When we started building MapleDeploy, the goal wasn't to have a marketing angle. It was to build a managed hosting platform where we could honestly tell customers: your data doesn't leave Canada. No exceptions, no asterisks, no "except for these third-party services we don't mention."
That turns out to be harder than it should be.
The stack we chose
Every layer of the platform required a decision about provider jurisdiction. Here's what we landed on and why.
Customer VMs run on LunaNode, a BC-incorporated company (Corporate Registry #BC0997033) that operates its own infrastructure in a Toronto data center. Privately held, no US parent, no hyperscaler under the hood. We confirmed this directly with LunaNode. When a customer's application data sits in a LunaNode VM, it's in Canada in a meaningful sense, not just in a Canadian data center leased from Amazon.
DNS is managed through Bunny.net, a Slovenian company. EU-headquartered, GDPR-bound, no US parent. Not Canadian, but EU jurisdiction is a reasonable second choice. Bunny also handles our CDN for the marketing site.
Transactional email goes through Cakemail, a Montreal company. Server-ready notifications, billing reminders, trial expiry warnings. All processed in Canada.
Business email is on mailbox (formerly Mailbox.org), a German provider. German data protection law is strict by default. Not Canadian, but German jurisdiction is well understood and the alternative, Google or Microsoft, means US law applies to every email in your inbox.
Our domain registrar is CanSpace, a Canadian company and accredited .ca registrar. The .ca TLD is operated by CIRA, a Canadian nonprofit. We also use CIRA's Canadian Shield as our DNS resolver: a free, privacy-respecting resolver operated by the same organization that runs the .ca registry.
Secrets management is 1Password, which is headquartered in Toronto. All API keys, credentials, and deployment secrets live there.
The deployment platform itself is Coolify, open source software we self-host on LunaNode. No data leaves our infrastructure for platform licensing. We manage the Coolify installation and keep it updated.
Database is PostgreSQL, self-hosted. Same story.
That's the stack. Canadian or EU jurisdiction at every layer, application data in Canada exclusively, no dependency on US hyperscalers. Learn more about our Canadian hosting approach.
Then we got to payments.
The Helcim story
The obvious choice for a Canadian business accepting recurring payments was Helcim. Calgary-based, interchange-plus pricing that's genuinely transparent, a well-documented API, subscription support. On paper, the right call.
We applied. We were rejected.
Helcim's acceptable use policy lists "website hosting" as a restricted business category. This isn't specific to MapleDeploy. Payment processors use broad merchant category codes, and "hosting" as a category is restricted by some acquirers. The same code covers everything from shared hosting to enterprise cloud, and there's no distinction at the classification level between a managed PaaS and a file storage service.
We understand the reasoning. Payment processors manage portfolio risk, and broad categories are how they do it. But it creates an unfortunate outcome: a Canadian business built specifically to keep data on Canadian infrastructure, working with a Canadian payment processor that has a good product, and the category code doesn't allow the relationship.
So payment data, the one category we couldn't keep Canadian through automated billing, goes to the US. The data that matters most to our customers, their application code, their databases, their configuration, stays in Canada. But the billing relationship is processed by a US company.
We'd like to revisit this with Helcim as we build a track record. They do have a review process for restricted categories, and we'll apply again once we have some history.
Where we ended up
We use Stripe for automated billing. Stripe is a US-headquartered company. Payment data is processed in US data centers and is subject to US jurisdiction. We've written about this decision in more detail in our Stripe post, including what it does and doesn't mean for PIPEDA compliance.
The short version: payment data crosses the border, application data does not. Stripe is PCI Level 1 certified and handles the subscription lifecycle, failed payment retry, and self-service portal that we need to run a managed service without manual billing overhead.
For customers who want payments to stay in Canada, we accept Interac e-Transfer. Interac is a Canadian interbank network. E-transfers between Canadian financial institutions are processed domestically. The tradeoff is that it's manual: you receive a monthly invoice and send payment directly. No automated billing or self-service portal. If that's the right fit, contact us at hello@mapledeploy.ca.
What we learned
Building a Canadian-first stack is possible for most of what you build. Infrastructure, email, DNS, secrets, the deployment platform itself. These are all solvable. The Canadian ecosystem exists, it's just smaller, and you have to do the research rather than defaulting to AWS or Google.
Payments are the gap. Canadian payment processors exist, but the ones with mature APIs either classify hosting as restricted or don't offer the subscription lifecycle tooling a managed service needs. The category risk assumptions baked into acquiring bank policies haven't caught up with what SaaS infrastructure businesses actually look like.
There's also a pattern worth naming: conservative AUPs that rule out legitimate internet businesses. "Website hosting" as a flat prohibition doesn't distinguish between a cyberlocker and a managed PaaS. That's a problem the Canadian payments industry would benefit from revisiting as more Canadian software companies try to build on Canadian infrastructure.
The ecosystem is getting better. Companies like LunaNode and Cakemail exist and work well. CIRA has built infrastructure worth using. We'll keep trying to push payments in the right direction, and we'll switch to a Canadian processor as soon as one that works for our model will have us.
If you're building something and you've found a Canadian payment processor that handles managed hosting businesses with real subscription tooling, we're at hello@mapledeploy.ca.
MapleDeploy runs on LunaNode infrastructure in Toronto. Plans start at $45 CAD/month with a 14-day free trial on Starter and Pro plans. If Canadian data residency matters to what you're building, take a look.
The hosting layer, sorted
Canadian infrastructure, flat pricing, managed for you. 14-day free trial on Starter and Pro plans.