4Quays
Sign Up

Privacy Policy

Our privacy policy and how we use your data

Last Updated:

1. Introduction

4Quays Corp. ("4Quays," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our crypto agility platform and related services (the "Services").

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy legislation. By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, company name, job title, and password when you create an account
  • Profile Information: Additional details you choose to add to your profile
  • Payment Information: Billing address and payment details (processed by our secure payment processors)
  • Communications: Information you provide when you contact us for support or inquiries
  • Configuration Data: Cryptographic policies, algorithm preferences, and organizational settings you configure in the platform

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Usage Data: Information about how you interact with our Services, including features used, actions taken, and time spent
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Server logs recording access times, pages viewed, and referring URLs
  • Cryptographic Metadata: Non-sensitive metadata about cryptographic operations (e.g., algorithm types used, operation counts) for analytics and service improvement. We do not collect or store your actual cryptographic keys or encrypted data.

2.3 Information from Third Parties

We may receive information about you from:

  • Identity verification and fraud prevention services for enterprise accounts
  • Your organization's administrator if you use our Services through a team account
  • Third-party integrations you choose to connect with our platform

3. How We Use Your Information

We use the information we collect for the following purposes, in accordance with PIPEDA principles:

  • Provide Services: To operate, maintain, and deliver the features and functionality of our platform
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Communication: To send you service-related notices, security alerts, and administrative messages
  • Improvement: To analyze usage patterns and improve our Services, develop new features, and enhance user experience
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Compliance: To comply with legal obligations and enforce our terms and policies
  • Marketing: With your consent, to send you information about products, services, and events that may interest you

4. Legal Basis for Processing

Under PIPEDA, we process your personal information based on the following grounds:

  • Consent: You have given consent for processing for specific purposes
  • Contract: Processing is necessary to fulfill our contractual obligations to you
  • Legal Obligation: Processing is required to comply with applicable laws
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided these do not override your rights

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active Accounts: We retain account data for as long as your account is active
  • After Termination: Following account closure, we retain certain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements
  • Backup Systems: Archived data in backup systems is deleted according to our retention schedules
  • Aggregated Data: We may retain anonymized or aggregated data indefinitely for analytical purposes

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who assist us in operating our Services, including cloud hosting, payment processing, analytics, and customer support. These providers are contractually obligated to protect your information.

6.2 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

6.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6.5 Team Accounts

If you use our Services through a team account, your account administrator may have access to your activity and data within the team workspace.

7. International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including jurisdictions that may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards in compliance with PIPEDA, including contractual protections with our service providers.

8. Your Privacy Rights Under PIPEDA

Under PIPEDA, you have the following rights:

  • Access: You have the right to request access to your personal information held by us
  • Correction: You may request correction of inaccurate or incomplete personal information
  • Withdrawal of Consent: You may withdraw consent to certain processing activities, subject to legal or contractual restrictions
  • Complaint: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise these rights, please contact us at legal@4quays.com. We will respond to your request within the timeframes required by applicable law.

9. Data Security Measures

We implement robust technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms, including multi-factor authentication
  • Regular security assessments and penetration testing
  • Employee training on data protection and security practices
  • Incident response procedures to address security breaches

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. For significant changes, we may also provide notice via email or through the Services.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

4Quays Corp.
Privacy Officer
Email: legal@4quays.com

You may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca if you have concerns about our privacy practices.