Introduction
Welcome to Recure. This privacy policy explains how we collect, use, and safeguard your personal information in compliance with the General Data Protection Regulation (GDPR), Articles 13 and 14.
Data Controller / Responsible for the Protection of Personal Information
2 Bloor Street East
10th Floor, Ste C6948, Situ Centre
Toronto, ON M4W 1A8
Canada
Data Processing Activities
Below is an overview of how we process personal data, including the purposes for processing legal bases, retention periods, and recipients.
| Processing activity | Purpose | Categories of personal information | Lawful basis | Retention period | Recipient of information | Mandatory or Optional |
|---|---|---|---|---|---|---|
| HTTP Requests / Responses | To process web the application, log failures and agent strings, and protect against DDoS | Log (including IP address, URLs, user agent strings, etc.) | Consent | As long as the user account is active and 1 year after the account is not used | IT support | Mandatory |
| Navigating | Necessary for the functioning of the site | Cookies | contractual | Cookie banner: Privacy policy and terms of service | Not applicable | Mandatory |
| Navigating | For Analytics, etc. | Cookies | consent | Cookie banner: Privacy policy and terms of service, Acceptable Use Policy | Commercial Team | Optional |
| Contact Form | To respond (number for pre-contractual, purchase steps) | Name, Email, Phone Number | Contractual | As long as it is needed to provide the requested service | Commercial Team | Optional |
| Demo request | To respond (number for pre-contractual, "demo" request) | Name, Phone Number | Contractual | As long as needed for the service rendered | Commercial Team | Optional |
| Newsletter | To subscribe to the newsletter | Email Address | Consent | As long as the user consents, cancel at any time or at least 5x a summer | Commercial Team | Optional |
| Webmail (Interity suite/Gmail) | Connect to webmail panel | Email address, Password (encrypted) | Contractual | For time of the session | Administrative | Optional |
| Capsed (internal use panel) | Connect to Capsed administration panel | Email address, Password (encrypted), password reset | Contractual | The time of the session | Administrative | Optional |
| Login (applicant/users) | Connect to the user panel | Email address, Password | Contractual | The time of the session | Not Applicable | Mandatory |
| Registering (applicant) | Register to the website as user | First Name, Last Name, Password, Email address, Phone number | Contractual | As long as the user account is active and 1 year after the account is not used | Not Applicable | Mandatory |
| Verification (applicant/users) | Verification of identity for the purpose of fighting a Non-Disclosure Agreement (NDA) | National ID (SSN / National Insurance / passport code and expiry date) | Contractual | The time necessary to verify the ID | Cybersecurity Team | Mandatory |
| Profile Update – Personal Info (applicant/users) | To update personal information | Last Name, First Name, Suffix, Picture, Phone number, Father's Name, Mother's Name | Contractual | As long as the user account is active and 1 year after the account was not used | Not Applicable | Optional |
| Profile Update – Contact Info (applicant/users) | To update contact information | Phone number, Country, Region, Address, City | Contractual | As long as the user account is active and 1 year after the account was not used | Commercial Team | Optional |
Security Measures
Recure uses HTTPS/TLS to protect data during transmission. Technical and organizational measures are in place to help access, prevent unauthorized intrusion, and ensure the confidentiality of personal data.
Third-Party Data Recipients & Transfers
We may disclose personal data to partners who utilize GDPR-compliant or, where applicable, certified under the Data Privacy Framework (DPF) if privacy protections recognized for UK/EU legal safeguards, to facilitate service delivery. Domestic providers only transfer within the EU; for export outside of the EU, the appointment of an EU representative—or in combination of these mechanisms.
| Company | HQ Country | Compliant | Legal Basis |
|---|---|---|---|
| Guesty AI | Canada | Adequacy decision/Canada | |
| Infrastructure International Ltd | Bangladesh | SCCs with commission/Bangladesh (B) | |
| eCloud | United Kingdom | Adequacy decision/UK | |
| CloudFlare | United States | DPF verified | |
| United States | DPF verified | ||
| Guesty | United States / Ireland | DPF; SCCs + Adequacy decision | |
| Formspree | United States / Ireland | SCCs only | |
| Gumny | United States / Ireland | DPF; SCCs + EU office | |
| Bluecard | United States / Netherlands | DPF; SCCs + EU office | |
| ClarkUp | United States / Ireland | SCCs + EU office | |
| Microsoft | United States / EU | DPF; SCCs + EU office | |
| AskNicely | India / United Kingdom | Adequacy decision/UK) | |
| Feedbear | United States | SCCs only | |
| Intercom | United States | SCCs; DPF + EU representative |
Your Rights Under GDPR
You have the following rights concerning your personal data:
To exercise these rights, please contact us at privacy@recure.ai
Right to Lodge a Complaint
If you believe that your data rights have been violated, you have the right to lodge a complaint with a supervisory authority in the European Economic Area (EEA). https://edpb.europa.eu/about-edpb/about-edpb/members_en
Mandatory Data and Consequences of Non-Provision
If you do not provide certain mandatory data as outlined, you may be unable to use certain features of the site such as account creation or receiving responses from other members.
Cookies & Tracking Technologies
All details regarding cookies, including their purposes and retention periods, can be found in the cookie banner displayed on our website.
Updates to This Privacy Policy
We may update this Privacy Policy periodically. Any significant changes will be communicated via email or a notice on our website.
Complementary Privacy Rights for California Residents (CCPA / CPRA)
In addition to the rights already described in this Privacy Policy, California residents benefit from the following specific rights:
Applicability for Canadian Residents (PIPEDA / Québec Law 25)
This Privacy Policy also complies with Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) for most of Canada; the Data Controller also serves as the Privacy Officer as required under Québec's Law 25.