When you digitise your documents, you're trusting someone with your most sensitive information. Client records. Financial statements. Medical files. Legal correspondence. Personnel records.
That trust matters. We treat it that way.
Many businesses worry: "Where does our data actually go?" With Luvant, the answer is simple: it goes where you tell it to go. On your server. In Trinidad. Under your control.
We don't store your documents on our servers. We don't upload them to the public cloud. Here's exactly how your data is protected:
Your document management system runs on hardware isolated from the public internet, or accessible only through a private connection you control.
You own the server. You own the storage. We just help you run it.
You decide who can see what. Not us. Not any third party.
The Data Protection Act 2011 is clear: personal data must be stored AND accessed only in Trinidad & Tobago, unless the individual consents to overseas storage, or the other jurisdiction has comparable safeguards.
For most businesses in T&T, this means: your data must stay in Trinidad.
Many offshore cloud providers, Google Drive, Dropbox, OneDrive, AWS, store files on servers in the US, Europe, or Asia. Using them for personal data without explicit consent could put your business in breach of the Act.
The hardware runs in your office, your data centre, or a TT-hosted VPS. Your data has never left T&T.
Our scanning team works in Trinidad. Our technicians work in Trinidad. No documents go overseas.
Our software runs on hardware you own. We are a services company, not a cloud provider.
If a regulator asks where your data is stored, we give you documentation to back it up.
Note: These are study notes, not legal advice. Consult a T&T-licensed lawyer for official guidance on your specific situation.
The T&T Data Protection Act doesn't just set obligations, it gives individuals and organisations rights. Here's how Luvant's document management system supports each one:
Any person can request access to their personal data held by your organisation. Our system tracks every file, search for all documents related to an individual in seconds, not hours of filing cabinet digging.
Section 52 DPA 2011Individuals can request that errors in their data be fixed. Digital documents can be corrected and re-saved. Full version history means you can see what the original said before correction.
Section 57 DPA 2011You can only keep data as long as it's necessary. Our system automates retention schedules, alerts when a file reaches review date, workflows for files that should be destroyed.
Section 37 DPA 2011You must have reasonable security arrangements against unauthorised access. We set up role-based access controls and full audit logging. We also handle P-5 shredding with Certificate of Destruction.
Section 35 DPA 2011Any new system that substantially impacts personal information should be assessed for privacy risks. We document your system's privacy architecture during setup, supporting a Privacy Impact Assessment if required.
Section 47 DPA 2011| What We Guarantee | What It Means for You |
|---|---|
| + All data stored in Trinidad | You comply with Section 36 of the T&T DPA |
| + No offshore processing | Your documents never leave T&T |
| + Air-gapped or VPN-only access | Your files can't be reached over the public internet |
| + Full audit trail | You can prove who accessed what, when |
| + Client-controlled access | Only your authorised staff see your files |
| + P-5 shredding with Certificate of Destruction | Safe disposal when retention ends |
| + No third-party data sharing | Your data is never sold or reused |
| + Encryption at rest | Even physical server access can't read your files |
Whether you're a law firm with client privilege obligations, a credit union with member data responsibilities, or a small business that simply wants to do the right thing, we build the system that protects your documents the way you would protect them yourself.