EVODANT GROUP INC.

Datenschutzerklärung

Zuletzt aktualisiert: January 10, 2026

1. Introduction and Scope

Evodant Group Inc. ("Evodant," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with us, our websites, and our products and services.

This policy applies to Evodant Group Inc. and its operating subsidiary Symbiogent.

Role of Evodant:

  • As Controller: We act as a Data Controller for information we collect about visitors to our websites, our marketing leads, employment candidates, and our direct business contacts. Government clients may act as independent controllers.
  • As Processor: When providing services to our enterprise and government clients (e.g., when we secure a facility or analyze a dataset provided by a client), we act as a Data Processor (or Service Provider). In these cases, our Client's privacy policies govern the data, and we process it strictly according to their contractual instructions.

2. Information We Collect

A. Information You Provide

  • Account & Registration Data: Name, email address, phone number, job title, and organization name when you register for a demo, account, or newsletter.
  • Billing Data: Payment information and billing addresses (processed via secure payment gateways).
  • Support & Communications: Content of messages sent to our support teams or feedback provided on our platforms.

B. Information Collected Automatically

  • Usage Data: Pages visited, time spent on pages, clicks, interactions, and navigation patterns within our dashboards.
  • Device & Log Data: IP address, browser type, operating system, device information and identifiers, and crash data.
  • Telemetry: System performance metrics, logs, and heartbeat signals from protected infrastructure.

C. Information from Third Parties & Public Sources

  • Publicly Available Information (PAI) (Symbiogent Specific): Symbiogent's intelligence platforms may index and analyze data from publicly available sources (e.g., news outlets, public blogs, open databases) for threat intelligence purposes.
  • Enrichment Data: We may use third-party services to verify business contact or publicly available information.

D. Statutory and Contractual Requirement to Provide Data

  • Contractual Requirement: Most personal data we collect (e.g., Account Data) is required to enter into a contract with us to use our services. Failure to provide this data means we will be unable to provide the services or create your account.
  • Statutory Requirement: In certain instances, providing data is a statutory requirement (e.g., tax laws requiring us to collect specific billing details). Failure to provide this data may prevent us from processing transactions or complying with tax obligations, resulting in the suspension of services.

3. How We Use Your Information

We use your data for the following purposes:

Purpose Description
Service Delivery To provide, operate, and maintain our platforms and engineering services
Security & Protection To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible.
AI Improvement To refine our neurosymbolic logic and detection algorithms. We do NOT train our public AI models on confidential Client Data without explicit permission..
Communications To send you technical notices, updates, security alerts, and support messages.
Marketing To send you information about new features, promotions, and services (subject to your opt-out rights).
Profiling To analyze user behavior on our site to tailor marketing content (see Section 10).
Legal Compliance To comply with applicable laws, lawful requests, and legal process (e.g., responding to subpoenas).

4. Legal Bases for Processing (EEA/UK)

For individuals in the European Economic Area (EEA) and the United Kingdom, we rely on the following legal bases:

  • Performance of Contract: Processing necessary to provide the services you subscribed to.
  • Legitimate Interest: To improve our AI models, ensure network security, conduct B2B marketing, and prevent fraud.
  • Consent: For non-essential cookies and specific marketing communications. You may withdraw consent at any time.
  • Legal Obligation: To maintain records for tax authorities or respond to law enforcement.

5. Data Sharing and Disclosure

We do not sell your personal data. We disclose data only as follows:

  • Affiliates: Between Evodant and Symbiogent for unified billing and support.
  • Service Providers: Trusted third-party vendors (Sub-processors) for cloud hosting (e.g., Scaleway, AWS, Google), payment processing, and customer support.
  • Legal Requirements: We may disclose information to law enforcement or national security agencies if compelled by a valid court order or subpoena.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.

6. International Data Transfers

Evodant is headquartered in Manitoba, Canada. Your data may be processed in Canada, the United States, the UK, the EU, or Australia.

  • Adequacy: Transfers from the EEA/UK to Canada are covered by the European Commission's Adequacy Decision regarding Canada (PIPEDA).
  • Safeguards for Other Transfers: For transfers to countries without an adequacy decision (e.g., to the U.S. or Australia), we utilize Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO.
  • Supplementary Measures: We conduct Transfer Impact Assessments (TIAs) and implement supplementary technical measures (such as encryption at rest and in transit) to ensure data remains protected against unauthorized foreign access.

7. Security Measures

We employ "Defence-in-Depth" strategies:

  • Encryption: Data is encrypted at rest and in transit.
  • Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
  • Physical Security: Hosting in Tier III/IV data centers with biometric entry controls.

8. Data Retention

We retain personal data only as long as necessary:

  • Client Account Data: Duration of contract + 7 years (for tax/audit purposes).
  • Marketing Data: Until you opt-out or after 24 months of inactivity.
  • System Logs: Up to 12 months, unless required for a security investigation.

9. Your Privacy Rights

You have specific rights based on your jurisdiction.

A. Canada (Including Québec Law 25)

  • Access & Rectification: Right to access your personal information and correct inaccurate data.
  • Data Portability: Right to receive your computerized personal information in a structured, commonly used technological format.
  • De-indexation: Right to request that we cease disseminating your information or de-index it from search results under specific circumstances.
  • Withdraw Consent: Right to withdraw consent for secondary uses.
  • Automated Decision Information: Right to be informed if a decision is based exclusively on automated processing.

B. EEA / UK (GDPR)

  • Right to Access: Obtain confirmation as to whether or not your personal data is being processed.
  • Right to Rectification: Correct inaccurate personal data.
  • Right to Erasure: Request deletion of your data ("Right to be Forgotten").
  • Right to Restriction: Request restriction of processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Lodge a Complaint: You have the right to lodge a formal complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

C. United States (Multi-State Privacy Laws)

Residents of California (CCPA/CPRA), Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other states with comprehensive privacy laws have the following rights:

  • Right to Know/Access: Confirm whether we are processing your personal data and access that data.
  • Right to Delete: Request deletion of personal data provided by or obtained about you.
  • Right to Correct: Correct inaccuracies in your personal data.
  • Right to Limit Sensitive Data: Limit the use and disclosure of sensitive personal information.
  • Do Not Sell/Share: Opt-out of the "sale" or "sharing" of personal data for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising these rights.
  • Right to Appeal: If we decline to take action regarding your request, you may appeal our decision by contacting us at the email below.

D. Australia (Privacy Act 1988)

  • Access & Correction: Right to access and correct personal information held by us.
  • Complaints: Right to complain to us or the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, please contact our Privacy Officer at privacy@evodant.com.

10. Automated Decision-Making and Profiling

A. Existence of Automated Decision-Making (GDPR Art. 22)

We do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly, significantly affects you.

B. Use of AI in Products

While Evodant and it's subsidiaries develops AI products, these tools are designed to support human decision-making ("human-in-the-loop").

  • Profiling for Marketing: We may use automated tools to analyze website visitor behavior (profiling) to tailor our marketing strategies. You have the Right to Object to this profiling at any time.

11. Cookies and Tracking Technologies

We use cookies to analyze traffic and maintain sessions.

  • Categories:
    • Strictly Necessary: Required for site function (Legal Basis: Contract/Legitimate Interest).
    • Performance/Analytics: Analyze site usage (Legal Basis: Consent).
    • Functional/Marketing: enable enhanced functionality and tracking (Legal Basis: Consent).
  • Consent Withdrawal: You have the right to withdraw your consent for non-essential cookies at any time via your browser settings or by visiting our Cookie Policy.
  • Cookie Policy: For detailed information on specific cookies served, please view our full Cookie Policy.

12. Children's Privacy

Our services are B2B and directed at professionals. We do not knowingly collect data from children under the age of 16 (or under 13 in the U.S.). If we become aware that we have collected personal data from a child under the relevant age without parental consent, we will take steps to remove that information.

13. Data Breach Notification

Where required by applicable law, we will notify affected individuals and regulators of data breaches involving personal information.

14. Contact Us

If you have questions about this policy or our privacy practices, please contact our Chief Privacy Officer (CPO):

Evodant Group Inc.
Attn: Chief Privacy Officer
Email: privacy@evodant.com
Address: 23 - 845 Dakota St. #328, Winnipeg, MB Canada R2M 5M3

If you are unsatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the relevant local authority.