Security

Canium's security guarantee is architectural, not contractual. The system is designed so that even Canium's own engineers have zero technical ability to access message content, encryption keys, or user credentials — under any circumstance.


Threat Model — What Canium Protects Against

Canium's encryption architecture protects users from:

What Canium Does Not Protect Against

Canium does not protect against:

Standards and Compliance

Standard / FrameworkStatus
PIPEDAArchitecture designed for compliance
Communications data residencyCanada — messaging, encryption keys, and channel content
Billing data residencyPer payment processor — currently US-based; Canadian processor migration planned for enterprise/government clients requiring full billing-data residency
IETF RFC 9420 (MLS)Implemented via OpenMLS
IETF RFC 9807 (OPAQUE)Implemented via opaque-ke (NCC Group audited library)
NIST ML-KEM-768 (FIPS 203)Hybrid post-quantum KEM (X-Wing combiner with X25519) for all MLS message key establishment and DRA recovery envelopes
AES-256-GCMMessage encryption
CCCS / Government of CanadaTarget market; procurement readiness in progress

Audit Trail

Every cryptographic state-change operation emits a structured audit event. These include authentication events (login success/failure, password change, reset), key material events (key package consumption, fallback key use), and any DRA disclosure operations. Audit logs are tamper-evident and available to compliance officers.


Compliance architecture and lawful access →

Responsible Disclosure Policy →