At Innovapte Corp. (“Innovapte,” “we,” “us,” or “our”), data integrity, governance, and security are at the core of everything we do. This Privacy Policy Statement explains how we collect, receive, use, process, store, and protect Personal Information, Personnel Data, and Personal Health Information (collectively referred to as “Information” or “Data”) acquired through our website, software products (including DataVapte, Innovtrack, PolicyApt, and InnoVIA), and during the delivery of our enterprise SAP consulting and migration services.
This policy is designed to maintain compliance with applicable federal, provincial, and international data protection laws, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), provincial privacy statutes, and explicit enterprise contractual requirements.
1. Enterprise Data Processing & Scope
While providing SAP implementation, consulting, and data migration services, Innovapte acts as a data processor for our clients.
- Scope of Processing: We only process client-provided Information for the sole and exclusive purpose of fulfilling our specific contractual obligations and delivery milestones. We do not own, sell, modify, alter, manipulate, de-identify, or link client data for any secondary marketing or unauthorized analytical purposes.
- Access Control: Access to sensitive client data or infrastructure is strictly restricted using the principle of least privilege. Only authorized Innovapte Personnel or Approved Subcontractors with a verifiable, roles-based business need are granted access.
2. Technical, Administrative, and Physical Safeguards
Innovapte maintains a documented, rigorous information security program encompassing enterprise-grade Safeguards designed to protect data against unauthorized processing, loss, theft, alteration, or accidental destruction. These controls align with accepted industry best practices and include:
- Data Encryption: All data managed or transported by Innovapte is encrypted both at rest and in transit across all electronic and wireless networks.
- Network & Infrastructure Security: We utilize network firewalls, packet filtering, intrusion detection systems (IDS), and continuous vulnerability scanning to identify and rapidly remediate potential infrastructure risks.
- Malware Protection: Up-to-date anti-malware and endpoint security solutions run continuously across all company systems to guard against advanced digital threats.
- Business Continuity & Backups: Regular, secure configuration and data backups are conducted to support full disaster recovery capabilities and ensure continuous data availability.
- Physical Security: Electronic access controls, locks, and strict physical monitoring secure our data facilities and offices.
3. Transparency, Hosting, and Cross-Border Transfers
Innovapte maintains strict transparency regarding where data is stored and processed.
- Data Sovereignty: Client data is stored and processed within designated geographic regions as contractually agreed upon with each client.
- Change Notification: In the event that a change in our infrastructure or hosting requires data to be processed or moved to an alternate location, Innovapte will provide written notice to affected client privacy officers at least thirty (30) days prior to execution.4. Privacy Incident Notification and Coordination