There is no cross-client access path.

Separate instances, separate credentials, separate knowledge stores. A query against one client's systems cannot reach another's, by construction rather than by policy.

FIG. 01

The boundary draws first. The only path out is the audited port, under no-training API terms.REV 2026.06

What we commit to, on every engagement

01
Your data is never used to train models.
We use commercial API tiers from Anthropic and OpenAI whose terms exclude training on API inputs and outputs by default. Both publish this on their own trust pages, so you can verify the chain instead of taking our word.
Anthropic trust center → · OpenAI trust portal →
02
Zero data retention where required.
For engagements that need it, we negotiate zero-data-retention terms with the model providers so prompts and outputs are not retained on their side.
03
Data minimization before any model call.
Personal information is redacted or minimized before anything reaches a model API. The model sees what it needs to do the job, not your whole database.
04
Least-privilege keys, scoped per environment.
Every integration gets its own credential with the narrowest scope that works, revocable per client. No shared master keys across clients or environments.
05
Audit logging you can read.
AI interactions and system actions land in per-client audit tables inside your own database. The trail lives in your accounts, not ours.
06
Human approval gates on high-risk actions.
Irreversible or externally visible actions route to a person before they execute. Agents assemble, retrieve, draft and monitor; people approve.
07
Breach notification, stated up front.
If an incident touches your data, we notify you promptly with what we know and what we are doing about it, so you can meet your own regulatory clocks, including Quebec Law 25 timelines where they apply to you.
08
Data processing agreement on request.
We sign DPAs. Email the security contact below and you will get one back, along with our security one-pager.

Canadian data residency, named

Where your data must stay in Canada, these are the concrete, verifiable options we deliver on.

Your own cloud (default)

The default posture: systems deploy into accounts you control, so residency follows your cloud. We hold operator access you can revoke, not custody of your data.

Azure OpenAI, Canada East and Canada Central

Inference and data processing inside Canadian data centers, with model-availability caveats that we scope per engagement.

AWS Bedrock, ca-central-1

Data at rest stays in Canada. Where cross-region inference applies, traffic travels the AWS backbone, never the public internet.

Built against the OWASP Top 10 for LLM Applications (2025)

All ten risks, mapped by name to what we actually do about them. The list itself →

LLM01

Prompt injection

Defense in depth, because no single fix exists: input validation, context isolation, system-prompt hardening, output filtering, least-privilege tool access, and adversarial testing before launch.

LLM02

Sensitive information disclosure

PII minimization before model calls, retrieval scoped to what the requesting user may see, and no secrets in any prompt.

LLM03

Supply chain

Pinned dependencies, vetted model providers under commercial terms, and a published subprocessor table so you can audit the chain.

LLM04

Data and model poisoning

Retrieval corpora are curated from your own sources with provenance tracked. We do not fine-tune on unvetted data.

LLM05

Improper output handling

Model output is treated as untrusted input: validated and escaped before it touches downstream systems, never executed directly.

LLM06

Excessive agency

Agents get the narrowest tool set that does the job, and human approval gates sit in front of irreversible actions.

LLM07

System prompt leakage

Prompts are assumed readable by a determined user. Credentials and sensitive logic live in environment configuration and code, never in the prompt.

LLM08

Vector and embedding weaknesses

One isolated vector store per client, access-controlled at the database layer. No shared embedding space across clients.

LLM09

Misinformation

Generation is grounded in retrieved sources with citations, checked by evals against golden datasets, and human-reviewed where the output matters.

LLM10

Unbounded consumption

Rate limits, per-key quotas and budget alerts on every model integration, so a runaway loop is a paged alert, not a surprise invoice.

Framework alignment

We claim no certifications we do not hold.

Alignment is a practice claim and we make it carefully. Certification is an audit outcome and we do not assert ones we have not earned.

NIST AI RMF

AI risk management mapped to the four functions: Govern, Map, Measure, Manage. Voluntary by design, and it maps directly onto how we scope and run engagements.

SOC 2 Trust Services Criteria

Controls aligned with SOC 2 Trust Services Criteria: security, availability, confidentiality. Mapped policies, not an attestation.

ISO/IEC 42001

ISO/IEC 42001-informed governance for how AI systems are specified, monitored and retired. Both of our model providers hold the certification itself.

Built to respect the law you answer to

PIPEDA

Delivery designed to support your obligations under PIPEDA: accountability and individual access for AI processing of personal information, with minimization built into every pipeline.

Quebec Law 25

Transparency for automated decisions and tight breach-notification clocks. Our incident posture and audit logging are built so you can meet them.

BC PIPA

We are a BC company. Provincial private-sector privacy law is our home regime, and the one our own operations answer to.

EU AI Act

Scoped per engagement: we determine whether a build makes you a deployer or a provider, and what Articles 4 and 50 require of you, before we write code.

Subprocessors

The chain, published

Buyers verify chains, not vendors. Every posture below restates what that vendor publishes on its own trust page, last checked 2026-06-10. Facts, not partner logos.

Subprocessor list: vendor, role, published security posture, and trust center link.
Vendor	Role	Published posture	Verify
Anthropic	Model API (Claude)	No training on API data by default; ZDR available. SOC 2 Type II, ISO 27001, ISO/IEC 42001.	Trust page →
OpenAI	Model API (GPT)	No training on API data by default; ZDR on eligible endpoints. SOC 2 Type 2 report available.	Trust page →
Supabase	Database and auth	SOC 2 Type 2; HIPAA configuration available.	Trust page →
Vercel	Web hosting	SOC 2 Type 2; ISO 27001.	Trust page →
Modal	Serverless compute	SOC 2 Type 2; external penetration testing.	Trust page →

The questions procurement asks

Need the paperwork? Ask the person who signs it.

DPA, security one-pager, or your own questionnaire. James Booth answers security email himself.

Request the DPA Book a call