Internationally recognized
certifications

Underline

Each certification attests to the strength of our governance, internal controls, and risk management. Audits are conducted annually by independent firms according to international standards.

SOC 2
ISO 27001
ISO 27701
Law 25
PIPEDA
AATL
Scroll down

SOC 2Type II

Security, availability, integrity, confidentiality, and privacy audit.

certificate-0
CalendarObtained: 2025
AuditAnnual audit

Compliance andgovernance

This certification verifies, over several months, that all of a company's internal controls actually work (not just on paper).

The audit covers 5 aspects: security, integrity, availability, confidentiality, and privacy.

footer logo

SOC 2 Type II demonstrates that TnS has its security and confidentiality practices audited in the same way as a Canadian bank.

ISO27001

Information Security Management System (ISMS).

certificate-0
CalendarObtained: 2025
AuditAnnual audit

Structured securitymanagement

ISO 27001 is the main international standard for information security management.

It covers everything: risk analysis, access control, encryption, business continuity plan.

footer logo

ISO 27001 proves that security at TnS is not improvised: it is planned, measured, and audited every year.

ISO 27701

Privacy extension compliant with international principles and Law 25.

certificate-0
CalendarObtained: 2023
AuditSemi-annual audit

Protection and respect forprivacy

ISO 27701 complements ISO 27001, but focuses on privacy management (PIMS).

It governs consent, access, deletion, and minimization of personal information.

footer logo

ISO 27701 guarantees that TnS respects the privacy of each user according to the strictest rules of Law 25 and Canadian regulators.

Tchat N Sign transforms your current messaging into compliant professional channels.

Communication channel comparison

Personal messaging (SMS, Messenger, and soon WhatsApp) vs Tchat N Sign compliant environment

Instant messaging is now part of your clients' habits. Rather than imposing change, Tchat N Sign integrates these channels and frames them in an environment compliant with Law 25, CSF/IPF Code of Ethics, and CIRO requirements.

Communications are centralized, archived, and protected, while preserving the simplicity of a text message.

COMPLIANCE CRITERIA
DISPARATE TOOLS
SMS · Messenger · WhatsApp · Email · Dropbox...
TCHAT N SIGN
All your channels unified
Client channels
SMS · Messenger · WhatsApp
used without control
SMS · Messenger · WhatsApp (coming soon)
centralized and archived
Internal communication
Personal email, Teams,
texts between colleagues
Secure internal chat
traceable team conversations
Document sharing
Email, Dropbox, Google Drive
(foreign servers)
Secure HTTPS links
with 2FA authentication
Where is data stored?
Foreign servers
(Meta, Google, Microsoft, etc.)
Canada only
(Azure Canada East & Central)
Communication security
Variable depending on tool,
unverifiable
Enterprise-grade encryption
Who can access?
Third-party providers
and their partners
Restricted access,
logged and auditable
Legal archiving
None — data scattered
and out of control
Automatic and
timestamped archiving
Proof in case of dispute
Hard to reconstruct
Complete and
legally enforceable history
Law 25 compliance
Non-compliant
Compliant
Professional secrecy
Risk of disclosure
Private channels per client
CIRO supervision
Impossible to audit
Verifiable records
Regulatory risk
High
Managed
Logo de validation

SMS, Messenger, WhatsApp, team conversations, document sharing — everything goes through a single platform hosted in Canada.

Your clients keep their habits, your team collaborates efficiently, and every exchange is automatically archived for your compliance.

Artificial intelligence in service of compliance and data protection.

Active data leak prevention

Digital exchanges often contain sensitive data: social insurance numbers, statements, confidential documents. Tchat N Sign integrates artificial intelligence that acts as an automatic safeguard, identifying and neutralizing risks before they compromise your compliance.

Our AI doesn't replace your teams — it protects them, by systematically applying best practices required by Law 25 and Canadian regulatory bodies.

Automatic
detection

Personal information in messages and attachments.

Deletion
or blocking

Sensitive content to ensure confidential data security.

Secure
redirection

Instant notifications in case of leak or breach risk.

Zero
retention

User access to strengthen information protection.

Settings Logo

Compliance should not depend on human vigilance. With Tchat N Sign, every exchange is monitored, filtered, and archived according to the highest Canadian security standards — without burdening your operations.

Customer Support
Logo

Responsibility and scope of
compliance.

The information presented on this page aims to facilitate understanding of legal and ethical requirements applicable to financial services professionals. It does not constitute legal advice nor an official interpretation of the laws or regulations mentioned.

Tchat N Sign implements technological measures designed to help firms and professionals meet their security and confidentiality obligations. However, regulatory compliance remains the responsibility of each firm or professional who must verify that their internal policies and practices meet the requirements of Law 25, the CSF Code of Ethics and CIRO rules, as well as applicable federal and provincial laws.

Tchat N Sign acts as a technology provider and not as a legal advisor. The examples and legal references provided illustrate the links between our features and regulatory frameworks. Each organization must perform its own verifications and obtain independent legal advice as needed.

Responsibility and compliance illustration
Validation logo

In summary: Tchat N Sign is a compliance facilitator. Each firm remains responsible for its regulatory compliance.

Data Security

Canada

100% Canadian Hosting

All data is hosted on Azure Canada East & Central, not subject to Cloud Act.

Encryption

Encryption in transit (TLS 1.3) and at rest (AES-256) for all data.

AI Protection

Automatic detection and prevention of sensitive data leaks.

Compliant Archiving

Automatic timestamped archiving compliant with regulatory requirements.

Request Our Compliance Documents

Would you like to review our SOC 2 reports, ISO certificates or detailed security policy? Contact our security team to obtain these documents under a confidentiality agreement.

Request Documents

Frequently Asked Questions

Where is my data hosted?

All data is hosted on Microsoft Azure Canada East & Central (Toronto and Quebec). With the exception of VoIP data that may transit through US servers for technical reasons, all data remains in Canada.

How can I exercise my rights under Law 25?

You can exercise your rights of access, rectification, erasure or portability by sending an email to [email protected]. We will respond within a reasonable time after verifying your identity.

Does Tchat N Sign use AI to process my data?

Yes, our AI analyzes communication content to detect and prevent sensitive data leaks. No automated decision with legal effects is made without human intervention. You have the right to request human review of any analysis.

How long do you retain my data?

Retention periods vary by data type: user account (duration + 7 years), signed documents (7 days then archived to SharePoint/CRM), VoIP recordings (5-7 years per regulations), logs (12 months). See our privacy policy for the complete schedule.

Can I obtain a copy of the SOC 2 report?

Yes, the SOC 2 Type II report is available under a non-disclosure agreement (NDA). Contact [email protected] to request it.

Questions About Security?

Our security team is available to answer your questions about our data protection practices.

[email protected]