The Privacy Citadel
Orbiq is engineered for technical privacy. We don't just promise security; we architect it into every byte of your financial orbit.
Infrastructure Heritage: Orbiq is purpose-built to align with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our "Privacy Citadel" framework inherits enterprise-grade compliance by leveraging a world-class security stack. We utilize Infisical for key isolation, Axiom for tamper-proof auditing, and Groq for Zero-Data-Retention AI—ensuring your data is protected by the same standards used by global financial institutions.
1) Keyless Architecture & The Encryption Shield
Most applications store "Master Keys" in files that can be stolen. Orbiq uses Infisical to achieve a "Keyless" architecture. System keys are retrieved into volatile memory (RAM) only at startup and are never persisted on the application server.
- Encryption Shield: Your data is protected by AES-256 encryption. Because keys are stored off-server, stolen database files remain unreadable "digital noise".
- Breach Immunity: This architecture allows Orbiq to maintain a "No Significant Harm" defense, potentially exempting us from mandatory 72-hour notifications if the key layer remains uncompromised.
2) Local-First Sanitization (PIPEDA Principle 4)
Orbiq follows a strict data minimization protocol. Before any transaction string leaves Canadian soil for AI categorization, it passes through our mandatory Local Sanitization Layer.
- PII Stripping: Direct identifiers, such as names and account numbers, are scrubbed locally in Toronto.
- Financial Generalization: Transaction amounts are rounded or generalized to provide context for AI without revealing precise financial balances.
- Merchant De-identification: Only sanitized keywords (e.g., "WAL-MART") are sent to AI endpoints.
3) AI Accountability (Groq ZDR)
We utilize Groq Inc. for high-speed categorization, explicitly configured for Zero Data Retention (ZDR).
- Your data is processed in volatile memory and is never used to train global AI models.
- Under our Data Processing Addendum (DPA), Groq is contractually prohibited from persisting prompt data for any period beyond the live inference session.
4) Immutable Auditing (Axiom)
Accountability is a core pillar of PIPEDA. Orbiq utilizes Axiom to maintain a 100% immutable audit trail of all security events and administrative actions. This ensures that even in the event of a breach, we can accurately reconstruct events to protect our users and fulfill regulatory requirements.
5) Data Sovereignty & The Right to Erasure
Orbiq supports your absolute right to be forgotten.
- Total Wipe: Users can trigger an irreversible deletion of all transaction history at any time from the app dashboard.
- 15-Day Purge: Upon account closure, all remaining Personal Identifiable Information (PII) is permanently purged from our active systems within 15 days.
- Residency: Primary user databases are hosted within Canadian data centers to ensure regional sovereignty.
6) Privacy Officer Designation
In accordance with PIPEDA Principle 1, Orbiq has formally appointed a Privacy Officer to oversee our data management and compliance roadmap.
Official Contact: orbiq.support@gmail.com