Privacy Policy

1. Introduction

Avetti.com Corporation ("we," "us," "our," or "Company") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity course and Avetti Security Safe Browsing Extension and App services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

2.2 Information Collected Automatically

2.3 Information from Third Parties

3. How We Use Your Information

3.1 Primary Uses

We use your information to:

3.2 Legal Bases for Processing (GDPR)

For users in the European Union, we process your personal data based on:

• Contract Performance: Processing necessary to provide the Services you've subscribed to
• Consent: When you've explicitly agreed to processing (e.g., marketing emails, optional cookies)
• Legitimate Interests: To improve our Services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

All service providers are contractually obligated to:

• Use your data only for the specified purposes
• Implement appropriate security measures
• Comply with applicable privacy laws
• Delete or return data upon contract termination

4.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations (court orders, subpoenas, warrants)
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Detect, prevent, or address fraud or security issues

We will notify you of legal requests for your information unless prohibited by law.

4.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help websites function properly and provide information to website owners.

5.2 Types of Cookies We Use

5.3 Third-Party Cookies

We use the following third-party cookies:

• Stripe: Payment processing and fraud detection
• Google Analytics 4: Website usage analytics and performance tracking
• Google Tag Manager: Tag and cookie management
• Microsoft Clarity: Session recording and heatmap analysis
• OpenReplay: User experience monitoring and session replay

Each third-party service may set its own cookies. You can learn more about how these services use cookies by reviewing their respective privacy policies.

5.4 Your Cookie Choices

5.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. We currently do not respond to DNT signals, as there is no industry consensus on how to interpret them.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

6.2 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify you within 72 hours (as required by GDPR)
• Inform relevant supervisory authorities
• Provide details about the breach and our response
• Offer guidance on protective measures you can take

6.3 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your password
• Using a strong, unique password
• Logging out after using shared devices
• Keeping your contact information up to date
• Notifying us immediately of any unauthorized access

7. Data Retention

7.1 Retention Periods

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy:

7.2 Deletion Process

Upon account deletion:

1. Your registration key is immediately deactivated
2. Access to Services is terminated at end of billing period
3. Personal data is scheduled for deletion within 30 days
4. Payment history is anonymized (kept for tax purposes only)
5. Backups containing your data are deleted within 90 days

7.3 Right to Request Deletion

You may request deletion of your account and personal data at any time. See Section 9 for details on exercising your rights.

8. International Data Transfers

8.1 Transfer Mechanisms

We are based in Ontario, Canada. Your information may be transferred to and processed in:

• Canada (our primary location)
• United States (Stripe payment processing, cloud infrastructure)
• Other countries where our service providers operate

8.2 Safeguards for International Transfers

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of location, you have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your account
• Opt out of marketing communications
• Update your communication preferences
• Export your course progress data

9.2 European Union Users (GDPR Rights)

EU users have additional rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your personal data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another controller
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right Not to Be Subject to Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or similarly significant effects
• Right to Lodge a Complaint: File a complaint with your national supervisory authority

Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

9.3 Canadian Users (PIPEDA Rights)

Canadian users have the right to:

• Access personal information we hold about you
• Challenge the accuracy and completeness of your information
• Withdraw consent (subject to legal or contractual restrictions)
• File a complaint with the Privacy Commissioner of Canada: https://www.priv.gc.ca

9.4 United States Users

9.5 How to Exercise Your Rights

No Fee: We do not charge a fee for processing requests unless they are manifestly unfounded or excessive.

10. Children's Privacy

Our Services are not intended for children under 18 years of age (or the age of majority in your jurisdiction).

We do not knowingly collect information from children:

• We do not knowingly collect personal information from anyone under 18
• We do not knowingly allow children to create accounts
• If we discover we have collected information from a child, we will delete it immediately

Parents/Guardians: If you believe your child has provided us with personal information, please contact us immediately at [email protected].

11. Third-Party Links and Services

11.1 Third-Party Websites

Our Services may contain links to third-party websites. This Privacy Policy does not apply to those websites. We are not responsible for:

• The privacy practices of third-party websites
• The content of third-party websites
• Security of third-party websites

We encourage you to read the privacy policies of any third-party sites you visit.

11.2 Avetti Security Safe Browsing Extension and App and External Content

When using Avetti Security Safe Browsing Extension and App to access external websites:

• We do not track or monitor the content you view
• We do not store URLs you access through remote environments
• External websites may collect their own data according to their privacy policies
• Remote environments are isolated and temporary

12. California Shine the Light Law

California residents who have provided personal information may request information about our disclosure of certain categories of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Changes in applicable laws
• New features or services
• Feedback from users or regulators

13.2 Notification

We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email to your registered email address (for significant changes)
• Displaying a prominent notice on our platform

13.3 Acceptance

Continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, please discontinue use and contact us to delete your account.

14. Contact Information

14.1 Privacy Officer

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

14.2 Data Protection Officer (EU Users)

Data Protection Officer
Email: [email protected]

14.3 Supervisory Authorities