Legal

Privacy Policy

Last updated: May 14, 2026

CyberVerge ("we", "us") operates CyVeR, a Transportation Management System for trucking and logistics operators. We are based in Vancouver, British Columbia, Canada. This policy describes how we collect, use, disclose, and protect personal information.

Privacy questions and data-rights requests: contact our Data Protection Officer at privacy@cyver.ca. General inquiries may also reach info@cyver.ca.


1. The framework we follow

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the substantially similar provincial laws of British Columbia (PIPA), Alberta (PIPA), and Quebec (Law 25). Our product is designed around the 10 Fair Information Principles in Schedule 1 of PIPEDA.


2. What we collect

CyVeR processes the following categories of personal information on behalf of each tenant (the trucking or logistics company that subscribes to the service):

  • Tenant administrators and users — name, email, role, hashed password, login activity
  • Drivers — name, contact details, licence and certification information, employment dates, hours-of-service logs, GPS pings during shifts, pre-trip inspection submissions
  • Customers (the tenant's shippers) — company name, contact name, address, billing details
  • Carriers (the tenant's subcontractors) — company name, contact information, insurance documents, application records
  • Orders, trips, and shipments — pickup and delivery addresses, container and reference numbers, pricing, status history, attached documents (proof-of-delivery, invoices)
  • Audit logs — every change made within an account, retained for security and dispute resolution

We collect personal information from website visitors only when they voluntarily submit it (for example, via a contact or demo-request form). Our marketing site uses Microsoft Clarity to understand how visitors navigate it (anonymized session recordings, click and scroll behaviour) — this runs only on cyver.ca, not inside the application. We do not run advertising trackers, behavioural-profile-for-ad-targeting tools, or sell visitor data.


3. Why we collect it

Each category serves a clearly identified purpose:

  • Operating the service for the tenant
  • Authentication and account security
  • Helping tenants meet their own compliance obligations (for example, hours-of-service logs required by Transport Canada)
  • Subscription billing
  • Dispute resolution and audit
  • Detecting fraud and unauthorized access

We do not use personal information for advertising, profiling unrelated to the service, training of AI models, or onward sale to third parties.


4. The tenant relationship

CyVeR operates as a service provider to each tenant. The tenant is the organization that signed up; the personal information they upload (their drivers, customers, carriers) was originally collected by the tenant under the tenant's own privacy obligations.

This means in practice:

  • A driver, customer, or carrier whose information appears in a CyVeR account should direct privacy requests to their employer or counterparty (the tenant) — not directly to us
  • The tenant administrator can self-serve a complete export of everything in their account, and can request account deletion, through Privacy & my data inside the application
  • CyVeR will assist tenants in fulfilling individual access, correction, or use-limitation requests they receive

5. Where data is hosted

We host customer data with reputable cloud-infrastructure providers under written data-processing agreements with appropriate safeguards. Data may be stored or processed in Canada, the United States, or other jurisdictions with comparable privacy protections. Wherever data sits, we remain accountable under PIPEDA for its protection.

Tenants who require data residency restricted to Canada specifically can arrange this on the Enterprise tier — please contact us before signing.


6. Subprocessors

We use the following subprocessors. Each is bound by a written data-processing agreement and reviewed periodically.

Subprocessor Purpose Region
Cloud hosting provider Application + database hosting Canada or comparable jurisdiction
Resend Transactional email — invoices, password resets, notifications United States
Cloudflare DNS, CDN, and DDoS protection for our marketing site Global
Stripe Subscription billing United States, Canada
QuickBooks Online Per-tenant opt-in invoice sync (Enterprise plans only) United States
Microsoft Clarity Marketing-site visitor analytics — cyver.ca only, not inside the application United States

Inside the application (app.cyver.ca), we do not use third-party AI providers, behavioural-analytics services, advertising networks, or customer-data brokers. The marketing site (cyver.ca) uses Microsoft Clarity for visitor analytics as described in section 2. If we add a subprocessor that handles tenant personal information, we will update this page and notify tenants by email.


7. Cross-border transfers

Some of the subprocessors listed above operate in the United States or globally. Under PIPEDA, the organization remains accountable for personal information regardless of where it is processed. Each provider is selected for contractual and technical safeguards comparable to those we apply ourselves.


8. Data retention

CyVeR applies retention schedules that balance operational needs with Canadian accounting, employment, and transportation rules. Typical periods include:

  • Invoices and financial records6 years from the tax year-end (CRA-aligned record-retention expectation)
  • Driver employment records7 years after the driver's departure or termination
  • Hours-of-service (HOS) / driver logs6 months in active operational use, plus 6 months on file
  • Trip and shipment records4 years
  • GPS location pings90 days
  • Audit logs7 years
  • Session tokens30 days (or shorter on idle timeout or logout)
  • Carrier portal applications (rejected)1 year
  • Active tenant operational data — retained while the subscription is active
  • Account after a deletion request30-day grace period, then permanently deleted except where law requires retention
  • Encrypted database backups — multi-tier retention: daily backups for short-term recovery, monthly backups retained for one year, yearly backups retained longer per Canadian record-retention practice for financial data

Tenants requiring different retention windows can negotiate enterprise-specific terms.


9. Your rights under PIPEDA

Subject to legal or contractual limits, individuals have these rights:

  • Right to access — Know what personal information we hold about you and obtain a copy. Authenticated subscribers can launch the in-app overview at app.cyver.ca/privacy/me.
  • Right to correction — Request correction of inaccurate or incomplete information through the same in-app Privacy & my data area; we route requests to the appropriate tenant administrator when the data is held on behalf of a fleet.
  • Right to deletion — Request erasure of your account and associated personal data. We apply a 30-day grace period before permanent deletion so accidental requests can be reversed; some records may need to remain where law requires retention (for example CRA financial records).
  • Right to data portability — Download your data in structured form (JSON export available in-app from Privacy & my data).
  • Right to withdraw consent — Where consent is the legal basis, withdrawal may affect service availability; contact CyVeR support to withdraw consent tied to CyVeR as processor or to escalate to your fleet's administrator for tenant-held data.
  • Right to complain — You may lodge a complaint with the Privacy Commissioner of Canada (https://www.priv.gc.ca/) if you believe your rights have been infringed.

Individuals whose data appears only inside a customer's CyVeR account (such as shipper contacts) should usually contact that carrier first; we assist our tenant-customers when they ask us to fulfil a lawful request.


10. How to exercise your rights

  1. Log in to your CyVeR account at https://app.cyver.ca.
  2. Open the profile dropdown and choose Privacy & my data.
  3. From there you can download your data, request a correction, or delete your account (subject to the grace period and legal holds described above).

If you are not a CyVeR user but your information appears in our systems because a carrier or logistics customer uses CyVeR (for example, you are named on a shipment), contact privacy@cyver.ca and we will coordinate with the relevant tenant.


11. Data breach notification

If a breach of security safeguards creates a real risk of significant harm to individuals, we notify the Office of the Privacy Commissioner of Canada and affected individuals within a reasonable timeframe, as required by PIPEDA. We maintain a documented internal incident-response procedure covering assessment, containment, notification, and remediation.


12. Data protection officer

Our Data Protection Officer can be reached at privacy@cyver.ca. We acknowledge access and correction requests and respond within 30 days where PIPEDA requires it, unless an extension is permitted by law and we notify you.


13. Security

Our security practices include:

  • Passwords stored as strong one-way hashes — never recoverable, even by us
  • TLS encryption for all connections in transit
  • Database backups encrypted with AES-256-GCM at rest, with documented retention
  • Email-based multi-factor authentication for office users — drivers authenticate with separate mobile flows
  • Tamper-evident audit logging of every change to tenant data
  • Role-based access control (RBAC) within tenants
  • Per-tenant data isolation enforced at the database query layer
  • Regular dependency security reviews

No system is perfectly secure. If a breach involves a real risk of significant harm, we will notify affected tenants and the Office of the Privacy Commissioner promptly, as required by PIPEDA section 10.1.


14. Changes to this policy

We will post material changes here with an updated "Last updated" date. Tenants will receive an email notice 30 days before any change that broadens our use of their data.


15. Contact

Privacy, access, correction, portability, deletion, and complaints: privacy@cyver.ca

General inquiries: info@cyver.ca

CyberVerge
Vancouver, British Columbia, Canada

Request a Demo