Skip to content
FortaRisks

Privacy Policy

Last updated: September 1, 2025

This Privacy Policy explains how FortaRisks CyberSecurity Inc. ("FortaRisks", "we", "us") collects, uses, discloses and protects personal information in connection with the FortaRisks platform (the "Platform"), this website and related services (the "Services").

1. What we do

FortaRisks is a B2B SaaS cybersecurity risk management platform. We process professional and account-related information to create and manage accounts, secure access, deliver the Services, bill customers, provide support and improve our products.

2. Information we collect

  • Business identity and contact: name, job title, business email, business phone, organization.
  • Account and access: SSO and MFA usage, roles and permissions, access logs and audit trails.
  • Usage and technical: actions performed, device and browser metadata, IP address, time zone and other technical identifiers.
  • Customer-provided content: content you upload, enter or generate through the Services, including items relating to risk and compliance.

3. Why we collect it

To provide and operate the Services, secure the Services, manage billing and customer relationships, measure and improve the product, and communicate with users.

4. Legal bases and consent

We rely on performance of a contract, legitimate interests where permitted (for example security and fraud prevention), and consent when required. B2B marketing only happens with opt-in.

5. Hosting and data residency

By default, customer data is hosted in Canada. At onboarding, you may choose hosting in the United States or the European Union, where available. Transfers outside Québec or Canada, where necessary (for example support), are covered by contractual safeguards.

6. Sharing with service providers

We use vendors to help us operate the Services, such as cloud hosting, email delivery, monitoring and support. We do not sell personal information.

7. Cookies and similar technologies

We use strictly necessary cookies, analytics with consent, and B2B marketing cookies only with opt-in consent. See our Cookie Policy.

8. AI features and automated decision-making

Actions with meaningful impact require human review, and relevant activity is logged. We do not use AI for marketing profiling without consent.

9. Security

Encryption in transit and at rest, SSO and MFA support, granular role-based access control, audit logging and monitoring, encrypted backups, vulnerability management and an incident response process.

10. Retention

We retain personal information only for as long as necessary to fulfill the purposes described above, after which we securely delete or de-identify it.

11. Your rights (Canada / Québec)

You may request access to or a copy of your personal information, ask us to correct it, withdraw consent for non-essential processing, and request deletion where legally permitted.

12. Updates to this policy

The "Last updated" date above indicates when the latest version took effect.

13. Contact

For privacy questions, contact privacy@fortarisks.com. FortaRisks CyberSecurity Inc., 108 Rue Alfred Desrochers, Saint-Augustin-de-Desmaures (QC) G3A 2T1, Canada.