AltaPro AI
Trust · Security · Compliance

Security & Compliance.

We build fast — and we're just as straight about how we protect your data. Here's exactly where we stand, in plain language. No badges we haven't earned.

In Place

Encryption in Transit & at Rest

Every connection is served over TLS, and data is encrypted at rest by our infrastructure providers. No plaintext client data sits on a disk in the open.

Transparent Data Use

Where we use data from the systems we build to improve and expand our service and AI capabilities, it's set out plainly in your agreement — never hidden, and never exposing one client's confidential data to another.

Progressive Trust Model

Our proprietary approach to AI trust. Every system starts with a human approving consequential actions and earns broader autonomy only as it proves reliable over time — you stay in control throughout.

Vetted Subprocessors

Every third party that touches data is a reputable vendor carrying its own SOC 2 / ISO 27001 attestations. We inherit and pass through their security posture.

Role-Based Access & Least Privilege

Access to systems and client data is scoped to who needs it, for what, and nothing more. Credentials are rotated and secrets are never committed to code.

Published Privacy Policy & Terms

Our data practices are documented and public — see our Privacy Policy and Terms of Service, not buried in fine print.

Aligned With

PIPEDA

Canada's federal private-sector privacy law. We handle personal information under its principles — consent, purpose limitation, access, and accountability.

Alberta PIPA

Alberta's Personal Information Protection Act. As an Edmonton company serving Alberta businesses, we operate under provincial privacy rules.

CASL

Canada's Anti-Spam Legislation. The outreach and lead systems we build run on real consent, clear identification, and working unsubscribe — by default.

Working Toward

SOC 2 Type II

The recognized trust standard for software and service companies. We're building toward a Type II report — the independent audit of how we handle security over time.

ISO/IEC 42001

The international standard for responsible AI management systems. We're aligning our AI governance to it as the framework matures across the industry.

Formal DPA & Subprocessor Program

A standard Data Processing Agreement for clients, plus a formal process to notify you before any subprocessor changes.

“Working toward” means exactly that — active, honest efforts, not claimed certifications. We'll publish each report or certificate here the day it's issued, and not a day before.

How we handle your data with AI

How We Handle Your Data.

Set Out in Your Agreement

Every use of your data — including using it to improve and expand our service and AI capabilities — is defined in your contract, in plain language. No hidden uses, no surprises.

Foundation Models Don't Train on It

The third-party AI providers we build on (like Anthropic) don't train their models on data sent through their business APIs. Any improvement we do is ours, on our side, under your agreement.

You Own Your Systems

The systems we build run on your data, for your business. Ownership of your data stays with you, and we keep it confidential — never exposed to another client.

Our subprocessors

Who Touches Your Data.

These are our core subprocessors — third parties that may process or store data in the systems we build and run. It excludes our own back-office tools (accounting, e-signature, internal alerts), which don't handle your data on our behalf. The complete, current list for a specific engagement is available on request or under your Data Processing Agreement.

SubprocessorPurposeRegionCategory
VercelWebsite & application hosting, edge deliveryUSA · globalHosting
CloudflareHosting, edge delivery & security for some buildsUSA · globalHosting
NeonApplication database (Postgres)USADatabase
SupabaseDatabase & authentication for some buildsUSA · EUDatabase
AnthropicAI assistant & generation (Claude)USAAI
OpenAISpeech-to-text transcription for some buildsUSAAI
TwilioSMS & voice messagingUSAMessaging
SignalWireSMS & voice messagingUSAMessaging
VapiAI voice callsUSAMessaging
ResendTransactional & notification emailUSAEmail
StripePayment processingUSA · globalPayments
Cal.comCall & meeting schedulingUSA · EUScheduling
UpstashRate limiting & abuse preventionUSA · globalInfrastructure

Security questions

Need a DPA or a Security Review?

Ask us anything about how your data is handled, request a Data Processing Agreement, or send a vendor-security questionnaire. We'll answer straight.

Edmonton, Alberta · Updated July 2026

A

Aria

AI receptionist · AltaPro AI

Hi there! I'm Aria, AltaPro AI's receptionist. To point you in the right direction - what kind of business do you run?