AnyImmi

Trust · security · compliance

Security posture designed for a regulated Canadian practice.

Your clients' data doesn't leave Canada without explicit consent. AI calls are scrubbed. Audit logs are append-only. SSO is available. Here's what ships today.

Data residency in ca-central-1

All customer data — Postgres (Supabase), Redis, object storage, backups — lives in AWS Canada (Central). No cross-region replication without customer opt-in.

JWT-based row-level security

Every table with firm_id carries an RLS policy against auth.jwt() -> firm_id. Cross-tenant reads are denied at the database — not just at the app.

Append-only audit log

Partitioned by month. UPDATE and DELETE denied by Postgres constraint. 7-year retention minimum, 10-year option for trust-related events.

Controls in detail

The boring parts, written out.

AI & LLM data handling

  • 21-field PII scrubber runs before any non-CA LLM dispatch (name, DOB, passport, SIN, UCI, address, phone, email, IP, NOK, employer, bank, CRA BN, health card, driver licence, child/spouse/parent names, application #, GCKey username, medical record #).
  • AI Router: Gemini (CA region) → OpenRouter → OpenAI (US) with per-firm consent required before US-region calls.
  • Split-policy fallback: async tools queue + notify, realtime tools hard-error with retry CTA. Never a silent cached-template fallback.
  • Every AI output carries a non-dismissable DRAFT · FOR RCIC REVIEW stamp (tool-registry primitive).

Access & authentication

  • Supabase Auth with magic-link (OTP) + email/password.
  • Enterprise SSO via SAML 2.0 and OIDC.
  • SCIM 2.0 user provisioning on Enterprise.
  • Per-applicant + per-document permissions in the client portal.
  • "View as client" impersonation with persistent audit banner and event logged.

Regulatory alignment

  • CICC Bylaw 6.3 (records) — 7-year retention enforced at the DB layer.
  • CICC Bylaw 8.2 (trust) — 3-way reconciliation, LawPay trust-compliant rails.
  • PIPEDA + Quebec Law 25 consent flows.
  • Law 96 bilingual EN/FR surfaces (next-intl, CA-FR professional translation before Quebec launch).
  • Licensed-scope gating at app layer AND Postgres (defence in depth).

Infrastructure & reliability

  • AWS ca-central-1 for all customer data, workers in Railway (ca-central-1 equivalent).
  • Daily Postgres backups, 30-day point-in-time recovery, 99.9% SLA on Firm+ tiers.
  • Sentry for error tracking, PostHog for product analytics (both configurable / pauseable per-firm).
  • Pen test annually by a CREST-accredited third party. Report available under NDA.

Certifications in progress

  • SOC 2 Type I — target report Q3 2026. Type II follow-up Q1 2027.
  • ISO 27001 — scoping 2027.
  • Trust center with status page + security.txt live at security.anyimmi.com.

Data you own

  • Full CSV + PDF export of every case, client, document, agreement, invoice.
  • Audit log export (JSONL) for your own compliance records.
  • 30-day data-return window after cancellation; crypto-shred by default on day 31.
  • DPA available on request. Custom DPA addendum on Enterprise.

Need the DPA or a security questionnaire?

Email security@anyimmi.com with your firm name. We return a completed standard questionnaire within 2 business days.

Email securityBook a trust call