CivicPermit.Solutions

Enterprise Security. Canadian Data.

CivicPermit.Solutions is built to meet the security, privacy, and compliance expectations of Canadian municipalities. Your data is hosted in Canada, protected by enterprise-grade infrastructure.

Security & Compliance

Built from the ground up with municipal security requirements in mind

Canadian Data Residency

All data hosted in Montreal, Canada on Canadian soil. Designed so that no data leaves Canadian jurisdiction, supporting federal and provincial residency requirements.

Encryption

TLS 1.3 encryption for all data in transit. AES-256 encryption for all data at rest. Zero plain-text storage of sensitive information.

Authentication

SAML 2.0 single sign-on with Microsoft Entra ID. Multi-factor authentication enforced for all staff accounts.

Access Control

Role-based access control (RBAC) with database-level row security. Users only see data they're authorized to access.

SOC 2 Type II

Infrastructure hosted on SOC 2 Type II certified platforms (Supabase, Vercel). Security audits and penetration testing conducted by infrastructure partners.

PCI DSS Compliance

Tokenized payment processing through Stripe/Moneris. Zero card data touches our servers. Designed for SAQ A-EP scope.

WCAG 2.1 AA

Full accessibility compliance with WCAG 2.1 Level AA standards. Screen reader compatible, keyboard navigable, and color contrast compliant.

99.9% Uptime SLA

Targeted 99.9% availability backed by infrastructure-level SLAs. Real-time status monitoring and proactive incident response.

Disaster Recovery

Daily automated backups with point-in-time recovery available. Targeted Recovery Time Objective (RTO) under 15 minutes. Enhanced PITR available for enterprise plans.

Privacy Compliance

Designed to support FOIP, ATIA, MFIPPA, PoPA, and other Canadian privacy legislation. Privacy Impact Assessment available on request.

Audit Logging

Every action tracked with immutable audit logs. Full traceability for who did what, when, and from where.

Security Updates

Critical security patches deployed within 72 hours. Regular dependency updates and vulnerability scanning with automated alerts.

Infrastructure You Can Trust

CivicPermit.Solutions runs on Canadian-hosted infrastructure with databases in Montreal and application servers in Toronto. Our infrastructure partners maintain SOC 2 Type II, ISO 27001, and CSA STAR certifications. All infrastructure is monitored 24/7 with automated alerting and incident response.

  • PostgreSQL Database — Montreal, Canada
  • Application Servers — Toronto, Canada
  • Automated daily backups with point-in-time recovery
  • Multi-zone redundancy for high availability
  • 24/7 infrastructure monitoring and alerting
  • Infrastructure partners conduct regular penetration testing

Questions About Security?

Our team is happy to discuss our security practices, provide documentation, or arrange a security review.

Contact Security Team