1. The problem with US-controlled cloud
Most modern software runs on US-based infrastructure such as AWS, Microsoft Azure, or Google Cloud. Even when these providers use datacenters located in Canada, they are US-controlled companies.
Under legislation like the US CLOUD Act, the US government may claim jurisdiction over data stored by these companies regardless of where the physical servers are located.
2. Non-US infrastructure
orbit takes a different approach. We explicitly avoid US-controlled cloud providers for core application and case management data where orbit infrastructure is under our control.
Instead, we use infrastructure providers that operate datacenters within Canada and are not US-controlled entities. This means the physical servers are located on Canadian soil, the infrastructure provider is not a US-controlled entity, and the data is subject to Canadian privacy laws without the same US CLOUD Act complication.
3. True data sovereignty
Data sovereignty means data remains subject to the laws and controls of the place where it is collected, stored, and processed.
By ensuring core orbit infrastructure resides within Canadian datacenters managed by non-US entities, we provide clients with a stronger level of data sovereignty.
4. Third-party exceptions
While our core application and database infrastructure follow this policy, we may use specialized global providers for non-sensitive edge services, such as content delivery for static assets, email delivery, or privacy-focused analytics.
These services do not handle core case data or sensitive operational information unless a customer agreement specifically allows it.
5. Our commitment
We will continue to prioritize Canadian hosting and jurisdiction-aware infrastructure as orbit grows.
If we are ever required to change infrastructure providers, we will maintain data sovereignty as a core principle of the service.
Last Updated: June 28, 2026