Privacy Policy
CyberSafePath — Operated by Sericod
1Introduction
Sericod ("Company," "we," "us," or "our") operates CyberSafePath (cybersafepath.com), a Software-as-a-Service platform providing cybersecurity and data privacy education for small and medium-sized businesses.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform. It applies to all users of CyberSafePath, regardless of location.
We are committed to protecting your privacy and complying with applicable data protection laws, including:
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25
- European Union: General Data Protection Regulation (GDPR)
- United States: California Consumer Privacy Act (CCPA) and other state privacy laws
By using CyberSafePath, you consent to the practices described in this Privacy Policy.
2Data Controller
Sericod is the data controller responsible for your personal information.
Contact for Privacy Inquiries:
privacy@cybersafepath.comWe will respond to privacy-related inquiries within thirty (30) days.
3Personal Data We Collect
3.1 Information You Provide
When you create an account and use our Platform, we collect:
| Data Type | Purpose |
|---|---|
| Name | Account identification and personalization |
| Email Address | Account authentication, communication, and notifications |
| Organization Name | Account setup and billing |
| Payment Information | Subscription billing (processed by Polar.sh) |
3.2 Automatically Collected Information
When you access our Platform, we automatically collect:
| Data Type | Purpose |
|---|---|
| IP Address | Security, fraud prevention, and audit trails |
| Usage Analytics | Service improvement and compliance reporting |
| Device Information | Platform optimization and troubleshooting |
| Access Logs | Security monitoring and compliance audit trails |
3.3 Compliance and Audit Data
As our Platform is designed to help you document and track compliance efforts, we collect and store:
- Activity logs and timestamps
- Completed training and acknowledgments
- Policy acceptance records
- Assessment results and progress
This data is specifically collected to provide you with reports and auditable trails for your compliance purposes.
4How We Use Your Data
4.1 Service Provision
- • Creating and managing your account
- • Processing subscriptions and payments
- • Providing access to educational content and tools
- • Generating compliance reports and audit trails
4.2 Communication
- • Sending service-related notifications
- • Responding to support inquiries
- • Providing product updates and announcements
4.3 Platform Improvement
- • Analyzing usage patterns to improve features
- • Troubleshooting technical issues
- • Developing new functionality
4.4 Security and Compliance
- • Protecting against unauthorized access and fraud
- • Maintaining audit logs for regulatory compliance
- • Fulfilling legal obligations
5What We Do NOT Do With Your Data
WE DO NOT SELL YOUR PERSONAL DATA
We want to be clear about practices we do NOT engage in:
- ✕We do not sell your personal information to third parties
- ✕We do not resell, bundle, or commercially redistribute your data
- ✕We do not share your data with advertisers or marketing companies
- ✕We do not use your data for purposes unrelated to providing our Service
6Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data based on:
| Legal Basis | When It Applies |
|---|---|
| Contract Performance | Processing necessary to provide the Service you subscribed to |
| Legitimate Interests | Platform security, fraud prevention, and service improvement |
| Legal Obligation | Compliance with applicable laws and regulations |
| Consent | Where you have given specific consent (e.g., marketing communications) |
7Third-Party Service Providers
We work with carefully selected third-party service providers to deliver our Platform:
7.1 Infrastructure and Hosting
| Provider | Purpose | Data Location |
|---|---|---|
| Vercel | Website hosting and delivery | Canada (primary) |
| Supabase | Database and backend services | Canada (primary) |
7.2 Payment Processing
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Polar.sh | Subscription billing and payment processing | Polar.sh Privacy Policy |
We do not store complete credit card numbers. Payment information is processed directly by Polar.sh in compliance with PCI-DSS standards.
7.3 Analytics
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Plausible | Anonymous traffic analytics | Plausible Privacy Policy |
8Data Location and International Transfers
8.1 Primary Data Storage
All personal data is hosted in Canada using Canadian-based infrastructure.
8.2 European Union Users
For clients based in the European Union, we maintain data residency within EU borders. Your data will be stored and processed within the European Economic Area.
8.3 Transfer Safeguards
Where international data transfers are necessary, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with adequacy decisions where applicable
- Vendor agreements with data protection commitments
9Data Retention
9.1 Retention Period
We retain personal data for two (2) years from the date of last account activity or subscription expiration, whichever is later.
9.2 Deletion Upon Request
You may request deletion of your personal data at any time by submitting a written request to privacy@cybersafepath.com. Upon receiving a valid deletion request, we will:
- Confirm receipt within five (5) business days
- Process the deletion within thirty (30) days
- Provide confirmation once deletion is complete
9.3 Exceptions to Deletion
We may retain certain data beyond the standard retention period or after a deletion request if:
- Required by applicable law or legal proceedings
- Necessary for fraud prevention or security purposes
- Required to complete an ongoing transaction
In such cases, we will inform you of the retention and its legal basis.
10Your Privacy Rights
10.1 Rights for All Users
Regardless of your location, you have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your account and associated data
- Export your data in a portable format
- Withdraw consent for optional processing
10.2 Additional Rights for Canadian Residents
Under PIPEDA and Quebec's Law 25, you have the right to:
- Be informed about our data practices
- Challenge our compliance and lodge complaints
- Request that we correct or delete personal information
- Withdraw consent to collection, use, or disclosure
Complaints: You may file a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.
10.3 Additional Rights for EU/EEA Residents
Under the GDPR, you have additional rights including:
- Right to Erasure ("Right to Be Forgotten")
- Right to Restrict Processing
- Right to Object to processing based on legitimate interests
- Right to Data Portability
- Rights Related to Automated Decision-Making
Supervisory Authority: You may lodge a complaint with your local data protection authority.
10.4 Additional Rights for California Residents
Under the CCPA/CPRA, California residents have the right to:
- Know what personal information we collect, use, and disclose
- Delete personal information we hold about you
- Opt-out of Sale – Not applicable; we do not sell personal information
- Non-discrimination for exercising privacy rights
To exercise your rights, contact us at privacy@cybersafepath.com.
11Cookies and Tracking Technologies
11.1 Our Approach
We minimize the use of cookies and tracking technologies. Our analytics provider, Plausible, does not use cookies and collects only anonymous, aggregated data.
11.2 Essential Cookies
We may use strictly necessary cookies for:
- Session management and authentication
- Security features
- User preferences
These cookies are essential for the Platform to function and cannot be disabled.
11.3 Third-Party Cookies
We do not use third-party advertising or marketing cookies.
12Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
Data encrypted in transit (TLS) and at rest
Role-based access limited to authorized personnel
Secure authentication mechanisms
Continuous security monitoring and logging
Secure cloud hosting with reputable providers
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
13Children's Privacy
CyberSafePath is a business-to-business platform designed for organizational use. We do not knowingly collect personal information from children under the age of 16.
If we become aware that we have collected data from a child, we will promptly delete such information. If you believe a child has provided us with personal data, please contact us at privacy@cybersafepath.com.
14Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make material changes:
- We will update the "Last Updated" date at the top of this Policy
- We will notify you via email or prominent notice on the Platform
- We will provide at least thirty (30) days' notice before changes take effect
Your continued use of the Platform after changes become effective constitutes acceptance of the updated Policy.
15Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
We aim to respond to all inquiries within thirty (30) days.
This Privacy Policy was last updated on December 4, 2024.