ConformVaultConformVault
Security Architecture

Enterprise-Grade Security

Every architectural decision was made with security as the absolute priority

End-to-End Encryption

Your files are encrypted on your device before being sent

Client-Side AES-256-GCM

AES-256-GCM encryption happens in your browser. Plaintext files never transit through our servers.

RSA-4096 Key Wrapping

Each file is encrypted with a unique symmetric key, itself protected by an RSA-4096 key pair per organization.

Zero-Knowledge Architecture

We store no decryption keys. Even our technical team cannot access your data.

Infrastructure

Sovereign hosting in Canada

OVH Canada — Beauharnois, Quebec

All data stored exclusively in OVH's Beauharnois, Quebec datacenter. No replication outside Canada.

Multi-Tenant Isolation

Dedicated S3 bucket per organization with unique credentials. No data mixing between clients.

No US Dependency

No AWS, Azure, or Google Cloud. Not subject to the CLOUD Act or FISA. Your digital sovereignty is preserved.

Regulatory Compliance

Three regulatory frameworks covered natively

🍁

Law 25 (Quebec)

Full compliance with Quebec's Act respecting the protection of personal information in the private sector. Beauharnois hosting. Designated privacy officer. CAI notification within 72h.

  • Quebec hosting
  • Designated officer
  • CAI notification <72h
  • PIA completed
  • Individual rights guaranteed
🇨🇦

PIPEDA (Canada)

Compliance with PIPEDA's 10 fair information principles. Full transparency on data collection and use.

  • 10 principles respected
  • Explicit consent
  • Access and rectification
  • Minimal retention
  • Safeguards in place
🇪🇺

GDPR (Europe)

For organizations handling data of EU residents. DPO appointed, legal bases documented, DPIA completed.

  • DPO appointed
  • Legal basis Art. 6
  • Rights Art. 15-22
  • DPIA completed
  • CNIL notification <72h

Access Control

Who can access what, and when

Multi-Factor Authentication

Mandatory MFA for administrators (TOTP). Hardware key support (YubiKey) planned.

Session Management

Time-limited sessions, immediate revocation, suspicious login detection and real-time alerts.

Role-Based Access Control

Granular permissions per file, folder and client space. Admin, Principal and User roles.

Immutable Audit Logs

Every action logged with timestamp, IP address and context. Append-only logs retained 7 years. HMAC tamper detection.

Data Protection

Your data protected long-term

Backups & Retention

Automatic encrypted backups. Configurable retention policy based on your legal obligations.

Retention Policies

Set automatic retention rules by document type. Secure and certified deletion at expiry.

Legal Hold

Lock files for court proceedings or regulatory audits. Automatic suspension of deletion policies.

Ready to Secure Your Data?

Join the organizations that trust ConformVault to protect their sensitive data.

Start FreeContact our team
1

Cookies & Law 25 Compliance

ConformVault only uses essential cookies for authentication and security. Our internal analytics system is 100% compliant with Quebec's Law 25: no IP addresses, no tracking cookies, no digital fingerprinting, and no personal information is collected or stored.

Law 25 — No personal information collected. Hosted in Quebec.

Learn more in our Cookie Policy and Law 25 Compliance.