Trust & Compliance Center

VisaNauta's commitment to CICC compliance, data security, and regulatory excellence

Built from the ground up to meet CICC By-Law 21, PIPEDA, and IRCC requirements

CICC By-Law 21 Compliance

✓

Zero-Commission by Design

VisaNauta takes no commission on fees, retainers, or client payments. You keep 100% of client money. Pure practice management tool.

📋

Immutable Audit Trail

Every action logged with timestamps and user attribution. Full compliance with CICC By-Law 21 audit requirements.

⏱️

6-Year Data Retention

All records, communications, and documents retained for minimum 6 years to meet CICC and IRCC requirements.

🔐

Mandatory MFA

Multi-factor authentication required for all users. Optional TOTP 2FA and security keys supported.

Data Security & Infrastructure

🍁 Canadian Data Residency

✓ All data stored in Canadian data centers (Montreal region)
✓ No data transfer outside Canada without consent
✓ PIPEDA and Canadian data sovereignty compliant

🔒 Encryption Standards

✓ AES-256 encryption for data at rest
✓ TLS 1.3 for data in transit
✓ Industry-standard key management

✅ Compliance Certifications

✓ SOC 2 Type I audit completed
✓ PIPEDA-aligned data processing
✓ PCI-DSS Level 1 for payment processing

⏱️ Availability & SLA

✓ 99.9% uptime SLA
✓ Automatic failover and redundancy
✓ Real-time monitoring and alerting

Privacy & Data Handling

🚫 Zero Third-Party Data Sharing

✓ Client data never sold or shared for marketing
✓ No data brokers or enrichment services
✓ Analytics anonymized and aggregated only

👤 User Control & Rights

✓ Request data export anytime (CSV, JSON, PDF)
✓ Soft-delete with 30-day recovery window
✓ Full PIPEDA subject access rights honored

Data Deletion Policy

When a user requests account deletion:

Account marked for deletion with 30-day grace period
Client and case data permanently deleted after 30 days
Audit logs retained for 6 years (legal requirement)
Confirmation email sent upon final deletion

Compliance FAQ

Does VisaNauta take a commission?

No. VisaNauta is a practice management tool, not a payment processor. We charge flat monthly subscription. You keep 100% of client fees. 100% CICC By-Law 21 compliant.

How does VisaNauta meet CICC compliance?

Immutable audit trail, 6-year retention, mandatory MFA, full communication logging, and zero third-party data sharing. All built-in from day one.

Where is my data stored?

All VisaNauta data stored in Canadian data centers (Montreal region). No data transferred outside Canada without explicit consent. PIPEDA compliant.

What happens when I delete my account?

Account soft-deleted immediately. Client data permanently deleted after 30 days. Audit logs retained for 6 years (legal requirement). Confirmation email sent on completion.

How does VisaNauta protect against breaches?

AES-256 encryption at rest, TLS 1.3 in transit, SOC 2 audits, and bug bounty programs. In breach event, we notify affected users within 24 hours.

Can I export my data?

Yes. Request full data export anytime in CSV, JSON, or PDF. Includes all clients, cases, documents, communications. No fees or delays.

Compliance Built In, Not Bolted On

VisaNauta's architecture designed from the ground up for CICC, PIPEDA, and IRCC requirements.

View Pricing Schedule Demo

Questions?

Have compliance or security questions? We're here to help.

trust@visanauta.com