KuCoin fined C$19.6 million — Canada tightens AML oversight
OSC distributes disgorged funds under new 2025 rules
OSC 2025 priority: AI & cybersecurity in advisory firms
CIRO gets new evidence powers under Ontario law
Crypto asset funds face tighter regulation across Canada
Fortrade fined for unapproved recommendations: $2M CAD
KuCoin fined C$19.6 million — Canada tightens AML oversight
OSC distributes disgorged funds under new 2025 rules
OSC 2025 priority: AI & cybersecurity in advisory firms
CIRO gets new evidence powers under Ontario law
Crypto asset funds face tighter regulation across Canada
Fortrade fined for unapproved recommendations: $2M CAD
KuCoin fined C$19.6 million — Canada tightens AML oversight
OSC distributes disgorged funds under new 2025 rules
OSC 2025 priority: AI & cybersecurity in advisory firms
CIRO gets new evidence powers under Ontario law
Crypto asset funds face tighter regulation across Canada
Fortrade fined for unapproved recommendations: $2M CAD

Subprocessors & Infrastructure

At Grivus, we believe transparency builds trust. This page outlines the infrastructure providers, subprocessors, and AI services that power our compliance platform. Every vendor is carefully vetted for security, compliance, and reliability.

We only use trusted providers that comply with industry standards such as SOC 2, ISO 27001, and GDPR.

Core Infrastructure

ServicePurposeLocationCompliance
VercelFrontend hosting & global edge delivery (React + Tailwind)GlobalSOC 2, ISO 27001, GDPR
RailwayBackend hosting (Node.js APIs, task scheduling, certificate signing)US/EUSOC 2, ISO 27001
PostgreSQL (Managed)Primary database (clients, tasks, compliance records, audit logs)Canada / USSOC 2, ISO 27001
pgvector / PineconeVector database for large AI document processing & semantic searchUS/EUSOC 2, GDPR

AI & Processing

ServicePurposeData HandlingCompliance
OpenAIRegulatory AI: impact analysis, task creation, classificationText/documents processed transiently (no retention)SOC 2, GDPR
AnthropicSummarization of long regulations & compliance insightsText/documents processed transiently (no retention)SOC 2, GDPR
Perplexity AIHigh reasoning & advanced analysis for compliance researchText/documents processed transiently (no retention)SOC 2, GDPR

Security & Cryptography

ServicePurposeCompliance
X.509 Certificate SigningTamper-proof signing of audit log exportsRSA-2048, SHA-256
End-to-End EncryptionProtects sensitive client & regulatory documentsAES-256 standard

Notifications & Communication

ServicePurposeCompliance
Postmark / SendGridTransactional emails (task alerts, compliance updates)SOC 2, GDPR
In-App NotificationsReal-time alerts & task remindersSecure, hosted on Railway + PostgreSQL

Our Principles

Canada-First

Wherever possible, data is stored in Canadian regions for regulatory alignment.

Minimal Subprocessors

We only use what's necessary to deliver Grivus securely.

No Data Selling

We never share or sell your data with advertisers.

Audit Ready

Every provider we use meets enterprise compliance standards.

📌 Last Updated: October 2025

👉 For questions about data handling or subprocessors, please contact hello@grivus.com