Security
Advirra hosts client data for financial advisory firms. That responsibility shaped the architecture from the first commit: every firm gets its own isolated instance, in Canada, encrypted with its own key, with no standing access by anyone — including us. This page describes what is built and running today; it is written for a dealer's due-diligence reviewer.
Isolation: your own instance, not a shared database
Every firm runs on its own dedicated infrastructure — there is no shared application database and no cross-tenant table anywhere.
- A dedicated application container — no shared compute with other firms' requests.
- A dedicated database with its own credentials; a bug in another firm's instance cannot reach yours.
- A dedicated file bucket for documents and uploads, closed to public access.
- A dedicated encryption key (AWS KMS) that only your instance's role can use.
Data residency: Canada
- All service data — application, database, files, and backups — lives in the AWS Canada (Central) region in Montreal.
- Payment processing is handled by Stripe against billing contacts only; client data never goes to Stripe.
Encryption
- TLS for all data in transit.
- Encryption at rest across the database and file storage.
- Field-level encryption for sensitive identifiers — Social Insurance and government ID numbers are encrypted with your instance's dedicated key before they reach the database, so even a raw database leak would not expose them.
Access: no standing access, even for us
- Your firm controls its own users and roles (advisor, manager, owner) inside the instance.
- Multi-factor authentication (authenticator apps + recovery codes) is built in; administrators are required to enrol, and firms can require it for everyone.
- Advirra staff have no standing credentials to any firm's database. Support access uses a break-glass procedure — a recorded reason, credentials that expire automatically, and an audit entry you can ask us about.
- Every administrative and data change in your instance lands in your own audit log, visible to your firm's administrators.
Availability and recovery
- Automated daily backups sized so that no recovery scenario loses more than 24 hours of data (RPO ≤ 24h).
- Restore procedures designed to bring an instance back within 8 business hours (RTO target).
- Fleet-wide health monitoring with paging alerts to the operator, and a public status page that reports incidents.
Secure development and operations
- All changes flow through code review, automated tests, and a staged release train: continuous integration → QA → a canary instance → gradual rollout across the fleet, with automatic halt on failures.
- Secrets live in AWS Secrets Manager, scoped per firm; nothing sensitive is kept in source code.
Compliance posture
- Built to SOC 2-aligned controls, with evidence collected as we operate (access reviews, restore tests, incident records). A formal SOC 2 report is planned when customer demand requires it.
- Our PIPEDA and Québec Law 25 program covers a designated privacy officer, a breach register and notification process, and privacy impact assessments for new processing.
- Firms remain accountable for their own regulatory obligations (e.g. CIRO record-keeping); our retention and export design is built so the Service never becomes the reason a firm can't meet them.
Incident response
- We maintain a written incident-response runbook covering detection, containment, assessment against the PIPEDA/Law 25 “real risk of significant harm” standard, notification of affected firms without undue delay, and a post-incident review.
Security questions & questionnaires
Send architecture questions or a security questionnaire to security@advirra.ca. We answer them personally — the person who built the platform reads them. For live operational status and incident history, see our status page.