LexSteward Enterprise
← Enterprise
Government · regulated · sovereign

Sovereign by design.

For public bodies, tribunals, and regulated institutions that cannot compromise on where their data lives or who can reach it: your region, your keys, and in-boundary AI inside a single-tenant cluster — up to and including air-gapped.

Real sovereignty, not a checkbox.

The guarantees that distinguish sovereign from “hosted in a nearby region.”

Canadian-owned & operated

LexSteward is an Ontario company — not a US-headquartered vendor. That means we aren’t compellable under the US CLOUD Act the way US providers are; a demand for your data would have to go the slower route, through Canadian courts under Canadian law.

You hold the key

Bring-your-own-KMS: your encryption key lives in your control. The result is true zero-knowledge — we become technically unable to read your protected content.

Residency all the way down

Your data region is fixed at signup and holds through every copy, including backups. Canadian data stays on Canadian soil.

No US operator in the path

Deployed customer-operated with your own keys, no US-jurisdiction provider holds the keys or the access — so a US CLOUD Act demand reaches, at most, encrypted data no one in the US can read.

AI inside the cluster

In-boundary AI runs within your sovereign environment. No client or case data ever leaves it — not to us, not to any model vendor.

What real sovereignty requires.

We’re specific about this on purpose. Sovereignty is a property of how a deployment is operated and who holds the keys — not of a hardware brand or a Canadian postal code. It holds when all of these are true:

Compute operated in-country. The processing layer runs on hardware operated by you or a Canadian partner — no US-jurisdiction operator with access to data in use.
Storage you control. Storage with no vendor logical access and your keys — so a compelled storage provider could produce only ciphertext.
Your keys (BYO-KMS). You hold the encryption keys, so protected content is unreadable without you — even to us.
AI in-boundary. AI runs inside the cluster; nothing is routed to a US model vendor for protected content.

“Sovereign” means outside US reach — Canadian lawful access and PIPEDA still apply, and it isn’t immunity from all government. We map every claim to your specific deployment and confirm it with counsel before we make it. Residency on our standard cloud tiers keeps your data in-region, but sovereignty in this full sense is the dedicated, customer-operated deployment described here.

Deploy it where your rules require.

The same platform, in the posture your mandate demands.

Single-tenant. A dedicated instance — your own database, storage, and AI pool — with our per-firm encryption and isolation intact.
On-prem / private. Runs on your hardware in your facility or private cloud, in your region.
Air-gapped. Fully disconnected deployments for the highest-assurance environments.
Partner-delivered stack. NetApp storage + NodeWeaver compute + the LexSteward application — a self-managing, resilient sovereign cluster.

Sovereign, on-prem, and air-gapped deployments are delivered with our infrastructure partners and scoped per engagement. Timelines and available certifications are confirmed during procurement.

Assurance & procurement.

Compliance, honestly stated

SOC 2 and sector frameworks (HIPAA / PIPEDA as relevant) are on our roadmap. We will never claim a certification we haven’t earned.

Provable confidentiality

Generate a confidentiality report for any matter: routing metadata, model used, opt-in log, and a signed boundary assertion.

Audit everywhere

Comprehensive audit trails across access, actions, and AI routing — the evidence public-sector oversight requires.

Enterprise SLAs & support

Tiered support and service levels, backed by our infrastructure partners, sized to your obligations.

Built for procurement. Per-seat or per-node licensing, contracting through our infrastructure partners where required, and enterprise SLAs — the terms public-sector and regulated buyers expect.

Start a sovereign scoping conversation.

Tell us your residency, security, and procurement requirements. We’ll design a deployment that meets them — and be candid about what’s available today versus on the roadmap.