Security & Privacy

Your family's privacy. Guaranteed.

Your family documents stay completely private. Even our search system never sees your real names or personal information. Encrypted at rest, privacy-compliant by design.

Start FreeRead Privacy Docs
Secure data residencyAES-256 encryptionZero AI training on your dataPasskey authentication

Privacy-by-design, not privacy-by-opt-out

Your privacy is not a setting you toggle on. It is built into every layer of how Archevi works -- from how we store your files to how we process your questions.

Boundary Anonymization

Personal information is automatically detected and replaced with realistic surrogates before cloud AI processing. Names become fake names. Emails become fake emails. The AI never sees the real thing.

Powered by Microsoft Presidio -- industry-standard PII detection used by enterprises worldwide.

Hard Redaction

Highly sensitive data like Social Insurance Numbers and credit card numbers are not anonymized -- they are blocked entirely. If detected, the query is rejected before it reaches any external service.

Two layers: regex pattern matching (instant) + Presidio NER (deep analysis).

Secure Data Residency

Your documents are stored on encrypted servers in Canada with full PIPEDA compliance and GDPR-aligned data handling. Only anonymized query text reaches AI providers -- and even that contains no real personal information.

PIPEDA compliant, GDPR-aligned. Your files are stored securely and never used for AI training.

How boundary anonymization works

The AI sees surrogates, not your family. Here is what happens when you ask a question.

1

You ask

"What did John Smith say about Apple stock?"

2

Archevi detects entities

John Smith (PERSON), Apple (ORG)

3

AI receives surrogates

"What did Alex Johnson say about TechCorp Alpha stock?"

4

You see real names

"John Smith mentioned a positive outlook on Apple..."

The AI never knew you were asking about John Smith or Apple. It only processed surrogates. Your real data never left our servers.

What gets protected

Two strategies for two types of sensitive data.

Anonymized (Surrogates)

Replaced with realistic fakes so AI can still reason about context:

NamesJohn Smith -> Alex Johnson
Emails[email protected] -> [email protected]
Phone numbers555-0123 -> 555-9847
LocationsToronto -> Halifax
OrganizationsApple -> TechCorp Alpha

Blocked (Hard Redaction)

Detected and blocked entirely. The query is rejected before reaching any external service:

  • Social Insurance Numbers
  • Credit card numbers
  • Bank account numbers
  • Passport numbers
  • Driver's licence numbers
  • IBAN codes

AI providers we use and why

We chose AI providers with contractual no-training commitments. But we go further -- they only receive anonymized surrogates.

Groq

Processes anonymized queries with Llama language models.

  • Does not use data for model training
  • Zero data retention on inference
  • Only receives surrogates, not real data
Cohere

Powers semantic search and document retrieval with embedding models.

  • Does not use data for model training
  • SOC 2 Type II certified
  • Only receives surrogates, not real data

Authentication and infrastructure security

Multiple layers of protection from login to storage.

Passkey / WebAuthn

Passwordless authentication using FIDO2 passkeys. Phishing-resistant by design.

Two-Factor Authentication

TOTP-based 2FA with backup recovery codes. Required for sensitive operations.

Trusted Devices

Manage and review devices that have access. Revoke any device instantly.

Token Rotation

Refresh tokens are single-use and rotate on every request. Stolen tokens expire immediately.

Tenant Isolation

Database-enforced row-level security. Each family operates in a completely separate data partition.

Encryption

AES-256 encryption at rest. TLS 1.3 for all data in transit. No unencrypted data at any layer.

Family-isolated data

Every family on Archevi operates in a completely separate tenant. Your documents, conversations, anonymization vaults, and search history are invisible to other families.

  • Row-level security enforced at the database layer
  • No cross-tenant query paths exist
  • Role-based access within each family
  • Separate anonymization vaults per conversation

The Hudson Family

Completely separate

The Tremblay Family

Completely separate

Your Family

Your isolated vault

How we keep the platform safe

Every file uploaded to Archevi is automatically checked before it enters your vault. These scans are fully automated and do not involve human review of your documents.

Malware scanning
Every uploaded file is scanned by ClamAV antivirus before processing. Infected files are quarantined immediately and never reach your vault or the AI system.
Illegal content detection
File hashes are checked against databases maintained by child protection organizations and law enforcement. Matches are reported to authorities as required by law.
Hourly encrypted backups
Your documents and data are backed up hourly to encrypted storage. Backups are retained for disaster recovery and stored with the same encryption as your primary data.

Full details in our Acceptable Use Policy and Privacy Policy.

Three Trust Zones

Your data passes through isolated zones. Each one has a single job: protect what matters most.

Zone 1
Your Device

Files upload over TLS 1.3 directly to Canadian servers. No intermediary CDN. No US hop. Your browser talks to Toronto.

TLS 1.3 -- AES-256 at rest -- End-to-end encrypted transit

Zone 2
The Anonymizer

Before AI sees anything, Presidio strips names, SINs, emails, phone numbers. What remains is structure without identity.

Microsoft Presidio -- Regex hard blocks -- SIN/credit card/passport never pass through

Zone 3
The AI

AI receives anonymized surrogates only. It answers questions about your documents without ever knowing who you are.

Groq: zero retention, no training -- Cohere: SOC 2 Type II, no training

Not All “AI + Documents” Is Equal

Most AI tools process your raw data on US servers. Archevi was built differently from day one.

Typical AI document tools

Raw documents sent to US-based AI models
Data may be used for model training
All users share one database
No PII filtering before AI processing
Unclear data retention policies

Archevi

Documents stored in Toronto, Canada
Zero AI training on your data, contractually
Per-tenant database with row-level security
Presidio anonymizes PII before AI sees it
SINs, credit cards, passports hard-blocked

Your Document's Journey

From the moment you upload to the moment you ask a question, here is exactly what happens.

1
Upload
TLS 1.3 encrypted transit. Lands on Canadian server. ClamAV malware scan.
2
Process
Text extracted. PII detected by Presidio. Surrogates replace real values. Hard blocks strip SINs.
3
Index
Anonymized text becomes searchable vectors. Original stays encrypted in your tenant's isolated store.
4
Answer
AI reads surrogates, generates answer, surrogates are re-mapped to real values. You see real names; AI never did.

Standards and compliance

Not retrofitted for compliance. Built with it from the first line of code.

PIPEDA & GDPR

Privacy law compliant

GDPR Ready

EU data protection

AES-256

Encryption at rest

TLS 1.3

Encryption in transit

SOC 2

AI provider certified

RLS

Row-level tenant isolation

Security & privacy FAQ

Privacy your family can verify, not just trust

Every family member gets AI-powered search with zero exposure of personal data. No ads, no training on your documents, no exceptions.

Start FreeQuestions? Contact Us

Free plan availableNo credit card requiredPrivacy protection from day one

Privacy documentationPrivacy policy