Your data stays in Quebec
In a world where American tech giants can access your data on a simple government request, SecuAAS guarantees that your information remains under Canadian jurisdiction.
Sovereignty, the foundation of the entire SecuAAS suite
Digital sovereignty is not an option: it's the foundation of the entire SecuAAS suite. Every product — SecuScan, SecuFile, SecuAI, SecuMon, SecuSIEM — is designed, developed, and hosted in Quebec.
The CLOUD Act risk
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) of 2018 allows the US government to demand access to data stored by any American company — even if that data is hosted outside the United States.
Combined with the Patriot Act, this means that if you use AWS, Azure, Google Cloud, Microsoft 365 or any other service from an American company, your data can be seized without your knowledge.
For Quebec businesses subject to Law 25, this is a major legal and reputational risk.
Access to data without owner consent
Surveillance without Canadian court order
Mass collection of foreign data
Quebec's Law 25
Law 25 (formerly Bill 64) modernizes the protection of personal information in Quebec. Fully in force since September 2024, it imposes strict obligations on organizations.
What Law 25 requires
- Appointment of a personal information protection officer
- Privacy impact assessment (PIA)
- Explicit consent for data collection
- Mandatory notification in case of confidentiality incident
- Right to data portability and erasure
How SecuAAS complies
- 100% hosting in Quebec — no data outside jurisdiction
- End-to-end encryption on all platforms
- Complete and immutable audit logs
- Built-in deletion and portability mechanisms
- Granular consent management
PIPEDA and GDPR
Beyond Law 25, SecuAAS complies with federal and international regulatory frameworks to ensure maximum data protection.
PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal privacy law. It governs the collection, use and disclosure of personal information in the private sector. SecuAAS respects all 10 PIPEDA fair information principles.
RGPD
The General Data Protection Regulation (GDPR) is the European reference framework. Although our data remains in Canada, our practices are aligned with GDPR standards: data minimization, right to be forgotten, portability, and full transparency.
Our approach
Four pillars to guarantee your data sovereignty
OVH Canada hosting
Data center in Beauharnois, Quebec. SOC 2, ISO 27001 certified infrastructure. Data 100% on Canadian soil.
End-to-end encryption
AES-256-GCM for data at rest, TLS 1.3 in transit. Your data is unreadable even to us.
Storage 100% in Canada
Your data is stored exclusively in Canada. AI processing is governed by our transparency policy (anonymization or explicit consent).
Source code in Quebec
Our code is developed and maintained in Quebec. No offshore outsourcing, no external access.
Our approach to AI and your data
Some of our solutions use artificial intelligence for security analysis. Here is how we protect your data in this context.
IA 100% québécoise — En production
Notre GPU dédié hébergé chez OVH à Beauharnois exécute un modèle d'intelligence artificielle open-source (Qwen3, licence Apache 2.0). Vos données ne quittent jamais le Québec lors de l'analyse IA.
Anonymisation automatique
Lorsqu'un traitement externe est nécessaire, nos données passent par SecuProxy — un proxy d'anonymisation développé au Québec. Les noms, adresses IP, courriels et identifiants sont remplacés par des jetons avant tout envoi. Les données originales restent sur nos serveurs au Québec.
Routage intelligent souverain
Notre routeur IA analyse chaque requête et la dirige automatiquement vers le GPU québécois pour les tâches standard. Seules les analyses complexes utilisent des services externes — toujours après anonymisation. Résultat : plus de 90% des traitements IA restent 100% au Québec.
Zéro dépendance étrangère
Modèle IA open-source (aucune licence américaine), infrastructure OVH Canada, code développé au Québec. Aucun fournisseur étranger ne peut accéder à vos données, même sur ordonnance judiciaire américaine.
Notre infrastructure IA souveraine est en production depuis mars 2026. Elle alimente les analyses de sécurité de SecuScan, le moteur de SecuAI, et la veille cybersécurité — tout en garantissant que vos données restent sous juridiction québécoise.
Developed here, for here
SecuAAS is a 100% Quebec company. Our development team is based in Quebec. Every line of code is written here. No offshore outsourcing, no remote access from outside Canada. When you choose SecuAAS, you invest in Quebec's technology ecosystem.
Ready to take back control of your data?
Contact us to discover how SecuAAS can secure your data while complying with Quebec and Canadian legislation.
Contact us