Privacy Policy

Protection of your personal information in compliance with Law 25, PIPEDA and GDPR.

1. Introduction

This privacy policy describes how 9463-7220 Quebec Inc., operating under the name SecuAAS (hereinafter "SecuAAS", "we", "our" or "us"), collects, uses, retains and protects the personal information of users of our services and website.

This policy complies with Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the European Union's General Data Protection Regulation (GDPR) for applicable users.

2. Information Collected

We collect the following types of information:

Information provided directly:

Name and contact details (email, phone)
Company name and position
Billing and payment information
Communications and correspondence

Information collected automatically:

IP address and approximate geolocation data
Browser type and operating system
Pages visited and duration of visits
Cookies and similar tracking technologies

Information related to our services:

Cybersecurity service configuration data
Activity and audit logs
Vulnerability scan results (for Scanyze/SecuScan clients)
Files stored in ConformVault (end-to-end encrypted)

3. Use of Information

We use your personal information to:

Provide, maintain and improve our cybersecurity services
Communicate with you regarding your account and our services
Process payments and manage billing
Send marketing communications (with your consent)
Publish the daily cybersecurity watch newsletter
Ensure security and prevent fraud
Comply with our legal and regulatory obligations
Improve the user experience of our platforms

We never sell your personal information to third parties.

4. Information Protection

We implement robust security measures to protect your information:

Encryption: All data in transit is protected by TLS 1.3. Data at rest is encrypted with AES-256-GCM.
Sovereign hosting: All data is hosted in Canada, at the OVH data center in Beauharnois, Quebec.
Access control: Access restricted to authorized employees following the principle of least privilege.
Monitoring: Continuous monitoring of our infrastructure and access logging.
End-to-end encryption: Files stored in ConformVault are end-to-end encrypted — even SecuAAS cannot access their content.
Audits: Regular security reviews of our systems and applications.

5. Information Retention

We retain your personal information only for as long as necessary for the purposes for which it was collected:

Account data: During your business relationship with us, plus 3 years after contract end.
Billing data: 7 years in accordance with Canadian tax obligations.
Activity logs: Maximum 12 months, unless legally required.
Watch data (newsletter): Until unsubscription.
Analytics cookies: Maximum 13 months.

Upon expiration of these periods, information is securely destroyed.

6. Your Rights

In accordance with applicable legislation, you have the following rights:

Right of access: Obtain a copy of your personal information held by SecuAAS.
Right of rectification: Have inaccurate or incomplete information corrected.
Right of deletion: Request deletion of your personal information, subject to our legal obligations.
Right to portability: Receive your information in a structured, machine-readable format.
Right to withdraw consent: Withdraw your consent at any time for consent-based processing.
Right to object: Object to the processing of your information for marketing purposes.

To exercise these rights, contact our personal information protection officer at: privacy@secuaas.com

We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

Essential cookies (always active):

User session and authentication
Language preferences
Security (CSRF, anti-fraud)

Analytics cookies (with consent):

Audience measurement and browsing statistics
User experience improvement

Marketing cookies (with consent):

Content personalization
Campaign performance measurement

You can manage your cookie preferences at any time via the consent banner on our site or in your browser settings.

8. Contact Us

For any questions regarding this privacy policy or to exercise your rights, contact us:

Personal Information Protection Officer

9463-7220 Quebec Inc. (SecuAAS)

Québec, Canada

Email: privacy@secuaas.com

Website: https://secuaas.com

Commission d'acces a l'information du Quebec (CAI)

If you believe your rights have not been respected, you may file a complaint with the Commission d'acces a l'information du Quebec: https://www.cai.gouv.qc.ca

Last updated: March 2026

Privacy policy — SecuAAS (Quebec, Bill 25) | SecuAAS