Canada-Resident • Built-in Privacy Protection

Your Personal Data Stays Protected in Canada

Core privacy, authentication, access-management, and audit controls are designed for Canadian residency. Sensitive data is protected before routing to an AI provider.

Privacy Policy Quickstart

Privacy controls before provider routing

Common sensitive information can be detected and removed or replaced before provider routing. AI providers receive the protected content needed for inference, not your AIOrouter account identity or billing details.

You Request Encrypted Canada-Resident Gateway Montreal, Canada Privacy Review Sensitive categories Protected Context Control layer Minimized Request No account identity Policy Controls Canada-resident Canada-Resident Audit Metadata Protected AI Provider Protected Prompt Response Response Returned Key Guarantee • Sensitive values protected first • Account identity stays with AIOrouter • Provider receives minimized context • Response returns through gateway

Useful context. Protected secrets.

AIOrouter is designed to preserve useful AI workflows while reducing exposure of personal information and technical secrets before provider routing.

Useful Context

Support, document, and code workflows can retain enough context to produce useful answers.

Secret Boundary

Technical secrets are treated as highly sensitive data and are not intended for model providers.

Enterprise Review

Additional control details are available to qualified customers during security review.

Contact security

🏗️ Data Residency Architecture

AIOrouter maintains a 100% Canada-resident architecture for all personal data. Here's how our approach compares to common industry architectures:

Dimension🇨🇦 AIOrouterCommon PracticeWhy It Matters
Audit Logs Canada-resident audit controls May replicate internationallyAudit trail protected with Canadian infrastructure
Outbound AI Prompts Content protected before routing Varies by providerProvider receives only the content needed for inference

* Industry descriptions are based on common architectural patterns, not any specific competitor.

✅ Privacy Protection Measures

MeasureAIOrouter Implementation
1. Accountability Designated Privacy Officer — privacy@aiorouter.ca
2. Identifying Purposes Limited collection — API, billing, security, compliance
3. Consent Versioned consent with opt-out — privacy protection defaults ON
4. Limiting Collection Only essential data — Zero prompt retention
5. Use/Disclosure/Retention Zero prompt retention — content protected before provider routing
6. Accuracy Self-service export; unified token counter
7. Safeguards Encrypted transport + privacy filtering + MFA + access controls
8. Openness Bilingual policy + public data flow + disclosed sub-processors
9. Individual Access Self-service DSAR — Export/Deletion — 30-day SLA
10. Challenging Compliance privacy@aiorouter.ca + OPC complaint right

📋 ISED Voluntary Code of Conduct Alignment

AIOrouter aligns with all six principles of ISED's Voluntary Code of Conduct on Generative AI:

ISED PrincipleAIOrouter Control
1. Safety — Risk assessment & mitigation Abuse-prevention controls + budget safeguards + application security
2. Fairness & Equity — Bias monitoring Uniform routing — no profiling-based pricing
3. Transparency — AI use disclosure PII data flow + X-Automated-Decision header + Disclosed sub-processors
4. Human Oversight — Human supervision Human review gates + incident escalation + breach notification
5. Accountability — Documentation & audit trail Full PIA + Quarterly compliance reports + Immutable GCS logs
6. Validity & Reliability — System reliability Continuous monitoring + controlled fallback + public status page

📧 Questions?

Contact our Privacy Officer: privacy@aiorouter.ca

Related Documents: