Loading...
ZyroByte yroByte
 Login

Privacy Policy

Privacy Policy

Last updated: October 26, 2025

ZyroByte Corp. (“ZyroByte,” “we,” “our,” or “us”) is a Canadian technology company headquartered in Toronto, Ontario, Canada. We are dedicated to developing innovative software solutions that prioritize user privacy, security, and trust. As a forward-thinking tech firm, we recognize that privacy is a fundamental right, and we are committed to handling your personal information responsibly, transparently, and in full compliance with applicable laws.

This Privacy Policy (“Policy”) provides a comprehensive overview of our data practices across all our websites, platforms, mobile applications, desktop software, web services, and other digital offerings (collectively, the “Services”). It explains how we collect, use, disclose, retain, secure, and protect your personal information, as well as your rights and choices regarding that data. This Policy is designed to be clear, accessible, and actionable, reflecting our values as a Canadian-based entity operating in a global landscape.

Our practices align with and exceed the requirements of key international privacy frameworks, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and other federal and provincial laws in Canada, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, the United Kingdom GDPR (UK GDPR), and similar regulations in other jurisdictions such as Brazil’s General Data Protection Law (LGPD) and Australia’s Privacy Act. Where local laws provide greater protections, we adhere to the stricter standard.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please do not use our Services. We encourage you to review this Policy periodically, as it may be updated to reflect evolving practices or legal requirements. ZyroByte Corp. is the data controller responsible for your personal information under applicable laws.

1. Scope of This Policy

This Policy applies to all individuals who interact with our Services, including visitors to our websites, registered users, job applicants, customers, partners, and vendors. It covers personal information processed through our primary domain (zyrobyte.co) and any subdomains or affiliated sites. It does not apply to third-party websites linked from our Services or to employment-related data processed solely under separate HR policies.

For users in specific regions, additional notices or terms may supplement this Policy. For example, EEA/UK residents will find GDPR-specific details in Section 9, while California residents should refer to the “Your California Privacy Rights” addendum at the end of this document.

2. Information We Collect

To deliver our Services effectively, we collect various types of information. We minimize data collection to what is strictly necessary (“data minimization”) and only process it for legitimate purposes. Below is a detailed breakdown of the categories of information we may collect:

2.1 Personal Information You Voluntarily Provide

When you interact with us directly—such as by registering an account, subscribing to newsletters, submitting inquiries, applying for jobs, or making purchases—you provide us with personal details. Examples include:

  • Identification and Contact Data: Full name, email address, phone number, mailing address, and username.
  • Professional Information: Company name, job title, project descriptions, resume/CV, employment history, references, and educational background (for job applications).
  • Financial Data: Billing address, payment card details (processed via secure third-party gateways like Stripe; we do not store full card numbers), and transaction history.
  • Communication Preferences: Marketing opt-in preferences, feedback, and survey responses.
  • Support-Related Data: Descriptions of issues, screenshots, or logs you share when contacting support.

We collect this information to fulfill your requests and provide tailored Services.

2.2 Information Collected Automatically

As you navigate our Services, we automatically gather technical and usage data to ensure functionality, security, and performance. This is collected via cookies, server logs, and analytics tools. Key examples include:

  • Device and Network Information: IP address, browser type/version, operating system, device ID, screen resolution, and internet service provider.
  • Usage Analytics: Pages viewed, time spent on pages, clickstream data, search queries, referral sources, and session duration.
  • Location Data: Approximate geolocation inferred from IP addresses (not precise GPS data unless you enable location services in our apps).
  • Cookies and Tracking Technologies: Session cookies for maintaining logins, persistent cookies for preferences, and pixels/beacons for email tracking (e.g., open rates).

You can control cookies via browser settings or our cookie consent banner. For more on cookies, see Section 2.4.

2.3 Usage and Behavioral Data from Our Platforms

Within our applications and dashboards, we collect data on how you use features to improve them. This includes:

  • Account activity logs (e.g., login times, feature access).
  • Uploaded content metadata (e.g., file names, sizes; not the content itself for encrypted files).
  • Interaction data (e.g., messages sent/received, collaboration edits, dashboard customizations).
  • Performance metrics (e.g., app crashes, load times).

2.4 Information from Third Parties

We may receive data from trusted partners, such as:

  • Social media logins (e.g., Google or LinkedIn, providing name/email with your consent).
  • Payment processors (e.g., confirmation of transaction success).
  • Analytics providers (e.g., Google Analytics for aggregated trends).
  • Business directories or public sources for lead generation (e.g., company details from verified databases).

Any third-party data is treated with the same protections as directly collected information.

3. How We Use Your Information

We use your personal information purposefully and proportionately. Our uses are tied to providing value through our Services while respecting your privacy. Primary purposes include:

3.1 Service Delivery and Fulfillment

  • Creating and managing user accounts, verifying identities, and enabling authentication (e.g., two-factor authentication).
  • Processing orders, subscriptions, and payments; delivering digital products or updates.
  • Facilitating communications, such as in-app messaging or project collaborations.
  • Providing customer support, troubleshooting issues, and responding to inquiries.

3.2 Personalization and Improvement

  • Customizing your experience, such as recommending features based on usage patterns (non-intrusive, opt-out available).
  • Conducting internal analytics, A/B testing, and user research to enhance usability, fix bugs, and develop new features.
  • Aggregating anonymized data for trend analysis (e.g., industry reports shared publicly).

3.3 Communication and Marketing

  • Sending transactional emails (e.g., order confirmations, password resets).
  • With your consent or legitimate interest, delivering newsletters, product updates, event invitations, or promotional content. You can unsubscribe at any time via links in emails or account settings.
  • Notifying you of policy changes, security alerts, or legal notices.

3.4 Security, Compliance, and Legal

  • Detecting, preventing, and investigating fraud, abuse, or security threats (e.g., monitoring for unusual login attempts).
  • Complying with legal obligations, such as tax reporting, audit responses, or court orders.
  • Protecting our rights, property, or safety, or those of our users and the public.
  • Reviewing job applications, conducting background checks (with consent), and managing HR processes.

We do not use your data for unrelated purposes without notice and, where required, consent.

4. Legal Basis for Processing

As a Canadian company, we process data under PIPEDA’s consent and accountability principles, supplemented by regional laws. The specific legal basis varies by activity and jurisdiction:

  • Consent: For marketing communications, non-essential cookies, or sensitive processing (e.g., health data in job apps, if applicable). Consent is granular, informed, and revocable.
  • Contract: To perform agreements, such as providing subscribed Services or processing payments.
  • Legal Obligation: For record-keeping, reporting to authorities, or responding to subpoenas.
  • Legitimate Interests: For security monitoring, fraud prevention, service improvements, and direct marketing (balanced against your rights via Legitimate Interests Assessments). You can object at any time.
  • Vital Interests or Public Task: Rarely, for emergencies or public health (e.g., during a pandemic).

For EEA/UK users, we conduct Data Protection Impact Assessments (DPIAs) for high-risk processing.

5. Sharing and Disclosure of Information

ZyroByte does not sell, rent, or monetize your personal information. Sharing is limited, purposeful, and protected by contracts requiring confidentiality, security, and compliance. We disclose data only in these scenarios:

5.1 Service Providers and Partners

  • Cloud hosting (e.g., AWS in Canada for data sovereignty).
  • Analytics tools (e.g., Google Analytics, anonymized data only).
  • Payment gateways (e.g., Stripe, limited to transaction data).
  • Email services (e.g., SendGrid for delivery).
  • Professional advisors (e.g., legal firms under NDAs).

These providers are bound by data processing agreements (DPAs) and cannot use your data for their own purposes.

5.2 Business Transfers

In mergers, acquisitions, or asset sales, your data may transfer as a business asset, with notice where possible and continued protection.

5.3 Legal and Safety Disclosures

  • To comply with laws, warrants, or regulatory requests (we challenge overly broad demands).
  • To protect against harm, such as reporting child exploitation or imminent threats.
  • With your explicit consent for other disclosures.

We prioritize Canadian servers to minimize cross-border transfers.

6. End-to-End Encrypted Applications

At ZyroByte, privacy-by-design is core to our tech stack. Many Services feature end-to-end encryption (E2EE), powered by open standards like Signal Protocol, ensuring that sensitive communications remain private.

How E2EE Works: When enabled, content such as text messages, voice/video calls, file shares, images, documents, and links is encrypted on your device using public-key cryptography. The encrypted data is transmitted to recipients' devices for decryption with private keys—keys we never access, store, or backup. ZyroByte servers act solely as a relay, handling only envelope encryption for secure routing.

What We Don’t Access:

  • No storage of plaintext or decrypted content on our systems.
  • No logging of message bodies, attachments, or call transcripts.
  • Private keys generated and managed client-side; we cannot recover lost keys.

Metadata Handling: We process minimal metadata essential for operation, such as user IDs, timestamps, message lengths, and IP addresses for delivery. This metadata is retained briefly and protected under the same standards.

Law Enforcement and Compliance: As a responsible Canadian company, we fully cooperate with valid legal processes under PIPEDA and the Criminal Code. However, E2EE’s design means we cannot fulfill requests for encrypted content—we simply do not have it. To authorities: ZyroByte Corp. maintains no backdoors or escrow keys. E2EE data is mathematically inaccessible to us, preserving user trust while upholding the rule of law.

Users should be aware that E2EE protects against server-side breaches but not device compromises or metadata analysis. We recommend regular device security updates.

7. International Data Transfers

Headquartered in Toronto, Ontario, Canada, ZyroByte primarily stores data in Canadian data centers to leverage strong national privacy protections. However, for global operations, data may be processed or accessed by providers in the United States, EEA, or elsewhere.

We ensure transfers comply with laws via:

  • Adequacy Decisions: To jurisdictions recognized as adequate (e.g., EEA to Canada under PIPEDA).
  • Standard Contractual Clauses (SCCs): EU-approved contracts for non-adequate countries.
  • Binding Corporate Rules (BCRs): For intra-group transfers.
  • Privacy Shield Frameworks: Where applicable, though we monitor ongoing validity.

Transfers are logged, and we conduct Transfer Impact Assessments (TIAs) for high-risk scenarios. You can request details on specific transfers via our privacy team.

8. Data Retention and Deletion

We retain personal information only as long as necessary to achieve our processing purposes, guided by retention schedules approved by our Data Protection Officer (DPO). Factors include legal requirements, dispute resolution needs, and business utility. Examples:

  • Account Data: While active, plus 1 year post-deletion for backups.
  • Transactional Records: 7 years for tax/compliance (per Canada Revenue Agency rules).
  • Job Applications: 2 years, or longer if hired.
  • E2EE Content: Ephemeral—deleted immediately after delivery; no retention.
  • Analytics Data: Anonymized after 26 months; raw logs for 90 days.

Upon request or retention expiry, we securely delete or pseudonymize data using industry standards (e.g., NIST-compliant erasure). Backups are overwritten securely. If deletion is impossible (e.g., archived logs), we isolate data to prevent access.

9. Security Measures

Protecting your data is paramount. As a Toronto-based tech firm, we invest in state-of-the-art safeguards aligned with ISO 27001 and SOC 2 standards. Our security program includes:

9.1 Technical Controls

  • Encryption: Data at rest (AES-256) and in transit (TLS 1.3).
  • Access Management: Role-based access control (RBAC), multi-factor authentication (MFA), and just-in-time privileges.
  • Network Security: Firewalls, intrusion detection systems (IDS), and DDoS mitigation.

9.2 Administrative and Physical Measures

  • Regular audits, penetration testing by third-party experts, and vulnerability scanning.
  • Employee training on phishing, data handling, and incident response.
  • Physical security at our Toronto offices: Biometric access, CCTV, and secure server rooms.

9.3 Incident Response

In the event of a breach, we follow a 72-hour notification protocol under GDPR/PIPEDA, informing affected users and regulators promptly. We conduct root-cause analyses to prevent recurrence. While we strive for perfection, no system is impenetrable—please safeguard your credentials.

10. Your Privacy Rights and Choices

Empowering you is key. Depending on your location, you have robust rights over your data. We facilitate easy exercise without cost (except excessive requests). Rights include:

  • Access: Obtain confirmation of processing and a copy of your data (e.g., via downloadable report).
  • Rectification: Correct inaccurate or incomplete information.
  • Deletion (“Right to be Forgotten”): Erase data where no longer needed (subject to exceptions like legal holds).
  • Restriction: Limit processing during disputes or objections.
  • Objection: Oppose processing based on legitimate interests or for direct marketing.
  • Portability: Receive data in a structured format (e.g., JSON/CSV) for transfer to another controller.
  • Withdraw Consent: Revoke at any time, impacting future processing.

How to Exercise Rights: Submit requests to privacy@zyrobyte.co, including verification (e.g., ID scan for sensitive cases). We respond within 30 days (or 45 for complex requests), extendable with notice. Authorized agents may act on your behalf with proof of authorization.

Automated Decision-Making: We use algorithms for tasks like fraud detection but not for solely automated decisions with legal effects (e.g., no AI hiring). Where used, you have rights to human review and explanation.

For complaints, contact us first; we aim to resolve internally. Escalation options: Canada’s Office of the Privacy Commissioner (OPC), EU Data Protection Authorities (DPAs), or California’s Attorney General.

11. Children's Privacy

Our Services target adults and are not directed at children under 16 (or higher age of consent in your area, e.g., 13 under COPPA). We do not knowingly collect data from minors. If we discover such data (e.g., via parental report), we delete it immediately, block access, and notify guardians. Parents can contact us to review/delete child data.

12. Third-Party Links and Services

Our Services may integrate or link to third-party tools (e.g., Zoom for calls, GitHub for integrations). These are governed by their own policies. We do not control or endorse them—review their privacy notices before use. When you authenticate via third parties, we receive only necessary data per your settings.

13. Changes to This Privacy Policy

We review this Policy annually or as needed for legal/practice changes. Minor updates post online with the new date; major revisions (e.g., new processing) trigger notifications via email, app alerts, or website banners. Your continued use post-update implies acceptance. For questions on changes, email us.

14. Contact Information

We value your feedback and are here to help. Reach our dedicated privacy team:

  • Email: privacy@zyrobyte.co (primary for rights requests)
  • Info: Toronto office hours: Mon-Fri, 9 AM-5 PM EST

Responses are prompt and in your preferred language where possible.

Top