Four Commitments.
Not Slogans.

What you can expect from us, and what we want you to hold us to.

1

Your data, not ours.

Your conversations and files are yours. We don't use them for our purposes, we don't send them to third parties, and we only send them where you explicitly tell us to.

  • Not ours to use. No training, no monetization, no ads. Not by us, not by any provider we work with.
  • Not ours to leak. No third-party trackers, no analytics pixels, no behavioural cookies. Our in-house page-view counting uses daily-salted IP hashes.
  • Not ours to hand over. A foreign court order to our cloud provider produces only unusable encrypted text. The decryption keys stay in Canada.
  • Yours to move. Export anytime in JSON or Markdown, no support ticket required. Future integrations are always opt-in actions you trigger.
  • Yours to delete. Delete conversations or your account from inside the app. One click, no forms. PIPEDA and GDPR both give you the right to be forgotten, and we don't treat it as a favour.

How we enforce it

Wherever possible, we negotiate zero-retention and no-training clauses with AI providers, and we expand that coverage as we grow. Our enterprise API access already carries stronger privacy terms than any consumer version of the same models. Other providers offer below-cost consumer pricing because your data subsidizes it. We'd rather charge fairly.

2

Stubbornly Canadian.

We could have based the company anywhere, run on anyone's cloud, and wired up any convenient third-party service. We didn't. Every choice that shapes where your data goes defaults to Canadian.

  • Canadian law governs us. Rideau AI is a 100% Canadian-owned entity. PIPEDA and Quebec Law 25 apply directly. EU adequacy flows through automatically. No foreign government can silently compel us to disclose your data.
  • Canadian-held encryption keys. Your data is encrypted by our application before it ever reaches storage. The keys live on hardware we own and operate ourselves, on Canadian soil. Not rented, not colocated in someone else's data center, not accessible to any third party, separate from the cloud provider. A foreign court order to the cloud provider produces only unusable encrypted text.
  • Canadian-hosted models when you need them. Private Inference runs AI on servers we control in Canada. No foreign AI provider is involved at any point. When policy or regulation requires that your data never cross a border, this is how.
  • No foreign dependencies we can avoid. We built our own authentication instead of using Google or Microsoft sign-in. Our CAPTCHA is in-house, not Google's reCAPTCHA. Static assets come from our servers, not US-hosted CDNs. No Google Analytics, no Meta pixels. Every third-party integration we can avoid, we avoid.
  • Canadian-first as we grow. Foreign cloud infrastructure exists in our stack today because Canadian alternatives aren't yet mature enough to migrate to. We're honest about that, and we're part of the flywheel that changes it: every Canadian vendor we pay, every US default we swap, helps fund the next iteration of Canadian infrastructure. Stubbornly Canadian. One vendor swap at a time.

How we enforce it

Rideau AI is a 100% Canadian-controlled private corporation. Our architecture is portable by design, so we refuse dependencies that would lock us into a single foreign provider.

3

The AI works for you, not us.

The AI is a tool for you, not a sales channel for us. Making it useful is our only job with it. Ads, upsells, or sponsored recommendations would be the AI working against you.

  • The AI has no commercial agenda. Its system prompts contain no sales language. It doesn't know what plan you're on. It isn't trained to push upgrades or steer you toward paid actions.
  • No ads, sponsorships, or placements in responses. No sponsored content. No affiliate links. No "this response brought to you by." If a product is mentioned, it's because your question is about it, not because someone paid for placement.
  • No model-directed upselling. When you hit a limit, the AI won't pressure you. It won't refuse to answer and tell you Pro would unlock it. Capacity warnings come from the UI with real numbers, not from the conversation.

How we enforce it

Some AI platforms use their chat product to funnel you toward their cloud, storage, or productivity offerings. Rideau AI doesn't have those to sell. The AI's only job is your answer.

4

Accountable to you, not investors.

Every business is accountable to someone. Most AI companies answer to investors who expect a return that eventually has to come from you. Rideau AI answers to you. No other accountability, no other agenda.

  • No venture capital. Rideau AI is bootstrapped. No board demanding growth at all costs. No funding round that would eventually require monetizing you to return capital to investors.
  • Priced at actual cost. We don't offer below-cost tiers and make up the difference with your data. When providers offer suspiciously cheap AI access, someone else is paying. Usually it's you, paying with your data and your attention.
  • Sustainable at every tier. A few thousand paying customers covers our costs and makes us fully self-sustaining. Not millions. That's achievable at Canadian scale, which means no scale mandate that forces a later pivot to ads, data sales, or forced upgrades.
  • Your subscription is our only revenue. We grow when you stay. We stay when you're getting value. There's no other income source we could fall back on if we stopped caring about you.

How we enforce it

VC-funded competitors often offer below-cost pricing to acquire users, then monetize through data, ads, or price hikes. We can't be tempted into that cycle because we chose not to take the VC that starts it. The only way we grow is by being worth paying for.

Where We Are Today

When we started building Rideau AI, we expected to assemble a fully sovereign AI solution from Canadian vendors. It quickly became clear that the infrastructure isn't there yet. We could either wait a decade for perfection, or build the best solution with what was available and work towards full sovereignty as new infrastructure comes online and costs come down. And if we need to, we use the revenue from today's product to build the missing pieces ourselves.

With that in mind, we've built our entire stack around three mandates:

1

Infrastructure is foreign-controlled. Encryption is non-negotiable.

  • All data must be encrypted at the application level before it is written to storage.
  • Our cloud provider must never have access to your data in readable form.
  • Our encryption keys must be stored separately from the cloud provider and must never be accessible to any foreign entity.
2

Everything we build must be portable.

  • We must be able to migrate to Canadian-controlled infrastructure as it matures.
  • We will never build dependencies that lock us into a single foreign provider.
3

Frontier AI models are foreign-operated. We must enable all technical and contractual protections we have access to on foreign platforms.

  • Rather than limit you to weaker alternatives, we must find the most secure and private way to give you access to frontier models.
  • Foreign processing must be governed by contractual guarantees and the most secure platform configurations available to us.
  • Enterprise API access to AI providers offers stronger privacy terms than their consumer apps. By accessing models through our enterprise contracts, your data gets protections that consumer users of ChatGPT, Claude, and Gemini do not.

Ready to be the customer, not the product?

Start your subscription. Put us to the test.

Get Pro for $35 CAD/mo