Effective Date: June 19, 2025

At ThreatClarity™ by M-TECH Business Solutions Inc. ("M-TECH", "we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our vulnerability assessment platform and related services (the "Service").

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you register and use our Service:

• Account Information: Username, email address, full name, organization details
• Authentication Data: Password hashes, multi-factor authentication settings
• Contact Information: Email address for communications and support
• Payment Information: Billing details processed through secure payment providers

1.2 Technical Information

• Scan Data: Domain names, IP addresses, and network information you authorize us to test
• Usage Data: Login times, feature usage, scan history, and platform interactions
• System Information: Browser type, IP address, device information for security purposes
• Security Findings: Vulnerability data, risk assessments, and compliance reports

1.3 Automatically Collected Information

• Log Data: Server logs, error reports, and system performance metrics
• Analytics: Platform usage patterns to improve our services
• Security Monitoring: Login attempts, suspicious activities, and access patterns

2. How We Use Your Information

2.1 Service Provision

• Conduct authorized vulnerability assessments and security testing
• Generate security reports and compliance documentation
• Provide customer support and technical assistance
• Process payments and manage subscriptions

2.2 Platform Improvement

• Analyze usage patterns to enhance platform functionality
• Develop new features and security assessment capabilities
• Optimize performance and user experience
• Conduct research for cybersecurity advancement

2.3 Communication

• Send security alerts and important service notifications
• Provide scan completion notifications and reports
• Respond to support requests and inquiries
• Share security best practices and threat intelligence (optional)

3. Information Sharing and Disclosure

3.1 Authorized Sharing

We may share your information only in the following circumstances:

• Service Providers: Trusted partners who assist in service delivery (cloud hosting, payment processing)
• Legal Requirements: When required by law, court order, or government regulation
• Security Incidents: To protect against fraud, security threats, or illegal activities
• Business Transfers: In case of merger, acquisition, or sale of assets (with notice)

3.2 Anonymized Data

We may use and share anonymized, aggregated data that cannot identify individual users for:

• Industry research and threat intelligence
• Security trend analysis and reporting
• Platform improvement and benchmarking

4. Data Security

4.1 Security Measures

• Encryption: All data transmitted and stored using industry-standard encryption
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Audits: Security assessments and compliance reviews

4.2 Data Retention

• Account Data: Retained while your account is active and for 90 days after closure
• Scan Results: Stored for historical analysis and comparison (minimum 1 year)
• Legal Requirements: Some data may be retained longer as required by law
• Backup Data: Secure backups maintained for disaster recovery purposes

5. Your Privacy Rights

5.1 Access and Control

You have the right to:

• Access: Request copies of your personal information
• Correct: Update or correct inaccurate information
• Delete: Request deletion of your personal information (subject to legal requirements)
• Export: Download your data in a portable format

5.2 Communication Preferences

• Opt out of non-essential communications
• Choose notification frequency and delivery methods
• Unsubscribe from marketing communications (where applicable)

6. Compliance and Jurisdiction

6.1 Regulatory Compliance

We comply with applicable privacy laws including:

• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• CASL (Canadian Anti-Spam Legislation) - Canada

6.2 International Transfers

Your data may be processed in Canada and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for international data transfers.

7. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to delete such information.

8. Cookies and Tracking

8.1 Cookie Usage

• Essential Cookies: Required for platform functionality and security
• Analytics Cookies: Help us understand platform usage and performance
• Preference Cookies: Remember your settings and preferences

8.2 Cookie Control

You can control cookies through your browser settings, though disabling essential cookies may affect platform functionality.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our platform
• Sending email notifications for material changes
• Updating the "Effective Date" at the top of this policy

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us: