Enterprise-grade security
Your clients trust you with their corporate records. We take that responsibility seriously.
Data Residency
All customer data is stored exclusively in Canadian data centers (Toronto, yyz). We do not replicate, backup, or transfer data outside Canada. This satisfies provincial law society guidelines and eliminates CLOUD Act / Patriot Act exposure.
Encryption
Data at rest: AES-256 encryption. Data in transit: TLS 1.2+ with HSTS preload. All connections are HTTPS-only. Database encryption at rest via Fly.io volume encryption.
Access Controls
Role-based access control (RBAC) with 6 built-in roles (Partner, Associate, Paralegal, Clerk, Bookkeeper, Client). Field-level permissions. Multi-factor authentication (TOTP and WebAuthn/FIDO2). Ethical walls via client group restrictions.
Monitoring & Response
Continuous error monitoring via Sentry. Automated health checks. Suspicious activity detection via django-axes (brute-force protection). Rate limiting on all authentication endpoints.
Audit Trail
Every action is logged: who did what, when, and from which IP address. Permission denials are recorded in a dedicated audit log. Activity logs are immutable and searchable.
Backups & Continuity
Daily automated backups with 7-day retention. Point-in-time recovery capability. Documented disaster recovery plan. Quarterly restore testing.
Compliance
Aligned with PIPEDA, provincial PIPA statutes (AB, BC, QC), and Law Society of Alberta software selection criteria. SOC 2 Type II audit in progress. Internal practices modeled after ISO 27001 controls.
Penetration Testing
Annual third-party penetration testing. Aligned with OWASP Top 10. Automated dependency vulnerability scanning in CI/CD pipeline (pip-audit). Responsible disclosure via security@mortacc.com.
Sub-processors
Stripe — payment processing (PCI DSS Level 1)
Fly.io — cloud hosting (Canadian region)
Anthropic — AI features (optional, per-firm opt-in)
Sentry — error monitoring (no PII)
Download Resources
Security documentation available for your firm is compliance review.
Request Security Package or Contact Us