Security

Augure is built for organizations where data security isn't a feature — it's a requirement. This page outlines our security practices, infrastructure choices, and compliance posture.

1. Data Sovereignty

All Augure services operate entirely within Canadian jurisdiction. Your data — prompts, documents, outputs, and metadata — is processed and stored exclusively on Canadian infrastructure. There is no replication, backup, or processing outside of Canada.

Augure has no US corporate parent, no US investors, and no US infrastructure providers. This eliminates any legal pathway for US authorities to compel access to your data under the CLOUD Act or similar legislation.

2. Encryption

  • In transit: All data is encrypted using TLS 1.3 between your browser and our servers.
  • At rest: All stored data is encrypted using AES-256 encryption.
  • Key management: Encryption keys are managed through industry-standard key management practices with regular rotation.

3. Compliance Frameworks

Augure's architecture is designed to support compliance with the following Canadian frameworks:

  • Law 25 (Quebec): Privacy Impact Assessments for AI systems processing personal data. Our Canadian-only architecture eliminates cross-border data flow documentation requirements.
  • PIPEDA (Federal): Personal Information Protection and Electronic Documents Act. All data handling follows PIPEDA principles for consent, purpose limitation, and accountability.
  • CPCSC: Canadian Program for Cyber Security Certification. Augure eliminates AI tooling as a compliance gap for defence contractors requiring jurisdictional control.
We can't make your organization compliant — that depends on your full security posture. But we eliminate AI tooling as a compliance risk.

4. Access Controls

  • Authentication via secure session management with encrypted tokens.
  • Role-based access controls for Knowledge Base document management.
  • Audit logging for administrative actions and data access events.
  • Session timeout and automatic logout after inactivity.

5. No Training on Customer Data

Your data is never used for model training, fine-tuning, or any form of model improvement. This applies to all data types: prompts, uploaded documents, AI responses, Knowledge Base contents, and usage metadata.

This is a hard architectural boundary, not a policy choice. Customer data and model training pipelines are completely separated.

6. Infrastructure

All Augure services run on Canadian infrastructure with no US corporate parent, providing an additional layer of jurisdictional separation from US legal reach.

  • Location: Canada
  • Certifications: SOC 2 Type II, ISO 27001 (provider level)
  • No US cloud services (AWS, Azure, GCP) in the data path

7. Contact

For security inquiries, vulnerability reports, or compliance documentation requests:

security@augureai.ca

For general privacy inquiries: privacy@augureai.ca