Data-Flow Matrix

Last Updated: May 27, 2026

Purpose

Shows users and regulators exactly where their data goes, per AI provider and third-party service.

Data-Flow Matrix

When You... Data Sent Where It Goes Retained By Provider? Used for Training?
Chat with an OpenAI model Your messages (PII-stripped if Redact enabled) US and other Azure/OpenAI capacity regions Up to 30 days (abuse monitoring) No (API default)
Chat with an Anthropic model Your messages (PII-stripped if Redact enabled) Azure US East / EU Sweden Per DPA (safety monitoring) No (contractual)
Chat with a Google model Your messages (PII-stripped if Redact enabled) US and other Google facility regions "Limited period" (safety) No (paid API)
Chat with a private inference model Your messages Canada (infrastructure controlled by Rideau AI) No, never leaves our infrastructure No (self-hosted, no third party)
Chat with a Cohere model Your messages (PII-stripped if Redact enabled) US (Cohere SaaS Platform) Up to 30 days (safety/compliance) No (opted out)
Chat with a Mistral model Your messages (PII-stripped if Redact enabled) European Union (France) Up to 30 days (abuse monitoring) No (opted out)
Use web search Search query + your country (AI-generated; PII-stripped if Redact enabled) US (Tavily) Not saved (opt-out enabled) No
Upload a file (PDF or image) Document content for text extraction (OCR) Canada (Rideau-owned hardware, Ontario) No, never leaves our infrastructure No
Make a payment Card info (tokenized by Stripe) US (Stripe) PCI DSS retention No
Log in via magic link Your email address US (Postmark) 45 days (delivery logs) No

What Stays in Canada

  • Your encrypted conversations and files (ALE: our cloud infrastructure provider cannot read them and does not have access to the encryption keys)
  • Your account information
  • Your usage history
  • Document text extraction (OCR) from uploaded files, performed on hardware Rideau AI owns and operates (no third party)

What Never Leaves Your Browser

  • Your decrypted conversation content (ALE-in-Transit protects against TLS termination)
  • Your passwords (we don't use passwords)