The important promises aren’t lines in a policy — they’re built into the database itself, the same way for every app.
Your workspace is stored and handled in Canada (ca-central-1, Montréal). The one exception, only when AI is turned on, is the scrubbed text sent to our AI provider in the US — and we list that on our sub-processor page.
The database keeps every workspace’s data walled off from the others. Even a privileged connection can’t read across the line — it’s the database itself that says no.
Anything that changes your data goes through one guarded path — checked, rate-limited, and written down. No side doors.
Every workspace keeps its own running record of what happened. Change or remove a single entry and it shows — the break is visible to you, right in the app.
The AI can draft, score, and suggest — but sending, publishing, and connecting always need a person. That rule lives in the database, not a setting someone can flip.
Sensitive personal details are stripped out before anything reaches an AI model. The record keeps a summary, never the raw text.
AI budgets stop before they overspend, and rate limits keep any one account from running away with it.
Destructive actions ask you to prove it’s really you again — right at the moment it matters.
Export your whole workspace as a single file whenever you want, and request full deletion under Canada’s PIPEDA through a secure, recorded path.
Our legal terms, privacy practices, data-processing agreement, and the list of sub-processors we rely on.
Found something? Responsible disclosure: security@weshield.ai