Security

Built for Government of Canada Foreign Service workflows. Encryption everywhere, principle of least privilege, append-only audit log. Canadian data residency and Protected B readiness target the forthcoming GAC Edition; the current public preview runs on the platform's default region.

Canadian residency (GAC Edition)TLS 1.2+ in transitAES-256 at restRow-Level SecurityAudit logProtected B ready (GAC Edition)

Data residency

The GAC Edition is designed to run in AWS Canada Central (ca-central-1) with Canadian-hosted AI endpoints (Azure OpenAI Canada or AWS Bedrock ca-central-1). The current public preview runs on the underlying platform's default region for iteration speed; a Canadian-region deployment will be provisioned for any Protected B pilot before live data is loaded.

Encryption

All traffic uses TLS 1.2 or higher. Data at rest, including object storage for photos, is encrypted with AES-256. Backups and replicas inherit the same encryption.

Authentication

Email/password and federated Google and Apple sign-in (OAuth 2.0). Multi-factor authentication is on the GAC Edition roadmap. Roadmap: SAML 2.0 / OIDC for GC SSO and PKI.

Authorization

Postgres Row-Level Security enforces inventory-scoped access at the database layer. Owner / collaborator roles today; viewer and auditor roles on the GAC Edition roadmap.

Audit log

Append-only audit trail for invitations, member changes, deletions, and exports. Owners can download the full log as CSV at any time. No update or delete paths.

Privacy & PIPEDA

Self-serve account deletion and full data export. We never sell data, never use it to train third-party models. See /privacy.

AI providers

Item suggestion routes through Lovable AI Gateway to Google and OpenAI under their standard API terms, which prohibit training on API inputs by default. Prompts contain only the photo or text the user provides; we do not separately log or retain prompt content.

Protected B readiness

Designed to support an ITSG-33 Annex 3A-mapped SSP, TRA, and PIA when a sponsor-led Security Assessment & Authorization is initiated. SOC 2 Type 1 planned in parallel.

Sub-processors

Lovable Cloud (Supabase, EU region today; Canadian region for the GAC Edition) — database, auth, object storage.
Cloudflare — CDN, DDoS protection, edge runtime.
Stripe — payment processing for paid pilots (PCI DSS Level 1).
Google & OpenAI (via Lovable AI Gateway) — optional AI item suggestion.

Reporting a vulnerability

A dedicated security contact address will be published here before any Protected B pilot. In the meantime, please report vulnerabilities to the project owner on WhatsApp the project owner (WhatsApp only, no phone calls). We acknowledge reports as quickly as possible and prioritize critical issues.

Last updated May 15, 2026.