AutomateSolutionsPlus (ASP) Privacy Policy

1. Introduction

AutomateSolutionsPlus (“we”, “our”, “us”) provides business automation services using various automation platforms and integrated APIs. We are committed to protecting your privacy and ensuring transparency regarding how your data is processed through our automation services.

2. What Data We Process

Depending on your automation needs, we may process the following types of data:

  • Customer names, email addresses and phone numbers (for contact purposes only)

  • Data gathered for billing and payments (e.g., payment details, billing addresses, invoice references)

  • Data you voluntarily provide via connected APIs (e.g., Personal/Company Emails, Google Workspace, ChatGPT, Apify), using OAuth authentication whenever possible for the most secure connection.

  • Logs of automation runs (kept for troubleshooting purposes, limited retention per below)

3. How We Use Your Data

We use data solely for the purpose of executing and managing automations on your behalf. We do not sell, rent, or share your data with unauthorized third parties.

Additionally, while AutomateSolutionsPlus does not directly collect cookies, third-party services integrated with our automation platform, such as apps connected via API, may use cookies or similar tracking technologies for purposes like authentication, analytics, and improving user experience. We encourage you to review the privacy and cookie policies of these third-party services to understand their data handling practices.

4. Where Data is Processed

Data is processed through the servers of various automation platforms and third-party APIs that you approve, such as:

  • Stripe: Data may be stored in the US/EU.

  • OpenAI: Data processed in the US.

  • Claude.io: Data processed according to Claude.io’s data policies.

  • Google: Subject to Google’s data policies.

  • Apify: Data processed in the EU/US.

  • Slack: Collaboration and messaging platform; data processed according to Slack's data policies.

  • Salesforce: Customer relationship management (CRM) platform; data may be stored in the US/EU.

  • Airtable: Cloud collaboration service; data may be stored in the US.

  • Make.com: Visual automation platform; data processed according to Make.com’s data policies, which may include processing in the EU.

As well as any other third-party services you choose to connect, each governed by their own data policies.

Data you provide may be transferred to and processed in countries outside your jurisdiction, including the US and EU. As we are based in Canada, we ensure that appropriate safeguards, such as Standard Contractual Clauses or other legal mechanisms, are in place to protect your data, in compliance with Canadian data protection regulations and applicable international laws.

5. Security Measures

We maintain the following security practices:

  • Two-factor authentication (2FA) on all platforms and authenticator apps if available

  • API key rotation policies

  • Data minimization: we only process the necessary information

  • Logs are automatically purged after 30 days or less

  • Regular scenario audits

  • All internal communications are conducted through encrypted messaging platforms and secure email systems to protect the confidentiality of your data.

  • Data shared with clients is done exclusively through secure channels, such as encrypted emails or password-encrypted files

  • Role-based access control (RBAC) to automations and client files, ensuring that only authorized personnel have access to sensitive data

  • Customer data is backed up to a secure, encrypted external hard drive on a monthly basis to ensure protection and recovery in the event of data loss

6. Your Rights

As per GDPR and PIPEDA regulations, you have the right to:

  • Request access to data processed on your behalf

  • Request deletion of data we hold, which will be processed within 30 days of your request

  • Limit the scope of data processing

  • File a complaint with the Privacy Commissioner of Canada

To make such requests, please contact us using the details provided in the "Contact" section.

7. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Consent: Where you have given us explicit permission to process your data.

  • Contractual Necessity: To fulfill our contract with you, such as providing automation services.

  • Legitimate Interests: For the purposes of maintaining and improving our services.

8. Data Retention

Project data is retained for 5 years; communications for 3 years; financial records for 7 years for tax and legal purposes.

We retain automation logs for troubleshooting purposes for a maximum of 30 days. After this period, all logs are automatically purged.

9. Third-Party Data Transfers

We only transfer data to third-party services that you have explicitly authorized through your integrations. While we take care to choose reputable services, we cannot control how these third-party providers store, process, or secure your data once it is transferred. We recommend reviewing the privacy policies and terms of service of these providers to understand their data handling practices

10. Updates to the Privacy Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or data processing practices. Any updates will be posted on this page, and we will notify you of significant changes through your preferred contact method. We encourage you to review this policy periodically.

11. Contact

If you have questions or concerns regarding this policy, please contact us at: info@automatesolutionsplus.com