Effective date: March 30, 2026
BluePeak Systems Inc. operates VimyHQ, accessible at vimyhq.com (the "Website") and through our platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our Website, use our Service, or otherwise interact with us.
If you have questions about this policy, contact us at [email protected].
2.1 Information You Provide Directly
Name, email address, company name, job title, phone number, and billing address when you register for an account or subscribe to VimyHQ.
Payment card details and billing address. Payment processing is handled by our third-party payment processor; we do not store full credit card numbers on our systems.
Information you provide when you contact us for support, submit inquiries, participate in surveys, or communicate with us via email or other channels.
Technical details about your infrastructure provided during onboarding to configure the Service, such as server details, IP ranges, and integration endpoints.
2.2 Information Collected Automatically
IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our Website.
Server logs including access times, error logs, and request details.
We use Google Analytics to collect aggregate usage statistics about our Website. Google Analytics uses cookies and similar technologies to collect information about how visitors use our Website.
2.3 Security Telemetry Data
In the course of providing the Service, our Agent software and platform collect security telemetry data, including system logs, network events, authentication events, and other security-relevant data. This data may incidentally contain personal information (such as usernames, email addresses, or IP addresses of your employees or end-users). The processing of this data is governed by our Data Processing Agreement (DPA).
We use cookies and similar tracking technologies on our Website. You can manage your cookie preferences through your browser settings. For Google Analytics, you can opt out by installing the Google Analytics Opt-Out Browser Add-on.
We use personal information for the following purposes:
Under Canadian privacy law, we process personal information based on the following legal grounds:
We do not sell, rent, or trade your personal information. We may share personal information in the following limited circumstances:
Important: We do not share security telemetry data between customers. Each customer's data is isolated using database-per-tenant architecture.
Our infrastructure is hosted in Canadian data centres, and we require all subprocessors who handle personal data to maintain their processing operations within Canada. This commitment is reflected in our Data Processing Agreement.
In the limited case where a third-party service provider (such as a payment processor) may process data outside of Canada, we ensure that adequate contractual safeguards are in place in accordance with PIPEDA and applicable provincial privacy legislation.
We implement and maintain commercially reasonable administrative, technical, and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction:
While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-appropriate safeguards.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
When personal information is no longer needed, we securely delete or anonymize it using commercially reasonable methods.
Under Canadian privacy law, including PIPEDA, BC PIPA, and Quebec Law 25, you have the following rights:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, as required by applicable law. We may require verification of your identity before processing your request.
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC), the Commission d'accès à l'information du Québec (CAI), or your relevant provincial privacy commissioner.
VimyHQ is a business-to-business service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
Our Website and Service may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party website you visit. This Privacy Policy applies only to VimyHQ and vimyhq.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this policy and post the revised version on our Website.
For material changes that significantly affect how we handle your personal information, we will provide prominent notice on our Website or through the Service, and where required by law, obtain your consent.
We comply with Canada's Anti-Spam Legislation (CASL) in all electronic communications. We will only send you commercial electronic messages (CEMs) where we have your express or implied consent, as permitted by CASL.
Every marketing email we send includes clear identification of BluePeak Systems Inc. as the sender, our contact information, and a functional unsubscribe mechanism. You can withdraw your consent to receive marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected]. We will process your unsubscribe request within 10 business days, as required by CASL.
Service-related communications (such as security alerts, billing notices, and account notifications) are not considered CEMs under CASL and are necessary for the performance of our contract with you.