CertiSync International Privacy Policy
Last Updated: October 2025
CertiSync International Incorporated (“CertiSync International”, “CertiSync”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information through our websites, applications, and related services (collectively, the “Services”).
This Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Québec’s Law 25, and applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and similar U.S. state laws.
By accessing or using the Services, you agree to the practices described in this Policy.
1. Information We Collect
We collect information necessary to operate and improve our Services. The types of information include:
Contact Information: name, company, title, business address, phone number, and email address.
Account and Billing Information: username, organization name, billing address, and payment details (processed securely through a third-party payment processor).
Service Information: portfolio identifiers, lease and insurance documentation, compliance data, and related materials voluntarily provided by customers.
Website Usage Data: browser type, IP address, device identifiers, pages visited, and session activity, collected via cookies and analytics tools.
Optional Marketing Information: preferences or feedback you voluntarily provide when subscribing to updates or participating in promotions.
We do not collect sensitive personal information (such as health, biometric, or social insurance numbers) and do not knowingly collect information from minors under 16.
2. How We Use Information
CertiSync uses information only for legitimate business purposes, including to:
Provide and manage the Services you request.
Verify identity and ensure account security.
Improve the functionality, usability, and reliability of our platforms.
Communicate with users regarding account activity, updates, or security notices.
Send marketing communications in compliance with CASL and U.S. “opt-out” requirements.
Comply with applicable laws, legal obligations, or enforce contractual rights.
We do not sell, rent, or trade personal information.
3. Cookies and Analytics
We use cookies and similar technologies to operate our websites efficiently, analyze usage, and enhance your experience.
Cookies may be:
Session-based, which expire when you close your browser, or
Persistent, which remain on your device for a defined period.
You can disable cookies through browser settings, though some features may not function properly.
We use tools such as Google Analytics and equivalent Canadian-hosted analytics solutions to measure engagement. These collect anonymized, aggregated data and do not personally identify users.
4. Data Sharing and Disclosure
CertiSync shares personal information only as necessary to operate its Services:
Service Providers: Trusted third parties that provide secure hosting, payment processing, analytics, or support functions — all bound by confidentiality agreements.
Corporate Clients: Authorized landlord or property-management representatives for the purpose of delivering the contracted services.
Legal Compliance: When required to respond to valid legal requests or enforce our rights.
CertiSync does not share data with brokers, marketing affiliates, or unrelated third parties.
All third-party processors must adhere to equivalent data-protection obligations under Canadian and U.S. law.
5. Data Storage and International Transfers
CertiSync securely hosts all systems and data in Canada.
Where limited access by authorized personnel in the United States or other jurisdictions is necessary (for example, to provide technical support), CertiSync ensures that comparable or stronger privacy protections are applied under cross-border data transfer agreements consistent with PIPEDA, Law 25, and U.S. state privacy laws.
6. Security
We implement robust administrative, technical, and physical safeguards to protect personal information from unauthorized access, alteration, or loss.
Security measures include:
Encryption in transit and at rest
Role-based access control
Secure password policies and MFA for administrators
Regular security testing and monitoring
In the event of a confirmed data breach, we will notify affected users and regulatory authorities without undue delay, as required by law.
7. Retention and Deletion
We retain information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law.
When a customer relationship ends, you may request deletion or secure return of your data. Requests are processed within 30 business days unless legal or contractual obligations require retention.
8. Access, Correction, and Individual Rights
Depending on your jurisdiction, you may have the following rights:
Canada (PIPEDA / Law 25)
Access and correct personal information held about you.
Withdraw consent for processing, subject to legal limits.
Request deletion or anonymization of your data.
United States (CCPA / CPRA)
Residents of certain U.S. states, including California, Virginia, and Colorado, have additional rights:
Right to Know: what personal information we collect, use, or disclose.
Right to Delete: request that we delete personal information, subject to exceptions.
Right to Correct: update inaccurate data.
Right to Opt Out: of any sale or sharing of personal information (CertiSync does not sell data).
Right to Non-Discrimination: you will not receive different treatment for exercising your rights.
You or your authorized agent may submit requests to privacy@certisync.com. We will verify your identity and respond within 45 days as required under applicable law.
9. Mobile Applications
CertiSync may offer mobile applications (e.g., InsuraSync® or VendorSync®) to support service delivery. These applications may collect limited diagnostic and usage information to ensure performance and security.
CertiSync mobile applications:
Do not access contacts, call logs, or messages.
May request location data only when explicitly required for functionality (e.g., property mapping) and only with user consent.
Allow you to disable permissions through your device settings.
10. Children’s Privacy
Our Services are designed for business users and are not intended for children under 16. If we become aware that a minor has provided personal information, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws.
When updates are material, we will:
Post the revised Policy on our website with a new effective date, and
Notify registered users via email before the change takes effect.
Continued use of our Services after the effective date constitutes acceptance of the revised Policy.
12. Contacting Us
For privacy-related inquiries, access requests, or complaints, contact:
CertiSync International Incorporated
Attn: Privacy Officer
401 Bay Street, 16th Floor
Toronto, ON M5H 2Y4, Canada
📧 compliance@certisync.com
📞 +1 (855) 535-7962
13. Supplemental Notice for U.S. Residents
If you are a resident of the United States, the following applies in addition to the above:
We do not sell or share personal information as defined under U.S. state privacy laws.
We may collect limited technical information (IP address, device ID, browser type) for essential business purposes, such as security, fraud prevention, and service improvement.
Any data processing performed in the U.S. is subject to equivalent contractual safeguards ensuring protection consistent with Canadian privacy standards.
You may exercise your rights under applicable U.S. law by emailing compliance@certisync.com or calling our toll-free number above.