Your procurement data stays in Canada
Canadian cloud, auditability down to the record level, and a security posture built for sensitive procurement workflows rather than retrofitted after the fact.
Publicus is built for sensitive procurement workflows. SOC-2 compliant, Canadian cloud only, 256-bit encryption, multi-factor authentication, full audit trails, and Protected B-ready deployment. We never train AI on customer data.
- Where data lives: Canadian cloud infrastructure with logical tenant isolation. Customer data never leaves Canada.
- Compliance: SOC-2 Type II, Protected B-ready, MFA required, SSO available, full source citation, and auditable AI decision-making.
- Data handling: Customer data is never used for AI training, never shared with other tenants, and is fully traceable from insight back to source record.
INFRASTRUCTURE
Built on Canadian infrastructure from day one
Canadian Cloud Hosting
All data stored and processed on Canadian infrastructure. Your procurement data never leaves Canada.
256-bit Encryption
All data encrypted at rest and in transit. Industry-standard encryption protocols across every layer.
Multi-Factor Authentication
Required for all accounts. Support for SSO integration with your organization's identity provider.
24/7 Monitoring
Continuous threat monitoring, intrusion detection, and automated incident response.
COMPLIANCE
Meeting the highest government security standards
SOC-2 Type II
Independent third-party verification of our security controls, availability, and confidentiality practices.
Protected B Ready
Infrastructure and processes designed to meet the Government of Canada's Protected B security requirements. On-premise deployment available.
Responsible AI
Purpose-built for government procurement with full source citation and auditable decision-making at every step.
DATA HANDLING
Your data, your rules
Your Data is Yours
We never train AI models on customer data. Your procurement documents, vendor information, and organizational data are never used to improve our models or shared with other customers.
Full Audit Trail
Every data point in the system has complete provenance. When we say a vendor was awarded a $2M contract, you can trace it back to the exact award notice on the exact government portal.
Data Isolation
Customer data is logically isolated. Government customers' internal data is never mixed with or accessible to other customers.
DEPLOYMENT
Deployment options for every security posture
Cloud (Standard)
Hosted on Canadian cloud infrastructure. Fastest time to value: teams are live within 24 hours.
On-Premise
Full platform deployment within your organization's infrastructure. For departments with the most stringent security requirements.
Hybrid
Public procurement data in the cloud, your internal data on-premise. Best of both worlds.
FAQ
Security questions
Where is Publicus data stored?
All Publicus data is stored and processed on Canadian cloud infrastructure. Customer data never leaves Canada and is logically isolated between tenants.
Is Publicus SOC-2 compliant?
Yes. Publicus is SOC-2 compliant. Independent third-party verification covers our security controls, availability, processing integrity, confidentiality, and privacy practices.
How does Publicus encrypt data?
All data is encrypted at rest and in transit using 256-bit AES encryption. Connections use TLS 1.2+. Encryption keys are rotated regularly and managed through a hardware-backed key management service.
Does Publicus support SSO and MFA?
Multi-factor authentication is required for all accounts. SSO is available for Enterprise customers and integrates with major identity providers including Microsoft Entra ID, Okta, and Google Workspace.
Does Publicus train AI on customer data?
No. Publicus never trains AI models on customer data. Your procurement documents, vendor information, and organizational data are never used to improve our models or shared with other customers.
How does Publicus handle a security incident?
Publicus runs 24/7 threat monitoring and automated incident response. In the event of a confirmed security incident affecting customer data, we notify affected customers within 72 hours, in line with PIPEDA and applicable provincial privacy frameworks.
Have security questions?
Contact our team at [email protected]. We're happy to walk through our security posture, provide documentation, or discuss your specific requirements.