ConformVaultConformVault

Security

Product of: Les Entreprises SecuAAS Inc.
NEQ: 1177504777
Domain: conformvault.com
Last updated: 2026-03-04

3.1 Our Commitment

Security is at the core of ConformVault. As a cybersecurity company, SecuAAS applies rigorous protection measures at all levels of the platform.

3.2 Hosting and Data Sovereignty

  • Exclusive hosting in Quebec — All of ConformVault's infrastructure is hosted at OVH Canada, in the Beauharnois data center, Quebec
  • Data sovereignty — No client data is persistently stored outside Quebec territory
  • Law 25 compliance — The infrastructure was designed from the outset to meet the requirements of the Act to modernize legislative provisions as regards the protection of personal information

3.3 Encryption

  • In transit: TLS 1.3 mandatory on all communications
  • At rest: AES-256 encryption of all stored files
  • End-to-end (E2E): Client files are encrypted client-side before transmission. SecuAAS technically has no access to the plaintext content of files

3.4 Access Control

  • Multi-factor authentication (MFA) available and recommended
  • Role and permission management per organization
  • Complete logging of all access operations
  • Password policy compliant with ANSSI and CIS recommendations

3.5 Monitoring and Incident Response

  • 24/7 infrastructure monitoring
  • Intrusion detection (IDS/IPS) in place
  • Documented and tested incident response plan
  • Privacy incident registry maintained in accordance with Law 25
  • Notification to authorities (CAI) and affected individuals in the event of an incident presenting a risk of serious harm

3.6 Backups and Disaster Recovery

  • Encrypted backups performed daily
  • Backup retention according to the retention policy
  • Documented disaster recovery plan (DRP)
  • Redundant infrastructure within the Beauharnois data center

3.7 Audits and Testing

  • Penetration testing conducted periodically
  • Continuous vulnerability scanning via Scanyze (EASM)
  • Code review and static analysis integrated into the development cycle

3.8 Responsible Disclosure

If you discover a security vulnerability in ConformVault, please report it responsibly to: security@secuaas.com

We commit to:

  • Acknowledging receipt within 48 hours
  • Not pursuing legal action against researchers acting in good faith
  • Fixing confirmed vulnerabilities as quickly as possible

Les Entreprises SecuAAS Inc. — Quebec, Canada
Last updated: 2026-03-04

1

Cookies & Law 25 Compliance

ConformVault only uses essential cookies for authentication and security. Our internal analytics system is 100% compliant with Quebec's Law 25: no IP addresses, no tracking cookies, no digital fingerprinting, and no personal information is collected or stored.

Law 25 — No personal information collected. Hosted in Quebec.

Learn more in our Cookie Policy and Law 25 Compliance.