Built so brokers can sleep.
ABB handles regulated personal information for plan members in every Canadian province. We treat that as the operational constraint it is. Here's exactly how.
Data residency
Data is currently processed in a US region (Neon Postgres, US-East; Cloudflare R2, North American region). Migration to a Canadian region (Montreal) is planned before onboarding brokers who require in-country residency — ask us about the timeline.
Encryption
TLS in flight. Data is encrypted at rest by our infrastructure providers (Neon, Cloudflare R2) under their platform defaults. Stored mailbox passwords are additionally application-encrypted with AES-256-GCM. Per-tenant key isolation (KMS-backed) is on the near-term roadmap.
Audit logging
Every regulated agent action — assembling a market-study draft, amending a client booklet, sending a communication — is recorded to an audit log so brokers can reconstruct what happened. Tamper-evident, write-once enforcement is on the roadmap.
Broker-in-the-loop on regulated actions
The agent drafts. The licensed broker reviews and authorizes. Carrier submissions, client communications, and benefit-change confirmations all require human sign-off. This is by design and by regulation.
Breach + incident process
Standing incident-response runbook, ≤72-hour notification commitment to affected tenants and the Privacy Commissioner of Canada per PIPEDA Section 10.1.
Your data is yours
Export your tenant's full data any time, in machine-readable JSON (this is live today). On cancellation we provide a final export and delete your data on request; an automated retention/deletion schedule is being implemented.
Compliance posture
- PIPEDA: we are the data processor under your broker tenant's authority; you are the controller. DPA template available on request.
- CISRO & provincial regulators: agent outputs are clearly distinguished from licensed-broker advice in every artifact. The broker is the only signatory.
- PIPEDA breach notification: standing process; we contact the affected tenant first, then assist with the regulator notice.
- SOC 2 Type II: audit in flight (target completion Q4 2026). Trust-services criteria documentation available under NDA.
- Subprocessors: Anthropic (model inference, US — no training on customer data per their commercial terms), Neon (Postgres host, Canadian region), Cloudflare R2 (object storage, North-American region of customer's choice).