Security

Version 2.2 · Last revised: May 14, 2026

Filemark processes sensitive corporate tax data for Canadian accounting firms. This page lists the technical and organizational controls we have in place today. Our policy-side commitments — automated-decision-support disclosure, retention periods, breach notification timing, and the rights of individuals under PIPEDA and Quebec Law 25 — are set out in the Service Privacy Policy. For further details, contact security@filemark.ca.

AI Privacy

  • Customer data is never used to train or fine-tune any AI model.
  • AI inference runs through AWS Bedrock from ca-central-1, with no retention of inference content under AWS Bedrock commercial terms.
  • The classifier sends account-name strings only — no monetary values, no client identifiers.
  • PDF Vision parsing is per-firm opt-in via the document connector.
  • Every AI call is logged with model, inputs, outputs, token usage, and latency.
  • Firm administrators can disable the LLM-based classifier on a per-org toggle; a process-wide kill switch exists for emergencies.

Data Protection

  • Encryption in transit: TLS 1.3 on every connection (TLS 1.2 minimum), with HSTS preload.
  • Encryption at rest: AES-256 on database and file storage.
  • Connector credentials: per-tenant AWS KMS data keys so a single key compromise cannot decrypt another firm’s secrets.
  • Tenant isolation: Row-Level Security enforces per-organization access on every table and storage bucket.
  • Stable egress IP: outbound traffic to vendors leaves from a single Canadian-allocated IP (15.223.139.13) for allowlisting.

Authentication & Access

  • Authentication via Supabase Auth with email and password.
  • Multi-factor authentication (TOTP / authenticator app) available.
  • Sessions validated server-side; tokens are short-lived and rotated automatically.
  • Idle sessions are automatically signed out after 30 minutes of inactivity.
  • Sign-in, sign-up, and all API endpoints are rate-limited.

Audit Logging

  • User actions logged for file uploads, exports, AI runs, integration calls, and document scraping.
  • Every AI call logged with model, inputs, outputs, token usage, and latency.
  • Connector audit log records which integration was called, when, by which user, and which data categories were involved (no file contents, no credential values).
  • Authentication events tracked via Supabase’s built-in auth audit log.
  • Audit logs are organization-scoped and retained for the same six-year window as engagement data.

Infrastructure

  • Application hosting on AWS Elastic Beanstalk (backend) and AWS Amplify Hosting (frontend), both in ca-central-1 (Canada).
  • Database, authentication, and file storage on Supabase (AWS ca-central-1, Canada).
  • Connector credentials in AWS Secrets Manager (ca-central-1) with per-tenant AWS KMS data keys.
  • AI inference via AWS Bedrock. Calls originate from ca-central-1 and route to inference endpoints in ca-central-1, us-east-1, us-east-2, and us-west-2 over AWS’s private network. AWS does not retain or train on inference content.
  • Transactional email via AWS SES (ca-central-1).
  • Real-time service status: filemark.statuspage.io.

Backup & Resilience

  • Managed Postgres point-in-time recovery within Supabase’s ca-central-1 region.
  • Object storage replicated within ca-central-1.
  • Backups are encrypted with the same AES-256 standard as production data and never leave Canada.
  • Disaster-recovery objectives and tested restore procedures are documented in our internal runbook and available to enterprise customers under NDA.

Subprocessors

The third parties that process Filemark customer data on our behalf — together with their region, role, and cross-border posture for each — are listed at filemark.ca/legal/subprocessors. That page is the canonical public disclosure and is updated whenever a subprocessor is added, removed, or has a material change.

Breach Notification

If Filemark becomes aware of a breach of security safeguards involving customer data that creates a real risk of significant harm, we notify the affected customer’s account administrators without undue delay and in any event within 72 hours of confirming the breach. We also notify the Office of the Privacy Commissioner of Canada and, where applicable, the Commission d’accès à l’information du Québec, in accordance with PIPEDA § 10.1 and Quebec Law 25. A breach register is maintained as required by PIPEDA. Suspected breaches can be reported confidentially to security@filemark.ca.

Automated Decision Support

Filemark’s tax engine performs automated computations on uploaded data, but every output is decision-support intended for review and sign-off by a qualified Canadian tax practitioner. Filemark does not render a final decision based exclusively on automated processing within the meaning of Quebec Law 25 § 12.1. Full disclosure of the categories of personal information used, the principal factors and parameters, and the right to request human review is set out in the Service Privacy Policy.

Compliance & Certifications

Filemark is committed to industry standards and compliance:

  • PIPEDA & Quebec Law 25 — in production; see the Service Privacy Policy
  • SOC 2 Type II — implementing required controls (audit planned)
  • ISO 27001 — implementing required controls (audit planned)
  • Data Processing Agreement (DPA) available on request to legal@filemark.ca

Responsible Disclosure

We encourage coordinated vulnerability disclosures. If you believe you have found a security issue in Filemark, please contact us at security@filemark.ca.

We commit to:

  • Acknowledging reports within 5 business days.
  • Investigating promptly and keeping you informed of progress.
  • Not pursuing legal action against good-faith security researchers.
Filemark | Security