Privacy Policy

Status: In Legal Review
Expected Completion: Before Public Launch
Compliance Standards: PIPEDA, GDPR, CASL

What This Policy Will Cover

1. Data Collection

• Account information (email, name, billing details)
• Email metadata (sender, recipient, timestamps)
• Dashboard usage analytics
• IP addresses and audit logs

2. Data Usage

• Service delivery and email routing
• Billing and subscription management
• Security monitoring and fraud prevention
• Service improvement and analytics

3. Data Retention

• Email metadata: 90 days
• Audit logs: 1 year
• Account data: Duration of subscription + 30 days
• Billing records: 7 years (Canadian tax law requirement)

4. Your Rights

• Access: Request copies of your data
• Rectification: Correct inaccurate information
• Erasure: Delete your data (with legal exceptions)
• Portability: Export your data in machine-readable format
• Objection: Opt out of certain data processing

5. International Transfers

NorthRelay infrastructure is currently hosted in Canada. If we expand to international data centers, we will implement Standard Contractual Clauses (SCCs) for GDPR compliance.

6. Security Measures

• Encryption in transit (TLS 1.3)
• Encryption at rest (AES-256)
• Role-based access controls
• Regular security audits
• Incident response procedures

Contact Data Protection Officer

For privacy inquiries, data access requests, or complaints:

Email: privacy@alteriom.com
Response Time: 30 days (PIPEDA/GDPR requirement)

Regulatory Complaints

If you are not satisfied with our response, you may file a complaint with:

• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
• EU: Your local Data Protection Authority (EDPB Members)