Four pillars
From the model call to the audit log.
We compose existing best-in-class infrastructure — NVIDIA, AWS — with our own open-source control plane and a Privacy Impact Assessment that survives an audit.
Pillar 01 · Safety layer NVIDIA NeMo Guardrails
Every LLM call in our portfolio is wrapped by mc-guardrails, our internal deployment of NVIDIA NeMo Guardrails. 60 Colang rails active. Fail-closed by default — if the safety layer is unreachable, the call is denied, not silently allowed.
- PII detection (Loi 25 art. 8.1 minimisation)
- Prompt injection screening
- Content safety classifiers (NeMo Guard 8B content-safety)
- Per-profile policy with audit log
POST http://localhost:8090/check
Pillar 02 · Infrastructure AWS ca-central-1
Data lives in Montréal. Always. Loi 25 data residency is the default, not the upgrade. RDS encryption at rest, SSL/TLS forced in transit, IAM least-privilege by IAM principle.
- Region locked to ca-central-1 (Montréal)
- Storage encrypted (AES-256 minimum)
- SSL/TLS forced on every endpoint
- Cross-border transfer requires explicit consent
Pillar 03 · Compliance EFVP · Loi 25 · GDPR
We complete a Privacy Impact Assessment (EFVP) before every product reaches its first user. We name our subprocessors. We document our retention periods. We honour access, rectification, and deletion requests.
- EFVP v1.4 — last updated 2026-05-15
- Loi 25 (Québec, full)
- GDPR (when applicable jurisdiction)
- EU AI Act readiness · August 2026
- 72h breach notification SLA
Pillar 04 · Open source OpenTac · Apache 2.0
Our control plane is open source. OpenTac is a universal control plane for fleets of AI agents — OAuth tools, audit trail, credential vault, multi-runtime adapters. Self-hostable. Inspect the code. Trust nothing on faith.
- Apache 2.0 license
- AES-256-GCM credential vault
- Audit log (Loi 25 art. 14)
- Multi-runtime adapter pattern