Because mortgage professionals handle highly sensitive personal and financial information, Broki is built with strong technical safeguards, Canadian data residency, and regulatory awareness from day one.

This article outlines how we protect your data, the infrastructure we use, and what security measures are in place.

All primary user data is stored in Canada.

Broki uses Supabase (PostgreSQL) hosted in AWS Canada (ca-central-1).

This ensures:

• Canadian data residency
• Alignment with FOIPPA requirements
• Compliance with BC regulatory expectations
• Reduced cross-border exposure

Data does not leave Canada unless a user explicitly authorizes a third-party integration (such as Gmail or Outlook).

Broki’s backend database is powered by Supabase running on Amazon Web Services (AWS) infrastructure in Canada.

Key security benefits:

• Enterprise-grade cloud hosting
• High availability and redundancy
• Continuous infrastructure monitoring
• Secure database architecture

Supabase maintains SOC 2 Type II compliance, which means it meets strict auditing standards for security, availability, and confidentiality controls.

Broki uses industry-standard encryption at all levels:

Data in Transit
All data transmitted between your device and Broki servers is encrypted using TLS 1.3.

Data at Rest
All stored data is encrypted using AES-256 encryption.

This protects:

• Client personal information
• Uploaded mortgage documents
• Login credentials
• Internal communications

Broki implements Row Level Security (RLS) within the database.

RLS ensures:

• Users can only access records they are authorized to view
• Team member permissions are enforced at the database level
• Cross-account access is technically restricted
• Data isolation is built into the architecture

Even if two organizations exist in the same database cluster, RLS prevents cross-visibility.

This is a critical security layer beyond standard application-level permissions.

Broki uses role-based access control.

Admins can configure:

• Pipeline access
• Document access
• Financial information visibility
• Integration permissions
• Compliance access
• Data management controls

Executive assistants can be granted expanded access when needed.

Permissions are granular and enforce least-privilege access principles.

Broki supports multi-factor authentication (MFA).

This adds a second layer of verification beyond your password.

Security benefits:

• Protects against credential compromise
• Reduces risk of unauthorized access
• Strengthens account integrity

Users are strongly encouraged to enable MFA, especially for admin-level accounts.

Login credentials are:

• Encrypted
• Hashed securely
• Never stored in plain text

Additional protections include:

• Session validation
• Secure token handling
• Audit logging of authentication activity

Broki maintains detailed audit logs to track:

• User activity
• File updates
• Document uploads
• Automation executions
• Compliance actions

These logs:

• Support compliance requirements
• Assist in internal reviews
• Help identify suspicious behavior

System activity is continuously monitored for unusual patterns or intrusion attempts.

Broki performs:

• Daily encrypted backups
• Secure backup storage
• 7-year retention for regulated file data

Retention aligns with:

• BCFSA expectations
• FOIPPA guidelines
• CRA record-keeping standards

After required retention periods expire, data is securely deleted or anonymized.

Broki operates in accordance with:

• FOIPPA (Freedom of Information and Protection of Privacy Act – BC)
• BCFSA expectations for regulated mortgage professionals
• PCMLTFA requirements for identity and AML workflows

Our Privacy Policy outlines:

• What data we collect
• Why we collect it
• How we use it
• Who we share it with
• Your rights under FOIPPA

Users retain ownership of their client data.
Broki processes data only to provide and improve the service.

We do not sell personal information.

Broki integrates with third-party services such as:

• Gmail
• Outlook
• Velocity
• Finmo

These integrations require explicit user authorization.

Broki does not control:

• Third-party security practices
• API changes
• External service outages

Users are responsible for managing and monitoring their integrations.

In the unlikely event of a security incident:

• Investigation begins immediately
• Containment measures are deployed
• Affected users are notified within 72 hours if risk of harm exists
• Regulatory reporting occurs where required

We maintain documented incident response plans and continuously improve security posture.

While Broki implements strong safeguards, no digital platform can ever guarantee 100% immunity from:

• Cyberattacks
• Credential theft
• External vulnerabilities
• Zero-day exploits

Broki continuously monitors, upgrades, and strengthens infrastructure to mitigate emerging risks.

Security is shared responsibility.

As a user, you are responsible for:

• Keeping credentials private
• Using secure networks
• Supervising team members
• Revoking access when staff leave
• Maintaining independent backups
• Verifying regulatory compliance

Broki security includes:

• Canadian data residency (AWS Canada)
• Supabase SOC 2 infrastructure
• TLS 1.3 & AES-256 encryption
• Row Level Security (RLS)
• Role-based access controls
• Multi-factor authentication
• Encrypted daily backups
• Audit logs & monitoring
• FOIPPA-aligned privacy framework
• Regulatory-conscious architecture

Broki Technologies Inc is committed to:

• Protecting mortgage professionals and their clients
• Maintaining strong privacy controls
• Investing in infrastructure security
• Continuously improving defensive measures

Security is not static.
It is an ongoing process.

If you have questions regarding security, privacy, or data handling, please contact:

[email protected]

We respond to all security-related inquiries promptly.