Privacy Policy
Last updated: May 25, 2025
Deep Technologies Inc. (“Deep Technologies”, “we”, “us”, or “our”) operates CyberAudit (available at cyberaudit.ca and related subdomains). This Privacy Policy explains what personal information we collect, why we collect it, how we use and retain it, who we share it with, and your rights as a Canadian resident under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
1. Information We Collect
We collect the following categories of personal information:
- Contact information: name, business email address, and company name when you submit a lead-capture or contact form.
- Audit responses: answers you provide during the free security audit questionnaire (business type, size, industry, and self-reported security practices). This data does not include passwords, financial data, or sensitive personal information.
- Usage and analytics data: pages visited, time on page, referral source, UTM parameters, and click events — collected via Plausible Analytics (privacy-friendly, no cookies, no cross-site tracking).
- Communications: any messages you send us by email or through the site.
We do not collect payment card data, government ID numbers, health information, or precise geolocation.
2. Why We Collect It
We use your information to:
- Generate and deliver your free cybersecurity risk report.
- Send you the report and follow-up resources by email (transactional and marketing).
- Allow our Head of Sales to follow up about CyberAudit services where you have indicated interest.
- Improve our product and understand how visitors use CyberAudit.
- Comply with legal obligations.
Marketing emails are only sent with your express or implied consent as defined under Canada's Anti-Spam Legislation (CASL). Every marketing email includes a one-click unsubscribe link.
3. How Long We Retain Your Data
| Data type | Retention period |
|---|---|
| Contact info & audit responses | 2 years from last interaction, then deleted or anonymised |
| Marketing email list (Brevo) | Until you unsubscribe or request deletion |
| Aggregated analytics | Indefinitely (no personal identifiers) |
| Email correspondence | 3 years from receipt |
4. Who We Share Your Information With
We share your personal information only with:
- Brevo (Sendinblue): our email marketing and CRM platform. Brevo stores contact names and email addresses on servers located in the European Union and is subject to GDPR safeguards. We use Brevo solely to send transactional reports and marketing emails.
- Our Head of Sales: receives lead contact details (name, email, company) to follow up on your inquiry. This person is bound by our internal privacy policies.
- Vercel: our hosting provider. Form submissions and API calls transit Vercel's infrastructure. Vercel does not use this data for its own purposes.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
5. Security Measures
We use industry-standard safeguards including HTTPS/TLS encryption in transit, environment-variable secrets management (no credentials in source code), access controls limiting data access to authorised personnel, and regular review of third-party sub-processors. No system is perfectly secure; if you believe your information has been compromised, please contact us immediately.
6. Your Rights
Under PIPEDA and applicable provincial law, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information (subject to legal retention obligations).
- Withdraw consent to marketing communications at any time.
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
To exercise any right, email us at privacy@cyberaudit.ca. We will respond within 30 days.
7. How to Unsubscribe from Marketing
Every marketing email we send contains a one-click unsubscribe link at the bottom. You can also email privacy@cyberaudit.ca with “Unsubscribe” in the subject line and we will remove you within 10 business days, as required by CASL.
8. Cookies and Analytics
CyberAudit uses Plausible Analytics, a privacy-first analytics tool that does not use cookies, does not track you across websites, and does not collect any personally identifiable information. No cookie banner is required. We do not use Google Analytics or advertising cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be noted by updating the “Last updated” date above. Continued use of CyberAudit after a change constitutes acceptance of the revised policy.
10. Contact Us
For privacy questions, access requests, or complaints:
Deep Technologies Inc.
Vancouver, British Columbia, Canada
Email: privacy@cyberaudit.ca
© 2025 Deep Technologies Inc. All rights reserved. CyberAudit Home