Privacy Policy

This Privacy Policy explains how Apturio Solutions Inc. (“Apturio,” “we,” “us,” or “our”) collects, uses, discloses, retains, protects, and otherwise processes personal information when you visit our websites, use our customer relationship management, automation, artificial intelligence, communication, support, booking, payment, and related services, interact with our forms, funnels, websites, chat widgets, email, SMS, WhatsApp, social messaging, phone, support portal, or other channels, or otherwise communicate with us.

Apturio is a Québec-based company. This Privacy Policy is intended to comply with applicable Canadian and Québec privacy legislation, including the Act respecting the protection of personal information in the private sector, the Personal Information Protection and Electronic Documents Act, Canada’s Anti-Spam Legislation, and other applicable privacy, communications, consumer protection, and data protection laws.

This Privacy Policy should be read together with our Terms of Service, Data Processing Agreement, Acceptable Use Policy, Cookie Policy, and any applicable order form, service agreement, or product-specific terms.

IMPORTANT PLATFORM AND PAYMENT NOTICE

Apturio uses GoHighLevel / HighLevel / LeadConnector technology as a core platform provider for CRM, marketing automation, websites, funnels, forms, calendars, messaging, workflow automation, reporting, and related platform functions. When you use Apturio services, some personal information may be stored, processed, transmitted, or made available through the GoHighLevel / HighLevel / LeadConnector platform and its infrastructure, subprocessors, and integrated services.

Apturio uses Stripe as its primary payment processor. Payment card numbers, card security codes, and certain bank or payment credentials are processed directly by Stripe or other authorized payment processors and are not intended to be stored by Apturio in full. Apturio may receive payment-related information such as customer name, billing email, billing address, transaction amount, subscription status, invoice status, payment status, product or plan purchased, partial card information, tax information, and payment processor identifiers.

1. WHO IS RESPONSIBLE FOR PERSONAL INFORMATION

For personal information that Apturio collects directly from visitors, leads, customers, users, suppliers, partners, and support contacts for Apturio’s own business purposes, Apturio is generally responsible for determining the purposes and means of processing.

For personal information that a customer uploads, stores, submits, or otherwise processes through Apturio services for the customer’s own business purposes, the customer may be responsible for that information, and Apturio may act as a service provider or processor. In that case, Apturio processes the information in accordance with the customer’s instructions, the Terms of Service, the Data Processing Agreement, and applicable law.

If you are an end user, lead, patient, client, consumer, or contact of one of Apturio’s customers, you should also review that customer’s privacy policy because the customer may determine how your information is collected and used.

2. PRIVACY OFFICER

Apturio has designated a person responsible for the protection of personal information.

Privacy Officer

Apturio Solutions Inc.

Email: [email protected]

Website: https://legal.apturio.com

You may contact the Privacy Officer to ask questions about this Privacy Policy, exercise your privacy rights, submit a complaint, request access to or correction of personal information, withdraw consent where applicable, ask about cross-border transfers, or request information about Apturio’s privacy practices.

3. PERSONAL INFORMATION WE COLLECT

Depending on how you interact with Apturio, we may collect the following categories of personal information:

(a) Identity and contact information, such as name, company name, job title, email address, phone number, mailing address, billing address, business address, language preference, and account identifiers.

(b) Account and subscription information, such as login credentials, account settings, user roles, permissions, subscription plan, purchased products, order history, invoice history, renewal information, cancellation requests, support plan, implementation status, onboarding status, and customer identifiers.

(c) CRM and customer relationship information, such as lead status, pipeline stage, opportunity records, sales notes, tasks, appointments, tags, custom fields, form submissions, survey responses, chat conversations, workflow history, campaign membership, and sales or support interactions.

(d) Communications information, such as emails, SMS messages, WhatsApp messages, social media messages, chat widget messages, call recordings where enabled and permitted, call logs, voicemail, meeting notes, support tickets, attachments, and metadata about the communication.

(e) Booking and appointment information, such as calendar availability, appointment date and time, appointment type, assigned user, location, meeting link, notes, cancellation or rescheduling status, and reminder preferences.

(f) Payment and billing information, such as plan purchased, subscription status, invoice amount, tax amount, payment status, partial card details, payment method type, Stripe customer ID, Stripe subscription ID, Stripe invoice ID, refunds, chargebacks, discounts, coupons, and payment processor transaction identifiers. Full card details are processed by Stripe or another authorized payment processor.

(g) Website, device, and usage information, such as IP address, browser type, device type, operating system, referring URL, pages visited, time spent, session data, cookie identifiers, tracking identifiers, form interaction data, advertising identifiers, approximate location derived from IP address, and usage logs.

(h) Marketing and preference information, such as marketing consent, opt-in or opt-out status, communication preferences, campaign engagement, email opens, link clicks, lead source, attribution source, advertising campaign identifiers, and referral information.

(i) Support and service information, such as implementation requests, technical issue details, screenshots, logs, diagnostic data, service configuration, platform settings, support ticket status, and troubleshooting information.

(j) Artificial intelligence and automation information, such as AI chatbot interactions, prompts, generated responses, workflow triggers, automation outcomes, AI usage metrics, call or message summaries, transcription outputs where enabled, and quality review notes.

(k) Compliance and security information, such as authentication logs, audit logs, fraud prevention signals, abuse reports, consent records, opt-out records, suppression lists, incident reports, and records required to comply with law.

We do not intentionally collect sensitive personal information unless it is necessary for a specific service, you provide it to us, a customer configures Apturio services to collect it, or the collection is otherwise permitted or required by law. Sensitive personal information may include health information, financial information, government identification information, information concerning minors, biometric information, or other information considered sensitive under applicable law. Customers are responsible for ensuring that their use of Apturio services to collect sensitive information is lawful, properly disclosed, and based on valid consent or another lawful basis.

4. HOW WE COLLECT PERSONAL INFORMATION

We may collect personal information directly from you when you create an account, buy a subscription, complete a form, book a meeting, contact support, participate in onboarding, communicate with us, respond to a survey, attend a webinar, interact with our website, use our chat widget, or otherwise provide information to us.

We may collect personal information from Apturio customers when they upload, import, store, or process personal information through the services.

We may collect personal information automatically through cookies, pixels, tracking code, analytics tools, logs, CRM tracking, website forms, workflow automation, email tracking, messaging integrations, and other digital technologies.

We may collect personal information from third parties and integrated services, including GoHighLevel / HighLevel / LeadConnector, Stripe, Google Workspace, calendar providers, email and messaging providers, advertising platforms, analytics providers, identity or authentication providers, support tools, and other integrations enabled by Apturio or by the customer.

5. HOW WE USE PERSONAL INFORMATION

Apturio may use personal information for the following purposes:

(a) To provide, operate, configure, maintain, and support the services.

(b) To create and manage accounts, subscriptions, users, roles, permissions, onboarding, and customer records.

(c) To process payments, subscriptions, invoices, taxes, refunds, chargebacks, renewals, and collections through Stripe or other authorized payment providers.

(d) To provide CRM, pipeline management, marketing automation, sales automation, customer support, booking, messaging, website, funnel, form, reporting, and AI-enabled functionality.

(e) To send transactional communications, service notices, appointment reminders, support responses, onboarding messages, payment notices, security notices, and administrative messages.

(f) To send marketing communications where permitted by law, including newsletters, offers, educational content, product updates, event invitations, and promotional messages.

(g) To personalize the services, improve user experience, measure engagement, analyze performance, and optimize campaigns.

(h) To provide artificial intelligence, automation, chatbot, message generation, transcription, summarization, workflow recommendation, and related functionality.

(i) To monitor security, prevent fraud, detect abuse, enforce policies, investigate incidents, protect systems, and maintain service integrity.

(j) To comply with legal, tax, accounting, regulatory, contractual, and audit obligations.

(k) To manage business operations, customer relationships, vendor relationships, partner programs, referrals, support, training, implementation, and professional services.

(l) To protect Apturio’s rights, property, customers, users, personnel, and third parties.

6. LEGAL BASES AND CONSENT

We collect, use, and disclose personal information only where we have a lawful basis to do so. Depending on the context, this may include consent, performance of a contract, compliance with legal obligations, legitimate business interests where permitted by law, protection of security and integrity, or another lawful basis recognized under applicable law.

Where consent is required, we will seek consent in a manner appropriate to the sensitivity of the personal information, the reasonable expectations of the individual, and the circumstances. Consent may be express or implied, unless express consent is required by law.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide certain services.

7. QUEBEC-SPECIFIC PRIVACY COMMITMENTS

Where Québec privacy law applies, Apturio will apply the following commitments:

(a) Privacy Officer. Apturio identifies a person responsible for the protection of personal information and provides contact information in this Privacy Policy.

(b) Privacy by Default. Where Apturio offers configurable privacy settings to the public, the settings will be configured to provide the highest level of confidentiality by default where required by law, except where the settings are not subject to that requirement.

(c) Transparency. Apturio will provide clear information about the purposes of collection, the means of collection, the rights of individuals, the categories of persons who may access personal information within Apturio, the categories of third parties to whom information may be disclosed, and the possibility that information may be communicated outside Québec.

(d) Cross-Border Transfers. Before communicating personal information outside Québec where required by law, Apturio will conduct an assessment of privacy-related factors and will use contractual, organizational, and technical safeguards designed to ensure that the information receives adequate protection in light of applicable privacy principles.

(e) Confidentiality Incidents. Apturio will take reasonable steps to reduce the risk of injury if a confidentiality incident occurs. Where an incident presents a risk of serious injury, Apturio will notify affected individuals and the Commission d’accès à l’information du Québec as required by law and will maintain records of confidentiality incidents.

(f) Automated Decisions. If Apturio uses personal information to make a decision based exclusively on automated processing that produces legal effects or otherwise significantly affects an individual, Apturio will provide the information required by law, including the fact that automated processing is used, the information used to make the decision, the reasons and principal factors leading to the decision, and the individual’s right to submit observations and request correction where applicable.

(g) De-indexation and Re-indexation. Where required by law, individuals may request that Apturio cease disseminating personal information, de-index a hyperlink attached to their name, or re-index a hyperlink where the legal conditions are met.

(h) Sensitive Information. Apturio will use sensitive personal information only for purposes and on legal bases permitted by law and will apply safeguards appropriate to the sensitivity of the information.

8. USE OF GOHIGHLEVEL / HIGHLEVEL / LEADCONNECTOR PLATFORM

Apturio uses GoHighLevel / HighLevel / LeadConnector as a core technology platform. This platform may support CRM records, contact management, lead capture, pipeline management, automation workflows, websites, funnels, forms, surveys, calendars, email, SMS, WhatsApp, social messaging, phone services, chat widgets, membership sites, customer portals, analytics, reporting, AI tools, and other operational functions.

Personal information processed through this platform may include contact details, CRM records, communications, appointment data, marketing consent records, campaign activity, website tracking data, form submissions, support information, user activity, account configuration, and other data described in this Privacy Policy.

Apturio may configure and operate the platform for its own business and for customer accounts. Customers are responsible for their own use of the platform, including the legality of their data collection, marketing communications, messaging campaigns, tracking technologies, consent management, and customer-facing privacy disclosures.

GoHighLevel / HighLevel / LeadConnector and related service providers may process personal information in the United States and other jurisdictions. Apturio will use reasonable contractual and organizational safeguards for such processing where required by applicable law.

9. USE OF STRIPE FOR PAYMENTS

Apturio uses Stripe as its primary payment processor for subscriptions, invoices, payment links, checkout pages, payment methods, taxes, refunds, chargebacks, and related billing functions.

When you make a payment or maintain a subscription, Stripe may collect and process payment information, billing information, authentication information, fraud prevention information, device information, and transaction information. Apturio receives limited payment-related information necessary to manage subscriptions, invoices, payment status, customer accounts, taxes, reconciliation, and support.

Apturio does not intend to collect or store full credit card numbers or card security codes. You should not send payment card numbers, card security codes, banking credentials, or other sensitive payment credentials to Apturio by email, chat, support ticket, SMS, WhatsApp, or social message.

10. ARTIFICIAL INTELLIGENCE, AUTOMATION, AND CHATBOTS

Apturio may provide AI-enabled features, including conversational assistants, automated message generation, response suggestions, workflow automation, lead qualification, appointment booking assistance, call or message summaries, transcription, sentiment or intent classification, and analytics.

AI outputs may be inaccurate, incomplete, or inappropriate for certain use cases. Customers are responsible for reviewing, configuring, supervising, and validating AI-enabled workflows and communications, especially where the information is sensitive, regulated, medical, financial, legal, employment-related, or otherwise high-impact.

Apturio does not use customer personal information to train Apturio-controlled AI models unless permitted by the applicable agreement, consent, configuration, or law. Third-party AI providers or platform providers may process AI-related inputs and outputs as service providers or subprocessors depending on the service configuration.

11. COOKIES, TRACKING TECHNOLOGIES, AND ANALYTICS

Apturio and its service providers may use cookies, pixels, tags, scripts, local storage, tracking code, analytics tools, and similar technologies to operate websites, remember preferences, secure sessions, measure performance, analyze traffic, support marketing, attribute campaigns, and improve services.

Depending on the services enabled, Apturio or its customers may use tracking technologies on websites, funnels, forms, landing pages, emails, and messages. These technologies may collect IP address, browser data, device data, session activity, referring source, campaign information, page views, clicks, form activity, and similar digital interaction data.

Where required by law, we or our customers will provide notice and obtain consent for cookies or tracking technologies. Customers are responsible for their own cookie banners, tracking disclosures, consent mechanisms, and website privacy notices when using Apturio services on customer websites or digital properties.

12. MARKETING COMMUNICATIONS AND ELECTRONIC MESSAGES

Apturio may send marketing communications where permitted by law. You may unsubscribe from marketing emails by using the unsubscribe link in the message or contacting us. Even if you opt out of marketing communications, we may continue to send transactional, security, legal, billing, support, and service-related communications.

Customers using Apturio services to send emails, SMS, WhatsApp messages, social messages, phone calls, or other electronic communications are responsible for complying with applicable anti-spam, telemarketing, consent, platform, and messaging laws and rules, including Canada’s Anti-Spam Legislation and applicable carrier, Meta, WhatsApp, email, and advertising platform requirements.

13. WHEN WE DISCLOSE PERSONAL INFORMATION

Apturio may disclose personal information to the following categories of recipients:

(a) Platform providers, including GoHighLevel / HighLevel / LeadConnector.

(b) Payment processors, including Stripe.

(c) Cloud hosting, infrastructure, security, storage, backup, monitoring, and logging providers.

(d) Email, SMS, WhatsApp, telephony, social messaging, chat, calendar, and communication providers.

(e) Analytics, advertising, attribution, reporting, and campaign measurement providers.

(f) AI, automation, transcription, workflow, and productivity providers.

(g) Support, ticketing, documentation, implementation, training, and professional services providers.

(h) Tax, accounting, legal, audit, compliance, banking, and business operations providers.

(i) Affiliates, contractors, consultants, and personnel who need access for authorized business purposes.

(j) Customers, where the information relates to the customer’s account, users, leads, contacts, communications, campaigns, or services.

(k) Regulators, courts, law enforcement, public authorities, or other parties where required or permitted by law.

(l) Parties involved in a business transaction, such as a merger, acquisition, financing, reorganization, sale of assets, due diligence process, or similar transaction, subject to appropriate safeguards.

Apturio does not sell personal information in the ordinary meaning of selling a list of customer personal information for money. Certain advertising, analytics, tracking, or platform activities may be considered “sharing,” “targeted advertising,” or similar concepts under some privacy laws. Where such laws apply, Apturio will provide required notices and opt-out mechanisms.

14. INTERNATIONAL AND CROSS-BORDER PROCESSING

Apturio, its platform providers, payment processors, infrastructure providers, support providers, and other service providers may process personal information in Canada, the United States, and other jurisdictions. Privacy laws in those jurisdictions may differ from the laws of your province, state, or country.

Where required by law, Apturio will assess privacy risks associated with cross-border disclosures and use contractual, technical, and organizational safeguards designed to protect personal information. Personal information processed outside Québec or Canada may be subject to lawful access by courts, law enforcement, regulators, or national security authorities in those jurisdictions.

15. RETENTION OF PERSONAL INFORMATION

Apturio retains personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, to provide the services, to comply with legal, tax, accounting, contractual, and audit obligations, to resolve disputes, to enforce agreements, to maintain security, and to protect legitimate business interests.

Retention periods may vary depending on the type of information, the sensitivity of the information, the account status, the service configuration, legal requirements, and customer instructions.

Customer data processed on behalf of customers is retained and deleted in accordance with the applicable agreement, service configuration, product-specific terms, and Data Processing Agreement. Backups, logs, and archived records may be retained for a limited period in accordance with security, continuity, legal, and deletion practices.

16. SECURITY SAFEGUARDS

Apturio uses reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, unauthorized disclosure, copying, misuse, modification, and destruction. Safeguards may include access controls, authentication, encryption where appropriate, logging, monitoring, role-based permissions, least-privilege access, vendor review, contractual safeguards, employee or contractor confidentiality obligations, and incident response procedures.

No system is completely secure. Customers and users are responsible for protecting account credentials, configuring permissions appropriately, using strong passwords and multi-factor authentication where available, limiting access to authorized users, and avoiding the transmission of sensitive information through insecure channels.

17. YOUR PRIVACY RIGHTS

Subject to applicable law and verification of identity, you may have the right to:

(a) Request access to personal information we hold about you.

(b) Request correction of inaccurate, incomplete, or outdated personal information.

(c) Request deletion of personal information where legally available.

(d) Withdraw consent where processing is based on consent.

(e) Object to or restrict certain processing where legally available.

(f) Request information about how personal information is collected, used, disclosed, retained, or transferred outside Québec or Canada.

(g) Request information about automated decision-making where required by law.

(h) Request de-indexation, cessation of dissemination, or re-indexation where applicable under Québec law.

(i) Submit a complaint to Apturio or to a privacy regulator.

To exercise your rights, contact [email protected]. We may need to verify your identity before responding. If your request relates to information controlled by one of Apturio’s customers, we may direct you to that customer or assist the customer in responding, depending on the circumstances and applicable agreement.

18. CHILDREN AND MINORS

Apturio services are not intended for use by children under the age of 14, and we do not knowingly collect personal information directly from children under 14 without valid consent from a parent, guardian, or other person authorized by law. Customers are responsible for configuring their use of the services in compliance with applicable rules regarding minors.

19. CUSTOMER RESPONSIBILITIES

Customers using Apturio services are responsible for:

(a) Providing legally required privacy notices to their own customers, leads, patients, clients, website visitors, and contacts.

(b) Obtaining required consents for marketing, tracking, cookies, SMS, WhatsApp, email, calls, AI-enabled communications, and sensitive information.

(c) Ensuring that imported, uploaded, or collected personal information was obtained lawfully.

(d) Configuring workflows, permissions, integrations, AI tools, and data retention in a lawful and appropriate manner.

(e) Responding to privacy requests from individuals where the customer controls the personal information.

(f) Avoiding the collection of unnecessary sensitive personal information.

(g) Complying with industry-specific laws that apply to the customer, including healthcare, financial, professional, consumer protection, or employment laws where applicable.

20. THIRD-PARTY WEBSITES AND SERVICES

Apturio services may link to or integrate with third-party websites, platforms, applications, and services. We are not responsible for the privacy practices of third parties that are not acting as our service providers. Your use of third-party services may be governed by their own terms and privacy policies.

21. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our services, technology, platform providers, payment providers, legal requirements, or business practices. The updated version will be posted at https://legal.apturio.com/privacy-policy or another Apturio legal page. The “Last Updated” date indicates when the policy was last revised.

Where required by law, we will provide additional notice or obtain consent for material changes.

22. HOW TO CONTACT US

Apturio Solutions Inc.

Privacy Officer

Email: [email protected]

Website: https://legal.apturio.com

If you have a privacy question, request, or complaint, please contact us at [email protected]. We will review and respond in accordance with applicable law.