Privacy Policy
Last updated: 2025-11-30
This policy explains how AspharTech Solutions Inc. ("AspharTech", "we", "us", "our") collects, uses, stores and protects personal information when you browse our website, contact us for an assessment or a demo, or use our AspharSync platform.
We apply the requirements of Law 25 (Quebec), PIPEDA in Canada and, where applicable, the GDPR.
Summary
1. Data controller and person responsible for the protection of personal information
The data controller is:
AspharTech Solutions Inc.
Montreal (Quebec), Canada
General email: contact@asphartech.com
In accordance with Law 25, a person is designated to handle requests related to personal information. Any question should be addressed to support@asphartech.com.
2. Data we collect
We only collect the information necessary to provide our services, maintain the security of our systems and respond to your requests. Depending on how you interact with us, we may collect:
- Professional identity: first name, last name, role, organization
- Contact details: business email, phone number, country/province
- Content you send us: contact message, demo form information, attachments
- Browsing data: pages viewed, language, device type, shortened IP address
- Usage data from the site (security logs, diagnostics, fraud prevention)
We do not collect sensitive data (health, origin, religion, etc.) via the site and we will not ask for it by default.
3. Why we use your data
The table below summarizes the main processing activities carried out by AspharTech Solutions.
| Purpose | Data used | Legal basis |
|---|---|---|
| Responding to your requests (contact, demo, support) | Identity, email, message, technical metadata | Legitimate interest / pre-contractual measures |
| Providing our cybersecurity services (audit, hardening, advisory) | Professional contact details, information about your IS provided by you | Performance of a contract |
| Improving the site and securing the platform | Technical logs, truncated IP, site usage | Legitimate interest |
| Sending security updates and cybersecurity insights (newsletter) | Business email, contact preferences | Consent (you can unsubscribe at any time) |
| Meeting legal obligations (invoicing, retention) | Identification data, invoicing, communications | Legal obligation |
4. Specifics related to the AspharSync platform
AspharSync is a platform for SaaS license optimization and attack surface reduction. To operate, it may connect to your services (e.g. Microsoft 365, Google Workspace, Okta, Atlassian, ticketing or storage tools).
Important: these connections are only made after explicit authorization from your organization (service account, OAuth, API, connector). We only process the data necessary for the following purposes:
- inventory active/inactive accounts and licenses;
- detect dormant or orphaned accounts;
- surface SaaS contract renewal/expiration dates;
- suggest cleanup, offboarding or reassignment actions.
Technical data extracted is used only for your organization and is not sold. Where possible, we anonymize or aggregate data for global dashboards.
5. Cookies and analytics
We currently only use cookies that are necessary for the operation of the site (language, security, session, anti-bot protection) and, in a limited way, non-intrusive audience measurement. No advertising cookies are placed without your consent.
You can configure your browser to refuse cookies. However, refusal may limit some features.
6. Who we share your data with
We do not sell your personal information.
We may share certain data with:
- our hosting and infrastructure providers (e.g. North American or European cloud);
- our CRM and email tools to manage customer relationships;
- our cybersecurity partners when a service is delivered jointly;
- competent authorities if required by law or in the event of a security incident.
In all cases, these third parties are contractually required to protect the data and use it only for the intended purpose.
7. Data retention
We retain your information only for as long as necessary for the purposes described:
- contact / demo requests: generally 12 to 24 months after the last interaction;
- contractual documents, invoicing, evidence: according to applicable legal requirements;
- AspharSync technical data: according to the parameters agreed in the contract or service agreement.
Some data may be retained longer in the event of a security investigation, dispute, or regulatory obligation.
8. Information security
We apply technical and organizational measures appropriate to our cybersecurity activity: access control, multi-factor authentication, logging of administrative access, encryption in transit (HTTPS/TLS), separation of test and production environments.
As no system is completely invulnerable, we commit to notifying you within a reasonable timeframe in case of an incident involving your personal information, in accordance with Law 25.
9. Your rights
Depending on your place of residence (Quebec, Canada, European Union), you may have the following rights:
- right to access your information;
- right to rectify or update it;
- right to withdraw consent (e.g. newsletter);
- right to erasure where applicable;
- right to object to certain processing based on legitimate interest.
To exercise your rights, contact: support@asphartech.com
10. Transfers outside Quebec or Canada
Some of our providers may be located outside Quebec or Canada (e.g. security SaaS tools, CRM, hosting). In such cases, we assess the level of protection in the destination country and govern the transfer through appropriate contractual safeguards.
11. Use by minors
Our services and platform are intended for organizations and professionals. We do not knowingly collect data from individuals under 14 in Quebec (or under 16 in the EU). If you believe a minor has provided us with data, please contact us so we can delete it.
12. Policy updates and contact
This policy may be updated to reflect regulatory changes, changes to our offerings (e.g. new AspharSync connectors) or changes in our providers. The last updated date at the top of this page is authoritative.
For any question about this policy or how we process your data, please contact: contact@asphartech.com