Regulatory
Since 22 September 2023, every transfer of personal information outside Canada requires a written PIA before the transfer (art. 17).
Read article 17 →Business AI
tonia. Business AI that never leaves Canada.
Every request follows your internal policy. You stay in control of your sensitive data.
tonia has already processed over 12 billion tokens.
Geopolitical
The CLOUD Act (2018) compels any US-incorporated company to hand over your data on request — regardless of where it is physically stored.
Why it concerns us →Penalties
Art. 90.12: up to 25 M CAD or 4 % of global turnover, whichever is greater. Administrative penalties from 10 M CAD / 2 %.
See the grid →One product. Every request gated.
Most firms pay for an AI account from a US vendor — OpenAI, Microsoft, Anthropic, or Google. It's simple — until your privacy officer asks what data is used, and with what consent.
tonia filters, audits, and redacts every AI request.
Frequently asked
Three questions we get every week.
Why can't I use AI tools like ChatGPT, Claude, or Copilot with my business data?
Because in Canada, doing so — whether it's an Outlook email, a Teams thread, or text pasted into ChatGPT — almost certainly violates Bill 25 (art. 17) and hands your strategic information to a US company whose terms can change on 30 days' notice.
Does “Azure OpenAI Canada Central” solve this?
No. Canadian data residency addresses the physics, not the jurisdiction. Microsoft is a Delaware corporation. The CLOUD Act applies to the company, not the disk location.
What changes with a local on-site tonia?
AI runs on the machine installed at your office. Your requests and files never leave the building. No US vendor stores your data.