Trust and Security

Security is not a feature. It is the operating environment.

Built for financial firms that take data protection seriously.

Toronto

Infrastructure region

3

Data model tiers

350+

Automated tests

Your data stays in Canada

All infrastructure runs on Google Cloud, Toronto region, northamerica-northeast1. Canadian data residency is backed by infrastructure, not just a policy statement.

Access control at the data layer

Access is governed by VieFUND and enforced where the connector retrieves the data. A user can only reach what their VieFUND credentials allow - an advisor cannot return another advisor's client data, even if the request is tampered with.

Data model

Client data is not permanently stored

Hanna keeps only the layers required to power the dashboard and the operating experience. Individual client data is fetched when needed and discarded after use.

Tier 1: firm-level aggregates only for dashboard performance, such as AUM totals, advisor counts, and product statistics
Tier 2: session-scoped cache cleared when the user logs out
Tier 3: individual client data fetched live from the back-office when needed and discarded after use

Controls

Encryption, session controls, and auditability built in from the start

PIPEDA-aligned handling, examination-ready record support, and tested protections across authentication, authorization, rate limiting, and chat isolation.

AES-256 encryption for all PII fields at rest
TLS 1.3 for all data in transit
JWT authentication with 15-minute access tokens and 7-day refresh tokens
Login lockout after 5 failed attempts with a 30-minute lockout window
Rate limiting across endpoints
Audit trail on compliance actions and record-keeping support

Connected accounts

Connected accounts, narrowest access

When you connect Gmail, Outlook, or your calendar, Hanna requests the narrowest access that makes the feature work — and uses it only inside your workspace.

Hanna's use of Google APIs follows the Google API Services User Data Policy , including the Limited Use requirements. Read the full Privacy Policy.

Opt-in, reversible. Connecting an email or calendar account is your choice. Disconnect any time and the stored tokens and cached content are deleted.
Minimum scopes only. Read and send your mail, read and write your own calendar events, and read your contacts for recipient auto-complete. Nothing broader — no mailbox-wide controls, no contact editing.
Used only for what you see. Your inbox, your calendar, your AI summaries and drafts — generated for you. Never used for advertising, and never used to train generalized AI/ML models.
Same guardrails as client data. Connection tokens are encrypted at rest and access is scoped per user at the connector layer.

Tested

350+ automated tests across security gating, chat isolation, compliance logic, and data accuracy.

The point is not just policy language. The point is that the operating environment holds up under real use.