Digital sovereignty is not a luxury for defence and government organisations — it is an operational requirement. Canvos offers a fully on-premise communication platform without external dependencies.
The legal and operational risks of American cloud platforms are incompatible with the requirements of defence and government organisations.
The Clarifying Lawful Overseas Use of Data Act gives the US government the right to demand data from American companies, regardless of where that data is physically stored. This includes Microsoft Azure, Google Cloud and Amazon AWS.
The Foreign Intelligence Surveillance Act allows US intelligence agencies to collect data of non-American persons from US cloud providers without a court order. European officials and military personnel explicitly fall under this provision.
Via the Five Eyes treaty (US, UK, Canada, Australia, New Zealand), intelligence data is shared between five countries. Data at a US provider is potentially accessible to all five partner countries.
Proprietary software from American vendors may contain backdoors that are not auditable. Recent incidents (SolarWinds, Microsoft Exchange) demonstrate the vulnerability of non-auditable supply chains.
Designed for deployment on your own networks, without external dependencies, with full control over every component.
Canvos runs entirely on your own network and hardware. No external cloud services, no SaaS components, no data leaving your perimeter.
No Google Fonts, no external CDNs, no analytics, no telemetry. All assets are served locally. The installation functions entirely without internet connection.
Canvos supports deployment in fully isolated networks without internet connection. All updates are installed offline via secured media.
All data is stored encrypted (AES-256) and all communication runs via TLS 1.3. Encryption keys are managed locally, not by third parties.
The AI assistant runs locally via Ollama on your own GPU hardware. No data is sent to external APIs. No cloud inference, no data sharing with third parties.
Multi-tenant isolation with strict separation between organisational units. No cross-tenant data access. Per-unit governance and audit configurable.
Configure classification levels that align with your organisational structure. DLP enforcement at every level, full audit trail per organisational unit.
Freely shareable. No restrictions on distribution or storage.
Only shareable within your own organisational unit. External sharing blocked.
Restricted distribution. No downloads, no email attachments. Access only for authorised personnel.
Maximum restrictions. View only, not shareable, not downloadable. Full access logging.
Data Loss Prevention rules are automatically enforced per classification level. No manual checks, no human errors.
Every action is logged per organisational unit: who, what, when, with which classification. Tamper-evident logging.
Generate structured reports per unit, per period or per classification level. Suitable for intelligence reviews and internal audits.
All communication modules run self-hosted on your own infrastructure. No external servers, no metadata leakage.
Secured instant messaging based on the Matrix protocol. Federation disableable for closed environments. End-to-end encryption configurable per channel.
Self-hosted Jitsi Meet for video and audio calls. No data via external servers. Participants join via link, without account or software installation.
Own mail server (Mailcow) with mandatory TLS encryption. Governance email policy: disclaimers, attachment restrictions, domain blocking, compliance BCC.
Centrally managed password vault for teams. Encrypted storage, controlled access, audit trail on every query.
Every component of the Canvos stack is open source, auditable and free from proprietary dependencies.
Canvos is working towards ISO 27001, SOC 2 Type II and BSI C5 certification. Our hosting infrastructure (Datacenter United) is already certified.
We provide secured demonstrations on-site or via an encrypted connection. Your specific requirements, classification structure and deployment scenario will be discussed in detail.
For sensitive conversations, you can reach us via encrypted channels. Contact us for details.