Protected by Architecture.
Not Promises.
Every AI platform says they protect your data. Most of them mean a checkbox and a paragraph in their privacy policy. We built something different.
Why This Matters
A US court can compel your AI provider to disclose your data, without notifying you, your clients, or any Canadian court. That's the CLOUD Act, and every major AI platform is subject to it because they're all US-owned. OpenAI, Anthropic, and Google included.
Some of them train on your conversations by default. Some show you ads. Others cross-promote their services.
Canada built privacy law differently. PIPEDA requires meaningful consent, data use transparency, and legal frameworks that protect the person, not the platform. Foreign governments can't silently compel a Canadian company to hand over your data.
But none of that matters unless the company holding your data is a 100% Canadian-owned and operated company, subject to Canadian law alone. Data residency alone isn't the protection we all thought it was. Even if a US company stores your data in Canada, a US warrant can still compel them to hand it over without ever notifying you or the Canadian courts.
Names, addresses, and IDs scrubbed before they leave Canada.
PII Shield detects and redacts names, addresses, phone numbers, and IDs from your messages before they reach any foreign AI provider. The AI works with placeholders. When the response comes back, our servers swap the real information back in. You get the full answer. The AI provider gets nothing.
This is optional. Enable it when you need it.
AI that runs entirely in Canada.
For work where organizational policy or regulation means the data cannot leave your control, our Canadian-hosted models process everything on servers we control. Your data never crosses a border and is never seen by a third party. No foreign AI provider is involved at any point in the conversation.
When someone asks where the data went, the answer is:
It never left.
Every conversation, sealed with Canadian keys.
Your data is encrypted using keys held by a Canadian company, on hardware we own and operate ourselves. Not rented from any third party. Not colocated in a foreign-owned data center. No third party has physical or operational access to it. The cloud provider that stores your data has no path to these keys. This isn't disk encryption managed by the hosting provider. This is encryption applied by our application before your data is ever written to storage.
The cloud provider does not have access to these keys. They are never written to disk and never leave encrypted memory on our servers. A breach, a subpoena, a compromised infrastructure administrator. Whatever the threat, our cloud provider can only hand over unusable encrypted text.
They can't read what they can't decrypt.
This is automatic. Every conversation. Every model. Every tier.
The Trade-Off We Made
The same keys that prevent foreign disclosure of your data are the keys that make it readable to us. We keep those keys exclusively in Canada, on hardware we own and operate, with a backup on separate Canadian hardware that we also own and operate. We do not store copies elsewhere or with any third party, because that would defeat the entire guarantee.
If you trust nothing else about us, this is the part that matters. Every other privacy claim we make depends on these keys staying out of foreign reach.
That choice has an honest consequence: if both our key infrastructure and its backup were to fail at the same time, or if our cloud provider were to lose or seize the storage holding your encrypted data, we may not be able to recover it. Both are low-probability. Both are inherent to keeping your data out of foreign reach.
Rideau AI is a workspace, not a vault. You bring information here, work with it, and take the outputs somewhere else. Most of what passes through the platform exists in some form in the place you brought it from. We make export trivial: JSON and Markdown, anytime, no support ticket. The work you do here can leave the same way it arrived. We don't think you should treat any cloud service as the only copy of anything important, and Rideau AI is no exception.
One more thing technical evaluators often ask:
The cloud provider handles network encryption. Don't they see the data before routing it to your server?
Standard TLS encryption protects your data between your browser and the cloud provider's edge. But that's where it ends. The cloud provider decrypts the traffic at their firewall, inspects it, routes it, and re-encrypts it before sending it to our servers. For that brief moment, your data is plaintext on infrastructure we don't control.
We thought of that too.
We add a second encryption layer inside TLS. Your data is encrypted in your browser and only decrypted in memory on our web server. The cloud provider's firewall sees ciphertext. It can route it, but it can't read it.