How {{COMPANY_LEGAL_NAME}} (“{{COMPANY_BRAND_NAME}}”) protects your data using reasonable, industry-aligned security practices. This page is informational, not contractual — see the “Important note” below.
We use reasonable administrative, technical, and organizational safeguards to protect customer data, but no method of transmission or storage is completely secure and no system is 100% secure. We do not guarantee that the Service will be free from vulnerabilities, outages, or incidents. If you discover a security issue or want to make a good-faith security report, please contact {{COMPANY_COMPLIANCE_EMAIL}}.
{{COMPANY_LEGAL_NAME}} uses reasonable administrative, technical, and organizational measures designed to protect personal information and customer data. This page describes those practices at a high level. It is provided for informational transparency and is not a contractual warranty.
Our practices evolve over time as technology and threats change. Where a customer contract specifically references security commitments, that contract controls.
We limit internal access to personal information and customer data to authorized persons who need that access for a specific operational, support, security, or legal purpose. Common practices include:
Authentication may be handled through one or more methods, including third-party providers such as Google or other identity providers. Where third-party authentication is used, credential verification and session issuance occur on the provider’s side; we only receive the authenticated identity they return.
We rely on reputable third-party providers for hosting, cloud infrastructure, payment processing, email, analytics (where applicable), and AI services. We select providers that publicly commit to recognized security practices and review them before onboarding.
Where applicable, we put contractual safeguards in place (for example, data processing agreements or equivalent). We do not independently audit our providers’ infrastructure and rely on their controls in addition to our own.
We use HTTPS/TLS to protect data in transit between your browser and the Service. At rest, data is stored with encryption features provided by our cloud and database providers; we do not publish precise algorithm or key-length details for every component.
We do not hold formal certifications such as SOC 2 or ISO 27001 unless explicitly stated in writing. If a specific level of detail is required for your compliance program, contact us at {{COMPANY_COMPLIANCE_EMAIL}}.
When you use AI-powered features, the prompts, files, instructions, and related content you submit — and the outputs generated in response — are transmitted to and processed by third-party AI providers (for example, Microsoft Azure OpenAI, OpenAI, or Google Gemini / Veo). Some of these providers may process information outside Québec or Canada, including in the United States.
We do not intentionally use customer content to train our own general AI models. Where we rely on third-party AI providers, their processing may be governed by their own service terms and data-handling practices, which we do not control. We encourage you to review those terms before submitting sensitive information. If you have questions about a specific provider we use, please contact us at {{COMPANY_COMPLIANCE_EMAIL}}.
If we become aware of a security incident affecting personal information or customer data, we will take steps we consider reasonable under the circumstances, which may include:
We do not commit to a specific notification deadline outside what the law requires. You can report a suspected incident or a good-faith security finding to {{COMPANY_COMPLIANCE_EMAIL}}.
Security is a shared responsibility. You are responsible for:
No system is 100% secure, and we do not guarantee that the Service will always be available, free of vulnerabilities, or immune from unauthorized access.
For security questions or good-faith security reports, contact us:
{{COMPANY_LEGAL_NAME}}
Email: {{COMPANY_COMPLIANCE_EMAIL}}
Website: {{COMPANY_WEBSITE}}