Our Commitment to Privacy

MARUA TECH INC. ("Certifyz," "we," "us," or "our") is committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in Canada. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information.

1. Information We Collect

Personal Information You Provide:

Account Information: Name, email address, password, company name, job title
Billing Information: Payment card details, billing address, tax identification numbers
Profile Information: Phone number, profile picture, timezone preferences
Communications: Support tickets, feedback, survey responses
Certificate Data: Certificate details, domain names, organization information

Information Automatically Collected:

Usage Data: Features used, pages visited, actions taken within the Service
Device Information: IP address, browser type, operating system, device identifiers
Cookies and Tracking: Session cookies, preferences, analytics data
Log Data: Access times, error logs, performance metrics

2. How We Use Your Information

We only use your personal information for purposes that a reasonable person would consider appropriate:

Service Provision: To create and manage your account, provide certificate management services
Payment Processing: To process payments, send invoices, manage subscriptions
Communication: To send service updates, security alerts, support responses
Improvement: To analyze usage patterns, improve features, develop new services
Security: To detect and prevent fraud, unauthorized access, and security incidents
Legal Compliance: To comply with legal obligations, respond to legal requests
Marketing: With your consent, to send promotional materials about our services

3. Legal Basis for Processing

Under PIPEDA, we process your personal information based on:

Consent

Clear consent for processing

Contract Performance

Fulfill service agreement

Legal Obligations

Required by law

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information.

We may share your information only in the following circumstances:

Service Providers: Trusted third parties (payment processors, cloud hosting, email services)
Legal Requirements: When required by law, subpoena, court order, or governmental authority
Business Transfers: In connection with a merger, acquisition, or sale of assets
Consent: With your explicit consent for specific purposes
Protection: To protect rights, property, or safety of Certifyz, our users, or the public

5. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Policy, unless a longer retention period is required by law.

Retention Periods:

Account data: Duration of account plus 90 days
Billing records: 7 years (tax requirements)
Security logs: 2 years
Marketing preferences: Until withdrawn

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures

• 256-bit SSL/TLS encryption
• Encrypted data storage
• Regular security audits
• Multi-factor authentication

Organizational Measures

• Access controls and restrictions
• Employee training and NDAs
• Incident response procedures
• Regular policy reviews

7. Your Privacy Rights

Under PIPEDA, you have the following rights:

Right to Access

Request a copy of your personal information

Right to Correction

Request corrections to inaccurate data

Right to Withdraw Consent

Withdraw consent for processing

Right to Deletion

Request deletion of your data

Right to Portability

Receive data in machine-readable format

Right to Complain

Raise a complaint with the applicable privacy authority

To exercise any of these rights, contact us at privacy@certifyz.com. We will respond within 30 days as required by law.

8. International Data Transfers

Important Notice: Your data may be transferred to and processed in:

United States (primary data residency & cloud infrastructure)
Canada (corporate operations)
Other countries where our service providers operate

We ensure appropriate safeguards are in place through contractual clauses and only work with providers that maintain adequate privacy protections.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. Cookies and Tracking

We use cookies and similar tracking technologies:

Essential Cookies

Required for Service operation

Analytics Cookies

Help us improve our Service

Functional Cookies

Remember your preferences

Marketing Cookies

With consent, for relevant ads

11. Third-Party Services

We integrate with the following third-party services:

Stripe: Payment processing (PCI DSS compliant)
Cloud infrastructure providers: Infrastructure and hosting

12. Data Breach Notification

In the event of a data breach that creates a real risk of significant harm, we will:

Notify affected individuals as soon as feasible
Report to the relevant privacy authority if required by law
Provide information about the breach and steps to protect yourself
Document the breach and our response

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our Service at least 30 days before the changes take effect.

14. Privacy Contact

Questions or Concerns?

support@certifyz.com

If you have a privacy concern, contact us and we will review and respond to your request.

If required by law, you may also contact the relevant privacy authority in your jurisdiction.

Questions About Privacy?

Contact our team if you have any questions about how we protect your data.

Visit Help Center