Privacy Policy

1 Introduction

At Byte Harbour IT, we are committed to protecting your privacy and handling your personal information with the highest standards of security and transparency. This Privacy Policy explains how we collect, use, protect, and handle information when you visit our website or engage with our cybersecurity and IT services.

As a Canadian cybersecurity company, we adhere to all applicable privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation.

2 Information We Collect

2.1 Website Analytics

We use Cloudflare Web Analytics to understand how visitors interact with our website. This service is privacy-focused and does not:

• Track you across websites
• Use cookies or persistent identifiers
• Collect personal information like IP addresses
• Share data with third parties for advertising

2.2 Contact Information

When you contact us, all communications are conducted via secure email. We implement industry-standard security measures to protect any information shared during our professional correspondence.

2.3 Cybersecurity Service Information

When providing cybersecurity and IT consulting services, we may collect:

• Business contact information and organizational structure
• Technical infrastructure details for security assessments
• Security incident information for investigation and remediation
• System logs and security event data for monitoring services
• Compliance and regulatory information relevant to your industry

All client data is handled under strict confidentiality agreements and industry best practices.

2.4 Professional Services Data

For ongoing service relationships, we maintain:

• Service agreements and contract information
• Technical documentation and configuration records
• Project communications and deliverables
• Invoice and payment processing information

3 How We Use Your Information

We use collected information solely for legitimate business purposes:

• Responding to your inquiries and providing customer support
• Understanding website usage to improve user experience
• Communicating about our cybersecurity and IT services
• Providing professional consultations and service delivery
• Complying with legal and regulatory requirements
• Conducting security assessments and vulnerability analysis
• Monitoring and maintaining security systems and infrastructure
• Preparing reports and documentation for compliance purposes
• Training and quality assurance for our security services
• Emergency incident response and security breach investigation

We do not use personal information for automated decision-making or profiling that would significantly affect individuals.

4 Information Sharing and Disclosure

We do not sell, trade, or share your personal information with third parties, except:

• When required by law or legal process
• To protect our rights, property, or safety
• With your explicit consent
• With trusted service providers who assist in our operations (under strict confidentiality agreements)

4.1 Canadian Privacy Laws

As a Canadian business, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable provincial privacy legislation.

5 Your Privacy Rights

You have the right to:

• Access information we have about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent for communications
• File a complaint with privacy authorities

6 Cookies and Tracking

Our website uses minimal tracking technologies:

• Essential cookies for website functionality
• Cloudflare analytics (privacy-focused, no personal data)
• No advertising cookies or cross-site tracking
• No social media tracking pixels

7 Data Security and Breach Notification

We implement comprehensive security measures to protect your information:

• Industry-standard encryption for data in transit and at rest
• Multi-factor authentication for system access
• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy
• Secure data centers with physical access controls

7.1 Data Breach Response

In the unlikely event of a data breach affecting personal information, we will:

• Notify affected individuals within 72 hours when feasible
• Report to relevant privacy authorities as required by law
• Provide clear information about what happened and steps being taken
• Offer appropriate remediation measures

8 Data Retention

We retain information only as long as necessary:

• Website analytics: Aggregated data retained according to Cloudflare's privacy policy
• Business communications: Retained for the duration of our business relationship and as required for legal compliance
• Contact information: Deleted upon request or when no longer needed for business purposes

9 Cross-Border Data Transfers

Your personal information is primarily stored and processed in Canada. However, some of our service providers may process data outside of Canada:

• Cloudflare analytics services (global infrastructure with privacy protections)
• Cloud infrastructure providers with Canadian data residency requirements
• Professional service providers bound by equivalent privacy protections

When data is transferred outside Canada, we ensure appropriate safeguards are in place through contractual protections, adequacy decisions, or other lawful transfer mechanisms.

10 Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. We will notify users of significant changes by posting the updated policy on our website with a new effective date.

For material changes affecting how we handle your personal information, we will provide direct notice via email where possible, at least 30 days before the changes take effect.

11 Legal Basis and Consent

We process personal information based on the following legal grounds:

• Consent: For marketing communications and optional services
• Contractual necessity: To provide requested cybersecurity services
• Legitimate interests: For business operations and service improvement
• Legal compliance: To meet regulatory and legal obligations

You may withdraw consent at any time by contacting us, though this may affect our ability to provide certain services.

12 Limitation of Liability

While we implement robust security measures and privacy protections, no system is completely secure. This Privacy Policy does not create warranties, representations, or legal rights beyond those expressly stated.

Our liability is limited to the maximum extent permitted by applicable law. This privacy policy is governed by the laws of Nova Scotia, Canada.

13 Age Restrictions and Capacity

Our services are designed for business and professional use. We do not knowingly collect personal information from individuals under the age of 18, except in the context of legitimate business relationships where proper authorization has been obtained.

By using our services, you represent that you are at least 18 years old and have the legal capacity to enter into agreements in your jurisdiction.