Infrastructure
Canadian residency. Self-hosted monitoring.
Mechanus IQ runs in AWS ca-central-1 (Montreal). Every layer is chosen so the data never crosses a border, the observability never crosses a vendor, and the operational model never relies on a SaaS telemetry provider. The sales weapon is not a logo wall. It is the data you never had to hand over.
Stack
| Layer | Technology | Note |
|---|---|---|
| Ingress | CloudFlare + Workers (bot-trap) | Canadian POPs; no SaaS analytics |
| Frontend | Next.js 14 App Router + Tailwind | Self-hosted fonts; zero remote scripts |
| Backend | Python FastAPI + Celery + Dagster | Trunk-based; GitHub Actions CI/CD |
| Database | PostgreSQL 16 + TimescaleDB | Schema-per-tenant isolation |
| Cloud | AWS ca-central-1 (Montreal) | Canadian data residency, non-negotiable |
| Auth | Auth0 (B2B tenant) | Role-based; MFA required for operators |
| LLM | Claude via AWS Bedrock | Pay-per-use; zero fine-tuning on client data |
| OCR | AWS Textract | For OEM statements, warranty docs |
| Monitoring | Self-hosted Grafana + Sentry | NO third-party SaaS telemetry |
| Evidence | Dual-rail (RFC 3161 TSA + Hyperledger Fabric private rail) | Court-admissible timestamping, per-tenant private-channel commits |
End-to-end data flow
01
Source-side PII stripping
Dealer exports CSV from DMS with customer PII columns removed at source. Employees identified by anonymous dealer-issued personnel codes. MIQ never receives SIN, name, address, phone, email.
02
SFTP drop or dashboard upload
Either path terminates on a per-tenant SFTP user or a signed upload URL. CloudFlare bot-trap and CSP gate the web path.
03
Ingestion + canonicalization
Files land in a per-tenant S3 prefix with SSE. Ingestion worker canonicalizes against the configured DMS schema (CDK, PBS, Quorum, Reynolds, DealerTrack).
04
Forensic analysis
Deterministic analyzers run first (rule-based vector detection). ML layer runs against the canonicalized tables. Findings are hashed as they materialize.
05
Hash chain + attestation
Each finding enters the rooftop hash chain. The hourly Merkle root is submitted to a DigiCert RFC 3161 TSA for a signed timestamp. Signed TSR retained.
06
Report + dashboard
Reports render from the findings table into a dashboard for operators and a signed PDF for owners and auditors. Nothing leaves ca-central-1.
Residency posture
- Primary region: AWS ca-central-1 (Montreal).
- No cross-border replication. Backups retained in ca-central-1 only.
- LLM calls to Claude are routed via AWS Bedrock, which keeps inference inside the Canadian boundary.
- Third-party SaaS telemetry: none. Monitoring is self-hosted Grafana and Sentry on our own infrastructure.
Privacy posture
- Zero analytics, zero session recording, zero third-party telemetry on any Mechanus IQ surface.
- PIPEDA compliant. Mechanus IQ never receives customer PII from dealers; PII is stripped at source.
- No model training on client data. Contract prohibition, not aspiration.
- Employees identified only by dealer-assigned anonymous personnel codes. Names never enter the system.
Deep links
Security posture
Threat model, CSP, HSTS, bot-trap, and incident response SLA.
PII-free architecture
Why Mechanus IQ never sees customer PII, and what it means for dealers.
Intelligence model
1044 detection vectors across 44 domains, with calibration and explainability.