Commitments that can be read, and relied upon, by your legal and security teams.
This page sets out how Feerstone handles client information, and how we use, and decline to use, artificial intelligence in our own work.
Data residency
All client data, briefing submissions, and engagement artifacts are stored and processed within Canadian jurisdiction. We do not transfer client information to United States cloud regions, or to any other jurisdiction, without the client's explicit written consent. Our supporting infrastructure runs in Canadian-hosted environments.
No public-cloud AI for client material
Feerstone does not use public-cloud generative AI services, including but not limited to the OpenAI, Anthropic, and Google model APIs and comparable consumer or enterprise large-language-model platforms, to process, summarize, or analyze client-confidential material. Any AI-assisted tooling we use on client material runs only on private or client-controlled infrastructure. This commitment extends to engagement correspondence, document review, and any code or data shared with us during an engagement.
Model risk and vendor neutrality
We do not resell artificial intelligence products, and we do not accept referral fees or commissions from AI vendors. Our assessments are vendor-neutral. Recommendations are scoped to the client's risk tolerance and regulatory obligations, not to any commercial relationship of ours.
Security and access controls
Client information is encrypted in transit and at rest. Access is restricted on a role basis to the individuals working on the relevant engagement, and access is logged. We do not grant subcontractors uncontrolled access to client information. Where a subcontractor is engaged, they are bound by confidentiality obligations no less protective than our own.
Questions
We expect clients to scrutinize these commitments, and we welcome it. Any question about how your information would be handled can be raised during a private briefing, before any material is exchanged.