Skip to main content

Security & Privacy

Sertus keeps your data in Canada, encrypts it at rest and in transit, aligns with PIPEDA, and records an audit trail on every action. It is purpose-built for sensitive labour relations records.

Your data stays in Canada. Read our privacy policy and the current sub-processor list.

Built by the editor of Canadian Labour Arbitration(Brown & Beatty), the reference text Canadian arbitrators cite.

Audit log activity
Append-only

  • Sign-in with MFA

    j.tremblay · 2 min ago

  • Grievance evidence viewed

    s.okafor · 14 min ago

  • Role changed to Steward

    admin · 1 hr ago

Stored in Canadian cloud regions · encrypted at rest and in transit

Data Protection & Residency

Grievor and bargaining-unit records stay in Canada, encrypted on disk and on the wire, with handling practices designed against PIPEDA principles.

  • Canadian cloud regions

    Grievances, evidence, agreements, and audit records are hosted in Canadian cloud regions.

  • Encryption at rest

    Data stored on disk is encrypted at rest by the underlying cloud provider.

  • Encryption in transit

    All traffic between the browser and the service is TLS-encrypted end to end.

  • PIPEDA-aligned handling

    Data handling practices are designed against PIPEDA principles for Canadian personal information.

  • Sub-processor transparency

    The current list of sub-processors is published and kept up to date at /privacy/sub-processors.

  • Backups

    Routine backups of the application database and stored documents.

Access & Governance

Sign-in, permissions, and the audit record around them — so every action on a grievance is attributable to a named user, scoped to the right organization and bargaining unit.

  • Single sign-on (SSO)

    Sign in with your organization's identity provider, centrally managed and revoked.

  • Role-based access

    Permissions scoped by organization, bargaining unit, and role, so every query is isolated to the authenticated organization.

  • Append-only audit trail

    Sign-ins, grievance lifecycle changes, document access, and administrative actions are recorded with timestamp and actor.

  • Rate-limited APIs

    Public API endpoints are rate-limited to protect against abuse and brute-force attempts.

  • Least privilege

    Internal access to production data is restricted to the smallest set of people required to operate the service.

How Sertus Protects
Your Data

Sertus is purpose-built for sensitive labour relations records. The platform combines Canadian data residency with strong encryption, access controls, and PIPEDA-aligned handling, so grievor and bargaining-unit information stays in the right hands.

  • Data stays in Canada

    Grievances, evidence, agreements, and audit records are stored on Google Cloud infrastructure in Canadian regions.

  • Encrypted end to end

    Data is encrypted at rest by the cloud provider and in transit over TLS, so it is protected on disk and on the wire.

  • PIPEDA-aligned handling

    Designed around PIPEDA principles: accountability, limiting collection, consent, safeguards, and openness. Access is logged on every record.

AI Use & Safeguards

Sertus uses AI to surface strengths and weaknesses and to assess cases. Every output is grounded in your collective agreement, the evidence in your account, and Sertus's curated Canadian labour relations corpus. AI is decision-support; it never acts on its own.

Models & Data Handling

  • No training on your data

    Your grievances, agreements, and case data are never used to train or improve any AI provider's models.

  • Your data stays in Canada

    Your records remain in Canadian cloud regions at rest. AI requests are constructed inside Sertus and transmitted only over TLS. The providers we rely on are published on the sub-processor list.

  • Scoped to your organization

    Every AI request is constructed from the authenticated user's organization context, so AI cannot reach across organizations.

How AI Is Used

  • Grounded in your data: AI reasoning is anchored to your collective agreement and the case evidence in your account, not generic web data
  • Backed by Canadian labour expertise: Sertus’s proprietary labour relations corpus is original content authored by co-founder Adam Beatty for the Sertus platform
  • AI assists, humans decide: Every grievance response, scenario memo, and case assessment is reviewed and authorized by your team before it is sent or filed
  • No automated decisions about workers: AI surfaces analysis and recommendations, but it does not execute outcomes on behalf of your organization
  • Citable outputs: Case assessments reference the specific articles and provisions of your agreement, so reviewers can verify the AI's reasoning

Infrastructure & Operations

Sertus runs on Google Cloud in Canadian regions, with multi-factor authentication, monitoring, and a tested incident response process behind every deployment.

Platform & Resilience

  • Canadian cloud regions

    The application and all customer data are hosted in Canadian cloud regions. Nothing is served or stored outside Canada.

  • 24/7 monitoring & alerting

    Uptime, error rates, and latency are continuously monitored, and on-call engineers are paged on service-affecting events.

  • Incident response process

    A documented playbook covers detection, containment, communication, and post-incident review. Customers are notified of incidents that affect their data.

  • Backups & recovery

    Database point-in-time recovery and document backups, with restoration tested on a recurring schedule.

  • Secure software delivery

    Every change is peer-reviewed, runs through automated tests and dependency scanning, and is deployed via audited CI/CD pipelines.

Authentication & Sessions

  • Multi-factor authentication

    Any user can enable app-based MFA (authenticator codes) from their account settings; the code is required at sign-in for email/password and Google/Microsoft logins alike.

  • Session management

    Sessions are issued as signed, HTTP-only, Secure-flagged cookies with sensible expiry. Sign-out revokes the session on the server, not just in the browser.

  • Password hardening

    Passwords are hashed with a modern algorithm and checked against compromised-password lists at creation.

  • Centralised revocation

    Disabling a user in your identity provider, or deactivating them in Sertus, terminates active sessions across the application.

  • Secrets management

    Application credentials and signing keys live in a dedicated secrets manager. They are never stored in source control or in container images.

Frequently Asked Questions

How is customer data protected?

Customer data is encrypted at rest by the underlying cloud provider and in transit over TLS between the browser and the service. Grievances, evidence, collective agreements, and audit records are stored on infrastructure in Canadian cloud regions. Access is scoped per organization, bargaining unit, and role, and every query is isolated to the authenticated organization.

How is Sertus aligned with PIPEDA?

Sertus is designed with PIPEDA principles in mind: accountability, limiting collection, consent, safeguarding personal information, and openness. The platform restricts grievor personal information to authorised users within the organization, logs every access to the record, and gives administrators visibility into who has touched what.

Is multi-factor authentication supported?

Yes. Any user can turn on app-based multi-factor authentication (a time-based one-time code from an authenticator app) from their account settings, and the code is then required at sign-in — whether they use email and password or sign in with Google or Microsoft. We strongly recommend MFA for everyone with access to grievance or bargaining-unit data.

How does Sertus handle incidents?

Sertus follows a documented incident response playbook covering detection, containment, communication, and post-incident review. Production systems are monitored 24/7, and on-call engineers are paged on service-affecting events. Customers are notified of incidents that affect their data, with a written post-incident summary where appropriate.

Where is Sertus data hosted?

Sertus runs in Canadian cloud regions. Grievances, evidence, collective agreements, and audit trails are all stored on infrastructure located in Canada. Cross-border processing is disclosed in the sub-processor list and only used where essential.

Does Sertus use my data to train AI models?

No. Your grievances, collective agreements, and case details are never used to train or improve any AI provider’s models. The AI providers we work with operate under contractual terms that prohibit training on customer inputs and outputs.

Where is my data stored?

Your data stays in Canada. Grievances, evidence, collective agreements, and audit records sit on Canadian cloud infrastructure at rest. AI prompts and outputs travel between Sertus and our AI provider over TLS and are not retained for training. The current list of providers is published on the sub-processor list.

Does AI make decisions about workers or grievances?

No. AI in Sertus is decision-support. It surfaces strengths, weaknesses, relevant articles, and recommended approaches by reasoning over your collective agreement, your case evidence, and Sertus’s curated Canadian labour relations corpus. AI never sends correspondence, files a grievance, or executes an outcome on its own. Every action affecting a worker or a case is taken by an authorized user in your organization.

What does Sertus’s AI rely on for legal context?

AI reasoning is grounded in three sources: the collective agreement uploaded to your account, the evidence and case history within your organization, and Sertus’s proprietary Canadian labour relations corpus. The corpus is original content authored by co-founder Adam Beatty for the Sertus platform. AI does not rely on the open web for labour relations reasoning.

How do users sign in?

Sertus supports single sign-on (SSO) and email/password. SSO lets your IT team manage user access through the identity provider you already operate, with central revocation. Google Workspace is available today, and additional identity providers can be enabled during implementation. Talk to us about what your team uses. We recommend SSO for production deployments.

Is there an audit trail?

Yes. Sign-ins, grievance lifecycle changes, document access, and administrative actions are recorded on an append-only audit trail with timestamp and actor. Administrators can review who did what and when. This matters for internal governance and for any later dispute over case handling.

How does access control work?

Sertus enforces role-based access control per organization. Within an organization, access can be scoped by bargaining unit and by case. A steward only sees their own files, a labour relations manager sees their portfolio, and an administrator sees the full caseload. Every query is isolated to the authenticated organization.

Where can I see the list of sub-processors?

The current sub-processor list is published at /privacy/sub-processors and is updated when it changes.

See it on your own files

Talk to Us About Your Requirements

We'll walk you through the security posture, data handling, and how Sertus fits your organization's policies.

Talk to Our Security Team