Request a Demo

Compliance & Data Protection

Compliance & Security

Civic Internet & Telephone Voting is built from the ground up to meet the specific legislative, regulatory, and policy requirements that Canadian municipal internet and telephone voting must satisfy. Compliance is embedded in every cryptographic protocol and operational procedure — not bolted on. Delivered as a full source code licence, your municipality retains complete control over election data, deployment, and security posture.

0Regulations
0Frameworks
0Security Layers
0Audit Features

Canadian Municipal Compliance

Municipal & Provincial Regulations

Purpose-built for Canadian municipalities, with full alignment to federal, provincial, and municipal legislation governing public-sector data management.

Ontario

Full compliance with the Municipal Elections Act alternative voting provisions (s.42) authorizing the use of voting and vote-counting equipment including internet and telephone systems. Supports by-law requirements for council-authorized alternative voting methods. Voter authentication, ballot secrecy, and results integrity per MEA requirements.

Ontario

Voter privacy protected through cryptographic ballot separation — voter identity is mathematically dissociated from ballot choices. No person or system can re-link voter to ballot. Personal information (voters list) handled per MFIPPA collection, use, and disclosure requirements. Access controls restrict voters list data to authorized election officials.

Canada (Federal)

Voter personal information collected, used, and stored in compliance with PIPEDA. Information is used solely for election administration purposes. Data minimization ensures only necessary elector data is processed. Post-election data destruction per retention policy. Consent management for optional services (email reminders).

Ontario

All voting channels (internet portal, telephone IVR, accessible kiosks) comply with AODA and WCAG 2.1 AA standards. Accessible kiosks support paddle switch, sip-and-puff, audio ballot, adjustable height, and high-contrast display. Telephone voting provides a fully device-independent accessible channel. All voter communications in accessible formats.

Canada (all jurisdictions)

All election data — voter credentials, encrypted ballots, audit trails, system logs, and decryption keys — stored exclusively in Canadian data centres with no cross-border data transfers. Multi-region deployment uses Ontario primary and Québec disaster recovery. No third-party services that transmit data outside Canada.

Ontario

Election infrastructure security aligned with Ontario government cybersecurity standards for public sector organizations. Cryptographic protocols align with Communications Security Establishment (CSE) and Canadian Centre for Cyber Security (CCCS) guidance. AES-256 encryption, TLS 1.3, SHA-256 hashing, and secure key management per NIST SP 800-57.

Canada (Federal guidance)

Platform design and operational procedures align with Elections Canada cybersecurity guidance for electoral systems — including threat modelling, incident response planning, independent security assessment, source code review, penetration testing, and post-election review. DDoS protection and ML anomaly detection exceed baseline guidance.

5 Compliant2 Aligned7 Shown

Compliance is not a feature we bolted on after launch — it is the architectural foundation every line of code is written against. Canadian municipalities deserve a platform that treats their legislative obligations as first-class requirements.

Civic Engineering

· Platform Architecture Team

Regulatory Compliance

Industry Frameworks

Beyond municipal legislation, satisfies internationally recognized compliance frameworks.

Information security management system controls applied to the voting platform — risk assessment, access controls, cryptographic controls, incident management, business continuity, and continuous improvement.

  • Election data classification: voters list (confidential), encrypted ballots (restricted), audit trail (integrity-critical), results (public upon certification)
  • Cryptographic controls: AES-256 at rest, TLS 1.3 in transit, SHA-256 hash chain for audit trail, Shamir M-of-N for key management
  • Access control: role-based access with MFA for all administration, no single-person access to decryption keys
  • Incident management: election-specific incident response procedures with war room escalation and post-incident analysis
  • Business continuity: multi-region deployment with automatic failover, zero vote loss, < 2 minute RTO

Critical Security Controls applied across the platform infrastructure — asset inventory, secure configuration, access control, continuous vulnerability management, audit logging, and incident response for election systems.

  • Asset inventory of all election infrastructure — voting servers, IVR telephony, kiosk endpoints, network equipment, and monitoring systems
  • Secure configuration baselines for all components with automated drift detection and remediation
  • Access control with least-privilege for voters list, ballot store, key management, and results systems
  • Continuous vulnerability management with pre-election penetration testing by independent assessor
  • Immutable audit logging for all election events with blockchain hash chain integrity verification

Platform security mapped to NIST CSF five functions for comprehensive election cybersecurity posture — from asset identification through incident recovery.

  • Identify: election asset inventory, threat modelling for internet and telephone voting, vendor dependency mapping for telephony and DDoS protection
  • Protect: cryptographic ballot separation, multi-custodian key management, DDoS protection, WAF, rate limiting
  • Detect: ML anomaly detection for voting patterns, authentication monitoring, infrastructure health checks
  • Respond: war room incident response with predefined playbooks for DDoS, intrusion, and data integrity events
  • Recover: multi-region disaster recovery with zero vote loss, post-incident analysis within 5 business days

Web application and API security validated against OWASP ASVS Level 3 — the highest assurance level suitable for critical applications handling sensitive data including election infrastructure.

  • Authentication: multi-factor for administration, credential-based (PIN + secondary) for voters, lockout and recovery procedures
  • Session management: secure session handling with timeout, re-authentication for sensitive operations, cross-channel session isolation
  • Input validation: DTMF input sanitization for IVR, web form validation, API request validation, injection prevention
  • Cryptography: verified implementation of ballot separation, key management, and audit trail hashing by independent assessor
  • Error handling: graceful degradation without information leakage, voter-friendly error messages, admin-level diagnostics in logs only

Data Sovereignty

Canadian Election Data Sovereignty

All election data is stored, processed, and transmitted exclusively within Canadian borders. No elector personal information, voting credentials, encrypted ballots, or decryption keys ever leave Canada. The architecture is designed to make cross-border data transfer technically impossible, not just policy-prohibited.

DC-PrimaryOntarioTier IVDC-DRQuébecTier III+

Hosting

Canadian Only

Centres

3 Redundant

Encryption

AES-256

Sovereignty

PIPEDA / MFIPPA

Platform Security

Security Capabilities

Click any capability to explore the technical details behind each security layer.

Auditability

Audit Trail Features

Every action is logged, timestamped, and immutable — providing the complete audit trail required by provincial legislation and municipal accountability standards.

Layer 01

Every voter authentication event logged: timestamp, channel (internet/telephone/kiosk), voter ID (hashed), success/failure, attempt count, lockout triggers — all without any ballot linkage to preserve secrecy

Layer 02

Complete ballot lifecycle audit: encrypted ballot submission timestamp, cryptographic separation confirmation, ballot store hash verification, decryption ceremony participation, and tabulation inclusion — each step verified without revealing ballot content

Layer 03

Blockchain hash chain integrity: every election event (authentication, ballot submission, admin action, configuration change, decryption step) linked by SHA-256 hash — any break in chain is detectable by independent verification tools

Layer 04

Multi-custodian ceremony documentation: key generation event, custodian identity verification, key share distribution, threshold confirmation, decryption ceremony custodian assembly, ballot mixing execution, and witness attestation signatures

Layer 05

Source code audit access: complete codebase available to independent auditors including cryptographic ballot separation, key management protocols, voters list synchronization, ML anomaly detection algorithms, and all security controls — no black-box components

Layer 06

Penetration test documentation: third-party security assessment report covering all voting interfaces (web portal, IVR, API, admin console, infrastructure), all findings classified by CVSS severity, remediation evidence, and re-test verification

Layer 07

ML anomaly investigation trail: every alert includes detection reason, confidence score, affected time window, aggregate data visualization, investigation actions taken, resolution classification, and analyst sign-off

Layer 08

Post-election statistical report: comprehensive turnout by channel and ward, voting velocity timeline, system uptime and performance, help desk volume and resolution metrics, accessibility usage, security incident summary, and comparison to previous elections

Request Security Documentation