>

Privacy Statement

INNOVAPTE CORP. PRIVACY POLICY & DATA GOVERNANCE STATEMENT

At Innovapte Corp. (“Innovapte,” “we,” “us,” or “our”), data integrity, governance, and security are at the core of everything we do. This Privacy Policy Statement explains how we collect, receive, use, process, store, and protect Personal Information, Personnel Data, and Personal Health Information (collectively referred to as “Information” or “Data”) acquired through our website, software products (including DataVapte, Innovtrack, PolicyApt, and InnoVIA), and during the delivery of our enterprise SAP consulting and migration services.  

This policy is designed to maintain compliance with applicable federal, provincial, and international data protection laws, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), provincial privacy statutes, and explicit enterprise contractual requirements.  

1. Enterprise Data Processing & Scope 

While providing SAP implementation, consulting, and data migration services, Innovapte acts as a data processor for our clients.  

  • Scope of Processing: We only process client-provided Information for the sole and exclusive purpose of fulfilling our specific contractual obligations and delivery milestones. We do not own, sell, modify, alter, manipulate, de-identify, or link client data for any secondary marketing or unauthorized analytical purposes.  
  • Access Control: Access to sensitive client data or infrastructure is strictly restricted using the principle of least privilege. Only authorized Innovapte Personnel or Approved Subcontractors with a verifiable, roles-based business need are granted access.  

2. Technical, Administrative, and Physical Safeguards 

Innovapte maintains a documented, rigorous information security program encompassing enterprise-grade Safeguards designed to protect data against unauthorized processing, loss, theft, alteration, or accidental destruction. These controls align with accepted industry best practices and include:  

  • Data Encryption: All data managed or transported by Innovapte is encrypted both at rest and in transit across all electronic and wireless networks.  
  • Network & Infrastructure Security: We utilize network firewalls, packet filtering, intrusion detection systems (IDS), and continuous vulnerability scanning to identify and rapidly remediate potential infrastructure risks.  
  • Malware Protection: Up-to-date anti-malware and endpoint security solutions run continuously across all company systems to guard against advanced digital threats.  
  • Business Continuity & Backups: Regular, secure configuration and data backups are conducted to support full disaster recovery capabilities and ensure continuous data availability.  
  • Physical Security: Electronic access controls, locks, and strict physical monitoring secure our data facilities and offices.  

3. Transparency, Hosting, and Cross-Border Transfers 

Innovapte maintains strict transparency regarding where data is stored and processed.  

  • Data Sovereignty: Client data is stored and processed within designated geographic regions as contractually agreed upon with each client.  
  • Change Notification: In the event that a change in our infrastructure or hosting requires data to be processed or moved to an alternate location, Innovapte will provide written notice to affected client privacy officers at least thirty (30) days prior to execution.4. Privacy Incident Notification and Coordination  

4. Privacy Incident Notification and Coordination

Innovapte views data security as a shared responsibility. In the event of an authorized access, data breach, or security vulnerability involving client data: 

  • Immediate Notification: Innovapte will notify the affected client’s designated privacy and IT security team immediately, and no later than twenty-four (24) hours after discovering the incident.  
  • Full Investigation Cooperation: We will fully cooperate with client security audits, provide access to relevant forensic logs or material reports, facilitate interviews, and work closely with client teams to immediately isolate and remedy the breach at our own expense.  

5. Website Interactions and Cookies

For visitors interacting directly with the public-facing (https://innovapte.com) web portal: 

Cookies & Tracking 

  • Authentication/Logins: If you visit our page, a temporary cookie is set to verify if your browser accepts cookies; this contains no personal data and discards upon closing your browser. Logging into an account sets multiple cookies to track login state (lasting 2 days, or 2 weeks if “Remember Me” is chosen) and screen options (lasting 1 year). 
  • Embedded Content: Articles on our site may feature embedded content (e.g., videos, images). Embedded content from third-party websites behaves in the exact same manner as if the visitor visited that source site directly, and those sites may track your interactions if you are logged into their platform.


6. Data Retention and Destruction

  • Website Data: Comments and associated metadata are retained indefinitely to streamline follow-up comment moderation. Registered user profiles store personal details provided in their user section, editable by the user at any time (excluding usernames). 
  • Enterprise Client Data: Upon completion of services or termination of a contract, Innovapte immediately purges, overwrites, or securely returns all client-owned personal and confidential datasets. Upon request, a formal Certificate of Destruction will be generated and signed by our compliance officer to verify that no residual data remains within our possession or active control.  

7. Your Data Rights

Under applicable privacy legislation, individuals hold specific rights over their personal information. You may request an exported file of the personal data we hold about you, or request that we erase your data. This does not include any information we are contractually or legally obligated to retain for administrative, legal, compliance, or essential security purposes.  

8. Governance Accountability & Contact Information 

Innovapte has designated dedicated internal roles to oversee the ongoing enforcement, training, and compliance tracking of our data practices:  

  • Privacy Compliance Officer: Accountable for monitoring adherence to global privacy laws, employee compliance training, and administering corporate data protection frameworks.  
  • Information Security Officer: Accountable for managing IT safeguards, threat response, and overseeing technical data security roles throughout the organization.  

For any inquiries, requests to exercise your data rights, or questions regarding our enterprise data security posture, please contact us: 

Innovapte Corp.  

401-30 Eglinton Ave West Mississauga, ON L5R 3E7,  

Canada Phone:
1 (800) 501-5138 / 647-468-4976 

Email: info@innovapte.com