Truvo Cyber Privacy Policy

Effective Date: October 23, 2025

1. Our Commitment, Scope, and Jurisdictional Compliance

Truvo Cyber is committed to protecting your privacy and ensuring the security of your personal information. As a professional cybersecurity and compliance firm, our Privacy Policy is designed for maximum transparency and compliance with relevant global standards.

This policy is governed by, and aims to exceed the requirements of, the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada’s federal law) and Quebec's *Act respecting the protection of personal information in the private sector* (Law 25/Bill 64).

This policy applies to data collected when you interact with our website, use our online assessment tools, or inquire about our services.

2. Information We Collect

We collect information that falls into two main categories:

A. Information You Provide Voluntarily

This data is collected when you fill out forms, subscribe to our content, or use our compliance assessment tools.

• Contact & Identity Data: Name, Email address, Company name, Phone number, Job Title/Role.
• Assessment & Compliance Data: Information provided via our online assessment regarding your company’s size, industry, current security tools, and compliance maturity level.

B. Information Collected Automatically

This data is collected as you browse our website and is used for security, performance, and analytics purposes.

• Technical Data: IP address, browser type, operating system, device type, and referring website addresses.
• Usage Data: Pages viewed, time spent on our website, and interaction with our content (collected via tools like Google Analytics).

3. How We Use Your Information and Legal Basis

We use your information only for identified purposes, based on a specific legal basis as required by Canadian privacy laws:

4. Disclosure of Your Information and Data Transfers

We do not sell your Personal Information. We only share it with trusted third-party service providers (data processors) who perform essential business functions on our behalf and are bound by strict confidentiality agreements.

A. Third-Party Processors

These providers help us operate and deliver our services. By using our website, you acknowledge that your data is shared with the following key processors:

• Customer Relationship Management (CRM) & Marketing Platform (e.g., HubSpot) for managing contacts, email campaigns, and hosting website content.
• Website Analytics (e.g., Google Analytics) for collecting anonymized usage data to help us improve our website and services.
• GRC Automation Platforms (e.g., Secureframe) for managing compliance projects.
• Lead Generation/Assessment Tools for distributing compliance assessments.

B. Cross-Border Data Transfer (PIPEDA & Law 25)

Your Personal Information may be transferred to, stored in, and processed in jurisdictions outside of Canada (including the United States), where our service providers or their servers are located. By using our website, you acknowledge this transfer.

Truvo Cyber commits to conducting a Privacy Impact Assessment (PIA) on all such transfers to ensure that the data continues to receive a level of protection at least equivalent to that provided under Canadian and Quebec law.

5. Data Security, Confidentiality, and Retention

As a professional cybersecurity firm, we implement and continuously monitor technical, physical, and administrative safeguards aligned with SOC 2 and ISO 27001 principles to protect your data.

Confidentiality of Client Business Data (NDA)

The confidentiality of your company's proprietary and trade secret information is protected by a separate, legally binding Non-Disclosure Agreement (NDA). This NDA is signed prior to the exchange of any detailed business, financial, or technical information related to your operations. The NDA serves as a dedicated contractual safeguard for Confidential Business Information, distinct from the Personal Information covered by this Privacy Policy.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

6. Your Privacy Rights

In accordance with PIPEDA and Law 25, you have specific rights concerning your personal information, which you may exercise by contacting our Privacy Officer:

• Right of Access & Rectification: To access and request corrections to any inaccuracies in your personal information.
• Right to Withdraw Consent: To withdraw your consent to the use or disclosure of your information, particularly for marketing communications, at any time.
• Right to De-indexation (Law 25): To request that we cease disseminating or de-index any hyperlink providing access to your personal information, provided the dissemination causes you injury.
• Right to Data Portability (Law 25): To request that your personal information be communicated to you in a structured, commonly used technological format.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the effective date.

8. Contact Our Privacy Officer

For any questions, concerns, or to exercise your privacy rights, please contact our designated Privacy Officer: