1. Our compliance posture
Nova System Inc. designs and operates the Meridian platform with privacy and security regulations in mind. We align our internal controls with widely recognised frameworks and pursue formal attestations on a roadmap appropriate to the size and risk profile of the platform. This page reflects current status — formal attestations follow the cadence required by each program.
2. Privacy frameworks
| Framework | Jurisdiction | Status |
|---|---|---|
| Personal Information Protection and Electronic Documents Act ("PIPEDA") | Canada (federal) | Compliance program in place; described in Privacy Policy and DPA |
| BC Personal Information Protection Act ("BC PIPA") | British Columbia | Compliance program in place |
| Alberta Personal Information Protection Act | Alberta | Compliance program in place |
| Act to modernize legislative provisions as regards the protection of personal information ("Law 25") | Quebec | Compliance program in place |
| EU General Data Protection Regulation ("GDPR") | EU/EEA | Compliance program; SCCs and DPA available |
| UK General Data Protection Regulation | United Kingdom | Compliance program; UK IDTA available |
| California Consumer Privacy Act, as amended ("CCPA/CPRA") | California, USA | Service-provider posture; rights workflow described in Privacy Policy |
| Other US state privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, etc.) | USA | Compliance program tracks effective dates |
3. Security frameworks
| Framework | Status |
|---|---|
| SOC 2 Type II | Roadmap — readiness in progress; observation period planned |
| ISO/IEC 27001 | Roadmap — control framework aligned; certification on roadmap |
| NIST Cybersecurity Framework (CSF) 2.0 | Internal controls mapped to CSF functions |
| OWASP Application Security Verification Standard (ASVS) | Used as a reference for the secure development lifecycle |
| CIS Critical Security Controls | Used as a reference for operational hygiene |
4. Industry-specific frameworks
| Framework | Relevance | Status |
|---|---|---|
| College of Immigration and Citizenship Consultants (CICC) codes of professional conduct | Applies to RCIC users of the platform | Platform supports the recordkeeping, communications, and trust-account workflows the codes require |
| Law Society of British Columbia / Law Society of Ontario / other provincial law society rules | Applies to lawyers using the platform | Platform supports recordkeeping, conflict checks, file retention, and trust-account workflows where applicable |
| FINTRAC anti-money-laundering recordkeeping | Applies to certain regulated activities | Platform supports relevant data capture; firms remain responsible for FINTRAC obligations |
| Canada Anti-Spam Legislation ("CASL") | Applies to messaging out of the platform | Consent and unsubscribe handling supported |
| U.S. CAN-SPAM Act and CASL equivalents | Applies to messaging out of the platform | Equivalent controls supported |
5. Mobile app store compliance
- Apple App Store Review Guidelines — Aurora iOS build is complete and pending Apple Developer Program enrollment and App Store review. Once published, the (Apple Distributor Requirements) flow-down terms apply.
- Google Play Developer Policies — Aurora Android available today; published under our Google Play Console account with Data Safety details, content rating, and target-API compliance.
6. Requesting documentation
Subscribed firms may request the following under NDA by writing to trust@thenovasystem.com:
- Security questionnaire response (Cloud Security Alliance CAIQ-based template).
- SOC 2 readiness summary (where available).
- Penetration test summary (where available).
- Risk register snapshot (high-level).
- Incident response runbook summary.
- Business continuity / disaster recovery plan summary.
7. Changes
This page is reviewed at least quarterly and updated when our compliance posture changes. The effective date at the top reflects the most recent update.
8. Contact
Trust and compliance: trust@thenovasystem.com. Privacy: privacy@thenovasystem.com. Security: security@thenovasystem.com.