Privacy Policy

We collect the following categories of information:

1.1 Information You Provide Directly

• Account registration information: name, email address, company name, job title, and password.
• Billing information: payment card details and billing address, processed securely through our third-party payment processor (e.g., Stripe). We do not store full credit card numbers on our servers.
• Customer Data: vendor contracts, SLA documents, service records, and other business information you upload to the Service.
• Communications: emails, support requests, feedback, and any other information you send to us.
• SLA Credit Estimator inputs: vendor names and service information you provide when using the Estimator tool.

1.2 Information Collected Automatically

• Device and browser information: IP address, browser type, operating system, device identifiers, and screen resolution.
• Usage data: pages visited, features used, clickstream data, session duration, and referring URLs.
• Cookies and similar technologies: we use cookies, web beacons, and similar tracking technologies as described in Section 7 below.
• Log data: server logs recording requests, timestamps, and error information.

1.3 Information from Third Parties

• Public vendor status pages: we collect publicly available outage and incident data from vendor status pages to power the SLA Credit Estimator and monitoring features.
• Analytics providers: we may receive aggregated analytics data from third-party services.
• Payment processors: transaction confirmations and billing status from our payment provider.

We use the information we collect for the following purposes:

1. To provide, operate, and maintain the Service, including SLA monitoring, credit estimation, and claims management features.
2. To process your subscription, billing, and payments.
3. To communicate with you, including sending service updates, security alerts, and support messages.
4. To send marketing communications where you have opted in, in compliance with CASL and applicable laws. You may unsubscribe at any time.
5. To improve and develop the Service, including analyzing usage patterns and conducting research using anonymized, aggregated data.
6. To detect, prevent, and address fraud, abuse, security issues, and technical problems.
7. To comply with legal obligations and respond to lawful requests from public authorities.
8. To enforce our Terms of Service and protect our rights, property, and safety.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

1. Contract performance: processing necessary to provide you with the Service you have subscribed to.
2. Legitimate interests: processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
3. Consent: where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.
4. Legal obligation: processing necessary to comply with applicable laws and regulations.

We do not sell your personal information. We may share your information in the following circumstances:

1. Service providers: we share information with third-party vendors who assist in operating the Service, including cloud hosting providers, payment processors (e.g., Stripe), email delivery services, and analytics providers. These providers are contractually bound to use your information only for the purposes we specify.
2. Claims management: if you use the Claims Agent, claim communications may be submitted to your vendors on your behalf and at your direction. You authorize this sharing when you approve a claim submission.
3. Aggregated and anonymized data: we may share anonymized, aggregated data that cannot identify you for research, industry analysis, or marketing purposes.
4. Legal requirements: we may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Reclivio, our users, or the public.
5. Business transfers: in the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods are as follows:

1. Account data: retained for the duration of your account and for thirty (30) days after account closure to allow for data export.
2. Customer Data (contracts, SLA records): retained for the duration of your account. You may request deletion at any time.
3. Billing records: retained for seven (7) years as required by Canadian tax law.
4. Usage and analytics data: retained in anonymized form indefinitely for product improvement.
5. Marketing consent records: retained for as long as necessary to demonstrate compliance with CASL and GDPR.

After the applicable retention period, we will securely delete or anonymize your information.

We implement industry-standard administrative, technical, and physical safeguards to protect your personal information, including:

1. Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
2. Access controls limiting employee access to personal information on a need-to-know basis.
3. Regular security assessments and monitoring for unauthorized access.
4. Secure development practices and code review processes.

While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you and applicable authorities as required by law.

We use cookies and similar technologies to operate and improve the Service. The types of cookies we use include:

1. Strictly necessary cookies: required for the Service to function, such as authentication and session management. These cannot be disabled.
2. Analytics cookies: used to understand how visitors interact with the Service, including page views, session duration, and feature usage. We use tools such as Google Analytics or similar providers.
3. Marketing cookies: used to deliver relevant advertising and measure campaign effectiveness. These are only placed with your consent where required by law.

You can manage cookie preferences through your browser settings or through our cookie consent banner. Disabling certain cookies may affect the functionality of the Service.

We honour Do Not Track (DNT) browser signals where technically feasible.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 All Users

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate or incomplete information.
• Deletion: request deletion of your personal information, subject to legal retention requirements.
• Data export: request a copy of your Customer Data in a machine-readable format.
• Opt-out of marketing: unsubscribe from marketing communications at any time via the unsubscribe link in any email or by contacting us.

8.2 Additional Rights for EEA/UK/Swiss Residents (GDPR)

• Right to restrict processing of your personal data.
• Right to data portability in a structured, commonly used format.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
• Right to lodge a complaint with your local data protection authority.

8.3 Canadian Residents (PIPEDA)

• Right to know what personal information we hold about you and how it is used.
• Right to challenge the accuracy and completeness of your information.
• Right to withdraw consent for the collection, use, or disclosure of your information, subject to legal or contractual restrictions.

To exercise any of these rights, contact us at privacy@reclivio.com. We will respond within thirty (30) days, or within the timeframe required by applicable law.

Reclivio is based in Toronto, Ontario, Canada. Your information may be processed and stored in Canada, the United States, or other jurisdictions where our service providers operate.

Where we transfer personal data outside of Canada or the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities, adequacy decisions, or other lawful transfer mechanisms.

Canada has been recognized by the European Commission as providing an adequate level of data protection for commercial organizations subject to PIPEDA.

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@reclivio.com.

We comply with CASL requirements for all commercial electronic messages. Specifically:

1. We only send marketing emails to individuals who have provided express opt-in consent.
2. All commercial messages include our identity, contact information, and physical mailing address.
3. Every marketing email includes a clear and functional unsubscribe mechanism that is processed within ten (10) business days.
4. We maintain records of consent, including the date, method, and purpose of consent.

Transactional messages (such as billing confirmations, security alerts, and service notifications) are sent without requiring marketing consent, as permitted by CASL.

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with through the Service.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account or through a prominent notice on our website at least thirty (30) days before taking effect. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically. The “Effective Date” at the top of this document indicates when it was last updated.

For questions or concerns about this Privacy Policy or our data practices, or to exercise your privacy rights, please contact our Data Protection Officer:

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the applicable data protection authority:

1. Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca).
2. European Union: your local supervisory authority under the GDPR.
3. United Kingdom: the Information Commissioner's Office (ico.org.uk).