Every client file, every message, every payment — encrypted, Canadian-hosted, and CICC audit-ready from day one.
Not bolted on after the fact. Every layer of VisaNauta was designed with Canadian privacy law and CICC compliance in mind.
All client data is encrypted at rest using AES-256 and in transit using TLS 1.3 — the same standard used by major Canadian financial institutions. Encryption keys are managed using HSM-backed key management with automatic rotation.
Every byte of client data — files, messages, case notes, payment records — is stored exclusively in Canadian cloud infrastructure. VisaNauta never transfers client data outside Canada, meeting PIPEDA cross-border transfer obligations.
Our privacy program is built around PIPEDA's 10 fair information principles: consent, purpose limitation, accuracy, safeguards, openness, individual access, and challenging compliance. We publish a full privacy policy and respond to access requests within 30 days.
VisaNauta Pay is built on PCI-DSS Level 1 certified payment infrastructure. Client card numbers are never stored on VisaNauta servers — tokenization is handled entirely by our payment processor. All disbursement records are automatically generated for CICC compliance.
Every action in the system — file views, document uploads, case updates, messages sent, payments processed — is recorded in an immutable, timestamped audit log. Export a complete CICC compliance report in one click at any time, in the exact format inspectors expect.
All RCIC accounts require MFA at login. We support TOTP authenticator apps (Google Authenticator, Authy) and SMS fallback. MFA cannot be disabled on practitioner accounts, ensuring every session is authenticated.
Enterprise plans include granular RBAC. Assign staff and associates read-only, edit, or full access per case or per client. All role assignments are logged. Principle of least privilege ensures no one sees data outside their scope.
Daily encrypted backups with 30-day point-in-time recovery. Document retention is enforced for 7 years, aligned with CICC record-keeping requirements. Backups are stored in a geographically separate Canadian data centre.
VisaNauta operates exclusively on Canadian cloud infrastructure. We have no US servers, no cross-border data transfers, and no foreign sub-processors with access to client PII. This isn't a policy — it's an architectural guarantee backed by our infrastructure contracts.
All data is stored in Canadian cloud infrastructure operated by enterprise-tier providers with Canadian data centre locations. We do not use US-based servers. Your data never leaves Canada.
You can export all your data at any time. After cancellation, your data is retained for 90 days in an exportable state, then permanently deleted per our data deletion policy. We provide a full data export in CSV/JSON format on request.
VisaNauta Pay is built on PCI-DSS Level 1 certified infrastructure. Card numbers are tokenized by our payment processor — VisaNauta never stores raw card data. All payment events are logged in the CICC audit trail.
Yes. The CICC Audit Trail feature generates one-click exports of all activity logs, trust account records, client listings, and case histories in a format aligned with CICC inspection requirements.
Never for advertising or analytics. We share data only with sub-processors required to deliver the service (e.g., cloud storage, email delivery, payment processing) — all under strict data processing agreements with Canadian data residency requirements.
Your clients trust you with their immigration future. Trust VisaNauta to protect their data.
Start Your Free Trial →No credit card required · Canadian data residency · Cancel anytime