Privacy Policy
Table of Contents
- 1. Introduction
- 2. Data Controller Information
- 3. Data We Collect
- 4. Legal Basis for Processing
- 5. How We Use Your Data
- 6. Data Sharing & Third Parties
- 7. International Data Transfers
- 8. Data Retention
- 9. Your Rights
- 10. Cookies & Tracking
- 11. Data Security
- 12. Children's Privacy
- 13. Changes to This Policy
- 14. Contact Us
1. Introduction
Confidion Consulting & Technologies Inc. ("Confidion," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Confidion Sentry web intelligence platform (the "Service").
This policy is designed to comply with:
- European Union General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
- United Kingdom General Data Protection Regulation (UK GDPR) - as incorporated into UK law
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada's federal privacy law
Summary: We collect only the data necessary to provide our services. You have rights over your data, including access, correction, deletion, and portability. We never sell your personal information.
2. Data Controller Information
For the purposes of applicable data protection laws, the data controller is:
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy or our privacy practices, please contact our DPO:
Email: dpo@confidion.com
3. Data We Collect
3.1 Information You Provide Directly
- Account Information: Name, email address, password (encrypted), and optional profile details
- Payment Information: Billing details processed securely through our payment processor (Stripe). We do not store full credit card numbers
- Communication Data: Messages, support requests, and feedback you send to us
- Search Queries: Intelligence searches and research activities conducted through our platform
- Saved Content: Entity profiles, saved searches, and custom data feeds you create
3.2 Information Collected Automatically
- Device Information: IP address, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, features used, search frequency, time spent on pages
- Log Data: Access timestamps, login attempts (successful and failed), session duration
- Security Data: Failed authentication attempts, suspicious activity patterns (for fraud prevention)
3.3 Information from Third Parties
We may receive information from third-party services when you:
- Connect third-party accounts or services to your account
- Use data sources integrated with our platform
4. Legal Basis for Processing
Under GDPR and UK GDPR, we process your personal data based on the following legal grounds:
4.1 Contract Performance
Processing necessary to provide our services under our Terms of Service, including:
- Account creation and management
- Providing access to platform features
- Processing payments and subscriptions
- Technical support and customer service
4.2 Legitimate Interests
Processing necessary for our legitimate business interests (balanced against your rights), including:
- Improving and optimizing our services
- Fraud prevention and security measures
- Business analytics and service development
- Communication about service updates
4.3 Legal Obligations
Processing required to comply with legal requirements, including:
- Tax and accounting obligations
- Responding to lawful government requests
- Protecting against legal claims
4.4 Consent
Where required by law, we obtain your explicit consent for:
- Marketing communications (where applicable)
- Optional data processing activities
- Cookies and similar tracking technologies
5. How We Use Your Data
We use collected data for the following purposes:
5.1 Service Delivery
- Providing access to the Confidion Sentry platform
- Processing and executing intelligence searches
- Managing your account and subscription
- Delivering personalized features and content
5.2 Communication
- Sending transactional emails (account verification, password resets, receipts)
- Providing technical support and responding to inquiries
- Notifying you about service changes or security issues
- Sending alerts configured in your account settings
5.3 Security & Fraud Prevention
- Detecting and preventing fraudulent activity
- Monitoring for unauthorized access attempts
- Enforcing our Terms of Service
- Protecting the rights and safety of users
5.4 Service Improvement
- Analyzing usage patterns to improve features
- Conducting research and development
- Troubleshooting technical issues
- Measuring service performance
6. Data Sharing & Third Parties
Important: We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6.1 Service Providers
We share data with trusted third-party service providers who assist in operating our platform:
- Stripe: Payment processing (PCI-DSS compliant)
- Cloud Infrastructure Providers: Secure hosting and data storage
- Email Service Providers: Transactional email delivery
- Analytics Tools: Aggregated usage analytics (no personal data shared)
All service providers are contractually bound to protect your data and use it only for specified purposes.
6.2 Legal Requirements
We may disclose your information when required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Requests from law enforcement agencies with proper authority
- Protection of our legal rights or safety of users
- Investigation of potential violations of our terms
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. You will be notified via email and/or prominent notice on our website of any change in ownership.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including Canada and other jurisdictions where our service providers operate.
7.1 Transfer Safeguards
When we transfer data internationally, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries deemed adequate by the European Commission or UK Secretary of State
- Standard Contractual Clauses (SCCs): EU and UK approved contractual terms for data transfers
- Supplementary Measures: Additional technical and organizational measures where necessary
7.2 Canada-Specific
Canada has been recognized by the European Commission as providing an adequate level of data protection. For transfers from the UK, similar adequacy recognition applies.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account Data: Retained while your account is active, plus 30 days after deletion request
- Search History: Retained for 12 months, or until you delete it
- Transaction Records: Retained for 7 years for tax and legal compliance
- Security Logs: Retained for 90 days for security monitoring
- Support Communications: Retained for 3 years after resolution
Upon expiration of retention periods, data is securely deleted or anonymized.
9. Your Rights
Depending on your location, you have the following rights regarding your personal data:
9.1 Rights Under GDPR/UK GDPR
- Right of Access: Request a copy of your personal data we hold
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
- Right to Restriction: Request limitation of processing in certain circumstances
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right Not to be Subject to Automated Decisions: Not be subject to decisions based solely on automated processing with legal effects
9.2 Rights Under PIPEDA (Canada)
- Access: Request access to your personal information held by us
- Correction: Challenge the accuracy of your information and have it amended
- Withdrawal of Consent: Withdraw consent for collection, use, or disclosure (subject to legal restrictions)
- Challenge Compliance: Lodge a complaint about our privacy practices
9.3 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@confidion.com. We will respond within:
- GDPR/UK GDPR: 30 days (extendable by 60 days for complex requests)
- PIPEDA: 30 days
9.4 Supervisory Authorities
You have the right to lodge a complaint with a supervisory authority:
- EU: Your local Data Protection Authority
- UK: Information Commissioner's Office (ICO) - ico.org.uk
- Canada: Office of the Privacy Commissioner of Canada - priv.gc.ca
10. Cookies & Tracking Technologies
10.1 Essential Cookies
We use strictly necessary cookies for:
- Session Management: Maintaining your logged-in state
- Security: CSRF protection tokens to prevent cross-site request forgery
- Preferences: Remembering your settings and preferences
These cookies are essential for the operation of our service and cannot be disabled.
10.2 Cookie Settings
Our essential cookies:
- Do not track you across other websites
- Do not collect marketing data
- Expire at the end of your session or when you log out
- Are transmitted over secure (HTTPS) connections only
10.3 Third-Party Resources
We load resources from the following third parties:
- Google Fonts: Typography resources (subject to Google's Privacy Policy)
11. Data Security
We implement comprehensive security measures to protect your personal data:
11.1 Technical Measures
- 256-bit TLS/SSL encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Secure password hashing using bcrypt
- CSRF protection on all forms and actions
- Content Security Policy (CSP) headers
- Rate limiting to prevent brute-force attacks
- Regular security audits and vulnerability assessments
11.2 Organizational Measures
- Access controls limiting data access to authorized personnel
- Employee training on data protection
- Incident response procedures
- Regular security reviews and updates
11.3 Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify relevant supervisory authorities within 72 hours (as required by GDPR/UK GDPR)
- Notify affected individuals without undue delay if there is high risk
- Document the breach and remedial actions taken
12. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@confidion.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you by email for significant changes affecting your rights
- We will provide prominent notice on our website
Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries
Email: privacy@confidion.com
Data Protection Officer: dpo@confidion.com
General Support: support@confidion.com
Confidion Consulting & Technologies Inc.
Website: www.confidion.com