Trust you can verify.
The important promises aren’t lines in a policy — they’re built into the database itself, the same way for every app.
Your data stays in Canada
Your workspace is stored and handled in Canada (ca-central-1, Montréal). The one exception, only when AI is turned on, is the scrubbed text sent to our AI provider in the US — and we list that on our sub-processor page.
Your workspace is yours alone
The database keeps every workspace’s data walled off from the others. Even a privileged connection can’t read across the line — it’s the database itself that says no.
One guarded path in
Anything that changes your data goes through one guarded path — checked, rate-limited, and written down. No side doors.
A record you can check
Every workspace keeps its own running record of what happened. Change or remove a single entry and it shows — the break is visible to you, right in the app.
A person holds the pen
The AI can draft, score, and suggest — but sending, publishing, and connecting always need a person. That rule lives in the database, not a setting someone can flip.
Scrubbed before the AI sees it
Sensitive personal details are stripped out before anything reaches an AI model. The record keeps a summary, never the raw text.
Spending stays in bounds
AI budgets stop before they overspend, and rate limits keep any one account from running away with it.
An extra check for risky actions
Destructive actions ask you to prove it’s really you again — right at the moment it matters.
Yours to take back
Export your whole workspace as a single file whenever you want, and request full deletion under Canada’s PIPEDA through a secure, recorded path.
The fine print, in full
Our legal terms, privacy practices, data-processing agreement, and the list of sub-processors we rely on.
Found something? Responsible disclosure: security@weshield.ai