Zytix Inc. ('Zytix', 'we', 'us') respects your privacy. This policy explains what personal information we collect when you use zytix.com, how we use it, and your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25, in force since September 2023).
1. Privacy officer
In compliance with Quebec Law 25, Zytix has designated a person responsible for the protection of personal information. You can reach the privacy officer at privacy{'@'}zytix.com or by writing to: Privacy Officer, Zytix, 6620 Rue de Marseille, Montréal, QC H1N 1L9.
2. What we collect
When you visit zytix.com we collect minimal information: your IP address (for security and aggregate analytics), your browser type, the pages you visit, and a first-party cookie ('zx_lang') that remembers your language preference. When you submit our contact or secure file-share forms we collect your name, email, optional company, optional budget range where applicable, project label, general notes, and the message you write. If you use a secure file exchange, project files, temporary secure notes, and related metadata are stored in private Vercel Blob storage.
3. Why we collect it
We collect contact information solely to respond to your inquiry. We collect aggregate analytics (via self-hosted Umami) to understand which pages are useful and to fix problems. We do not sell or share personal information with advertisers. We do not use third-party advertising cookies.
4. How long we keep it
Contact form submissions are retained for up to 24 months in our email and CRM, after which they are deleted unless they relate to an active engagement. Secure file-exchange folders are retained for the life of the engagement unless you ask us to remove them earlier. Temporary secure notes are scheduled for deletion based on the expiry you choose. Aggregate analytics data is retained for 24 months. Server logs are retained for 30 days.
5. Who we share it with
We use the following service providers, each contractually bound to protect your information: Resend (transactional email delivery, US/EU), Vercel Blob (secure file exchange), Cloudflare (CDN and DDoS protection, global), and our cloud hosting provider. We do not transfer personal information outside Canada except as needed to deliver email through Resend or operate a secure file exchange; you can request that we use a Canadian alternative.
6. Your rights
Under PIPEDA and Law 25 you have the right to: (a) access the personal information we hold about you, (b) request correction of inaccurate information, (c) request deletion (subject to legal retention obligations), (d) withdraw consent at any time, (e) lodge a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec. To exercise these rights, contact privacy{'@'}zytix.com — we will respond within 30 days.
7. Cookies
Zytix uses a single first-party cookie ('zx_lang') to remember your language preference. We do not use third-party advertising or tracking cookies. See our cookie policy for details.
8. Security
We protect personal information using TLS 1.3 in transit, encryption at rest, role-based access for the small team that has access to it, and regular security reviews. No method is perfectly secure, and we will notify affected individuals and the relevant authorities of any incident as required by Law 25.
9. Changes
We will update this policy when our practices change. The date at the top reflects the most recent revision. Material changes will be announced on the homepage.