CyberVerge ("we", "us") operates CyVeR, a Transportation Management System for trucking and
logistics operators. We are based in Vancouver, British Columbia, Canada. This policy describes how
we collect, use, disclose, and protect personal information.
Privacy questions and data-rights requests: contact our Data Protection Officer at
[email protected]. General inquiries may also reach
[email protected].
1. The framework we follow
We comply with the Personal Information Protection and Electronic Documents
Act (PIPEDA) and the substantially similar provincial laws of British Columbia (PIPA), Alberta
(PIPA), and Quebec (Law 25). Our product is designed around the 10 Fair Information Principles in Schedule 1 of PIPEDA.
2. What we collect
CyVeR processes the following categories of personal information on behalf of each tenant (the trucking or logistics company that subscribes to the service):
- Tenant administrators and users — name, email, role, hashed
password, login activity
- Drivers — name, contact details, licence and certification
information, employment dates, hours-of-service logs, GPS pings during shifts, pre-trip inspection
submissions
- Customers (the tenant's shippers) — company name, contact name,
address, billing details
- Carriers (the tenant's subcontractors) — company name, contact
information, insurance documents, application records
- Orders, trips, and shipments — pickup and delivery addresses,
container and reference numbers, pricing, status history, attached documents (proof-of-delivery,
invoices)
- Audit logs — every change made within an account, retained for
security and dispute resolution
We collect personal information from website visitors only when they voluntarily submit it (for example, via
a contact or demo-request form). Our marketing site uses Microsoft Clarity to understand how visitors
navigate it (anonymized session recordings, click and scroll behaviour) — this runs only on cyver.ca, not
inside the application. We do not run advertising trackers, behavioural-profile-for-ad-targeting tools,
or sell visitor data.
3. Why we collect it
Each category serves a clearly identified purpose:
- Operating the service for the tenant
- Authentication and account security
-
Helping tenants meet their own compliance obligations (for example, hours-of-service logs required by
Transport Canada)
- Subscription billing
- Dispute resolution and audit
- Detecting fraud and unauthorized access
We do not use personal information for advertising, profiling unrelated to the service, training of AI
models, or onward sale to third parties.
4. The tenant relationship
CyVeR operates as a service provider to each tenant. The tenant is
the organization that signed up; the personal information they upload (their drivers, customers, carriers)
was originally collected by the tenant under the tenant's own privacy obligations.
This means in practice:
- A driver, customer, or carrier whose information appears in a
CyVeR account should direct privacy requests to their employer or counterparty (the tenant) — not directly
to us
- The tenant administrator can self-serve a complete export of
everything in their account, and can request account deletion, through Privacy & my data inside the
application
- CyVeR will assist tenants in fulfilling individual access,
correction, or use-limitation requests they receive
5. Where data is hosted
We host customer data with reputable cloud-infrastructure providers under written data-processing agreements
with appropriate safeguards. Data may be stored or processed in Canada, the United States, or other jurisdictions with comparable privacy protections. Wherever data sits, we remain accountable under PIPEDA for its protection.
Tenants who require data residency restricted to Canada specifically can arrange this on the Enterprise tier
— please contact us before signing.
6. Subprocessors
We use the following subprocessors. Each is bound by a written data-processing agreement and reviewed
periodically.
| Subprocessor | Purpose | Region |
| Cloud hosting provider | Application + database hosting | Canada or comparable jurisdiction |
| Resend | Transactional email — invoices, password resets, notifications | United States |
| Cloudflare | DNS, CDN, and DDoS protection for our marketing site | Global |
| Stripe | Subscription billing | United States, Canada |
| QuickBooks Online | Per-tenant opt-in invoice sync (Enterprise plans only) | United States |
| Microsoft Clarity | Marketing-site visitor analytics — cyver.ca only, not inside the application | United States |
Inside the application (app.cyver.ca), we do not use third-party AI providers, behavioural-analytics
services, advertising networks, or customer-data brokers. The marketing site (cyver.ca) uses Microsoft Clarity for visitor analytics as described in section 2. If we add a subprocessor that handles tenant
personal information, we will update this page and notify tenants by email.
7. Cross-border transfers
Some of the subprocessors listed above operate in the United States or globally. Under PIPEDA, the organization
remains accountable for personal information regardless of where it is processed. Each provider is selected for
contractual and technical safeguards comparable to those we apply ourselves.
8. Data retention
CyVeR applies retention schedules that balance operational needs with Canadian accounting, employment, and
transportation rules. Typical periods include:
- Invoices and financial records — 6 years from the tax year-end (CRA-aligned record-retention expectation)
- Driver employment records —
7 years after the driver's departure or termination
- Hours-of-service (HOS) / driver logs —
6 months in active operational use, plus 6 months on file
- Trip and shipment records —
4 years
- GPS location pings —
90 days
- Audit logs —
7 years
- Session tokens —
30 days (or shorter on idle timeout or logout)
- Carrier portal applications (rejected) —
1 year
- Active tenant operational data — retained while the subscription is
active
- Account after a deletion request — 30-day grace period, then permanently deleted except where law requires retention
- Encrypted database backups — multi-tier retention: daily backups
for short-term recovery, monthly backups retained for one year, yearly backups retained longer per Canadian
record-retention practice for financial data
Tenants requiring different retention windows can negotiate enterprise-specific terms.
9. Your rights under PIPEDA
Subject to legal or contractual limits, individuals have these rights:
- Right to access — Know what personal information we hold about you
and obtain a copy. Authenticated subscribers can launch the in-app overview at
app.cyver.ca/privacy/me.
- Right to correction — Request correction of inaccurate or incomplete
information through the same in-app Privacy & my data area; we route requests to the appropriate tenant
administrator when the data is held on behalf of a fleet.
- Right to deletion — Request erasure of your account and associated
personal data. We apply a 30-day grace period before permanent
deletion so accidental requests can be reversed; some records may need to remain where law requires
retention (for example CRA financial records).
- Right to data portability — Download your data in structured form
(JSON export available in-app from Privacy & my data).
- Right to withdraw consent — Where consent is the legal basis,
withdrawal may affect service availability; contact CyVeR support to withdraw consent tied to CyVeR as
processor or to escalate to your fleet's administrator for tenant-held data.
- Right to complain — You may lodge a complaint with the Privacy
Commissioner of Canada (https://www.priv.gc.ca/) if you believe your rights have been infringed.
Individuals whose data appears only inside a customer's CyVeR account
(such as shipper contacts) should usually contact that carrier first; we assist our tenant-customers when they ask
us to fulfil a lawful request.
10. How to exercise your rights
- Log in to your CyVeR account at
https://app.cyver.ca. - Open the profile dropdown and choose Privacy & my data.
-
From there you can download your data, request a correction, or delete your account (subject to the grace period and legal
holds described above).
If you are not a CyVeR user but your information appears in our
systems because a carrier or logistics customer uses CyVeR (for example, you are named on a shipment), contact
[email protected] and we
will coordinate with the relevant tenant.
11. Data breach notification
If a breach of security safeguards creates a real risk of significant harm to
individuals, we notify the Office of the Privacy Commissioner of Canada and affected individuals within a
reasonable timeframe, as required by PIPEDA. We maintain a documented
internal incident-response procedure covering assessment, containment, notification, and remediation.
12. Data protection officer
Our Data Protection Officer can be reached at
[email protected]. We acknowledge access and correction requests and respond within 30 days where PIPEDA requires it, unless an extension is permitted by law and we notify you.
13. Security
Our security practices include:
-
Passwords stored as strong one-way hashes — never recoverable, even by us
- TLS encryption for all connections in transit
-
Database backups encrypted with AES-256-GCM at rest, with
documented retention
-
Email-based multi-factor authentication for office users — drivers authenticate with separate mobile flows
- Tamper-evident audit logging of every change to tenant data
- Role-based access control (RBAC) within tenants
- Per-tenant data isolation enforced at the database query layer
- Regular dependency security reviews
No system is perfectly secure. If a breach involves a real risk of significant harm, we will notify affected
tenants and the Office of the Privacy Commissioner promptly, as required by PIPEDA section 10.1.
14. Changes to this policy
We will post material changes here with an updated "Last updated" date. Tenants will receive an email notice
30 days before any change that broadens our use of their data.
15. Contact
Privacy, access, correction, portability, deletion, and complaints:
[email protected]
General inquiries:
[email protected]
CyberVerge
Vancouver, British Columbia, Canada