Assured Workloads Enabled

Robust Security for Canadian Municipalities

TrueNorth Civic AI provides robust security for Canadian municipalities with northamerica-northeast1 data residency, Assured Workloads policy enforcement, and FOIPPA compliance.

Protecting civic infrastructure with northamerica-northeast1 residency, Assured Workloads policy enforcement, and encryption at rest with Customer-Managed Encryption Keys (CMEK).

Trusted Compliance Standards

Zero Training
FOIPPA Compliant
Canada Data Boundary
⚖️Ethical AI

Our Ethical Commitment

Beyond compliance, TrueNorth is built on ethical AI principles that put municipalities in control. We believe AI should serve public servants—not the other way around.

visibility

Transparency

Every AI decision can be explained. We show our work with full source citations.

groups

Human Oversight

Critical decisions always involve human judgment. AI assists, humans decide.

balance

Fairness

We regularly audit for bias in zoning, bylaw, and municipal contexts.

assignment_turned_in

Accountability

Clear escalation paths when AI makes mistakes. You're never left hanging.

delete_sweep

Data Control

You can delete everything, anytime. No retention beyond your control.

Defense-in-Depth Architecture

Our platform employs specific technical controls within the Google Cloud "Canada Data Boundary" to ensure that documents and databases are stored exclusively on servers in Canada, and any transmitted data follows the highest safety standards.

dns

Technical Residency

Primary infrastructure is hard-pinned to northamerica-northeast1 (Montreal). All data is protected by Canadian-managed encryption keys (CMEK) that never leave the region, ensuring strict data residency even when processing is globally routed.

gavel

Policy Enforcement

We utilize GCP Assured Workloads to apply organization-level policy constraints. This automatically blocks the creation of any resources (VMs, Buckets, DBs) outside of approved Canadian regions.

vpn_key

Encryption at Rest

All data is encrypted at rest using Customer-Managed Encryption Keys (CMEK) with AES-256 encryption. We maintain exclusive control over our cryptographic keys, ensuring Canadian data residency within Canadian data centers.

verified_user

Canada Data Boundary

Part of our Assured Workloads control package, strictly enforcing the Canada Data Boundary. This includes restricting primary storage resources to Canadian regions and enforcing minimum TLS versions for all transit.

privacy_tip
🍁Canadian PII Protection

DLP Privacy Middleware

Every prompt is intercepted by our Cloud DLP API before reaching the AI model. We use Canadian-specific inspection templates to detect and redact:

Social Insurance Numbers (SIN)Personal Health Numbers (PHN)BC Driver's LicensesCanadian PassportsNames & AddressesEmail AddressesPhone NumbersFinancial InformationBiometric Data (DNA, Fingerprints)Race & Ethnic OriginMedical & Health RecordsCredit Card Numbers
architectureTechnical Architecture

Security Architecture Overview

A comprehensive view of our defense-in-depth approach, showing how data flows through Canadian infrastructure with DLP scanning and FOIPPA compliance at every layer.

TrueNorth Civic AI Security Architecture Diagram showing Canadian Data Residency, Customer-Managed Encryption Keys (CMEK), DLP scanning, and FOIPPA compliance layers
check_circleDLP Scanning Active
gavelFOIPPA Compliant
🍁Canadian Data Centers
publicJurisdictional Control & US CLOUD Act

Hosted Exclusively in Canada

We store data in Google Cloud Platform's Montreal region (northamerica-northeast1) and protect it with customer-managed encryption keys (CMEK). We disclose that Google LLC is a US-headquartered company and residual US CLOUD Act jurisdiction exists. We mitigate this through contractual controls, encryption, and minimal data retention.

  • check_circle

    Primary: northamerica-northeast1

    Montreal based low-latency clusters.

  • check_circle

    Failover: northamerica-northeast2

    Toronto based disaster recovery.

  • shield

    Jurisdictional Control

    Decryption keys managed separately from data.

Montreal
Toronto

Frequently Asked Questions

How do you mitigate the US CLOUD Act?expand_more

Like all platforms using US-headquartered cloud infrastructure, residual US CLOUD Act jurisdiction exists. We mitigate this through contractual controls with Google, encryption at rest (CMEK) and in transit, minimal 30-day auto-purge retention periods, and regular compliance audits. For municipalities requiring additional jurisdictional control, contact us to discuss options including Canadian-owned cloud providers.

How is municipal data isolated?expand_more

We use strict logical tenant isolation within our database clusters. Every query is scoped to a specific Tenant ID, ensuring that cross-contamination of municipal records is impossible at the database level.

Do you conduct penetration testing?expand_more

Yes. We engage independent third-party security firms to conduct penetration testing on our application and infrastructure twice annually. Summarized reports are available to enterprise customers upon request.

How are project documents protected?expand_more

Project documents are isolated by user, scanned by Cloud DLP before ingestion, and stored in Canadian-only GCP regions. Access is controlled at the project level within your specialized task workspace, ensuring that your research and data remain secure and isolated.

Have security questions?

mailContact Us