Trust Centre
Welcome to the TOTEC Trust Centre. This hub outlines how we protect your data and keep our platform reliable—covering security, privacy, and availability. We use a defence-in-depth approach on AWS (encryption in transit and at rest, least-privilege access, continuous monitoring, and regular vulnerability testing). Our policies span secure development, incident response, and vendor management. We maintain an up-to-date sub-processor list with processing locations and provide advance notice of changes. You’ll also find details on data handling and retention, and how to report a security concern. We review our controls against widely recognised standards (e.g., SOC 2, ISO 27001) and improve continuously. Transparency is part of our commitment—if you have questions, our security team is here to help.
Sub-processors
Last updated: 2025-09-08
| Service | What it does | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting (compute, storage, database, networking) | Calgary (ca-west-1), Global |
| Amazon Simple Email Service (SES) | Transactional / system email delivery | AWS region(s) configured by TOTEC (e.g., us-west-2 or ca-central-1) |
| Google Workspace | Business email / support communications | US |
| Auth0 / Okta | Customer authentication | Canada |
We’ll update this page at least 30 days before adding a new sub-processor whenever feasible.