A7CONTROL Logo

Privacy Policy

Last updated: 17th June 2024

At A7CONTROL, we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, process, and store your personal data, and your rights regarding that data.

As an asset management platform, we maintain a careful balance between data privacy and essential business record-keeping.

1. Data Controller

The data controller for A7CONTROL is A7CONTROL, Inc. The company is responsible for ensuring that your personal data is processed in accordance with this privacy policy and applicable laws.

2. Information We Collect

We collect several types of personal and organizational data, including:

  • Names and Email addresses
  • Profile Pictures and Team Member Names
  • Asset custody records and equipment check-out / check-in history
  • Booking and reservation records
  • Asset modification logs and audit trails

3. Purpose of Data Collection

We collect this data to:

  • Identify you as a user and grant access to our cloud product.
  • Communicate with you and provide professional customer support.
  • Maintain accurate business records of asset custody and usage.
  • Enable organizations to track their equipment effectively and provide audit trails.
  • Support legitimate business documentation and security needs.

4. Data Processor & Security

We use Supabase as our primary database provider. They process and store your data with bank-grade security measures. Our security infrastructure includes:

  • TLS 1.3 encryption for all data in transit.
  • AES-256 encryption for all stored (at-rest) data.
  • Strict access controls and regular security audits.

5. Data Retention

For active accounts, we retain your data as long as necessary to fulfill service purposes. For deleted accounts:

  • Essential business records (asset custody, check-out history, booking records) are retained as they constitute permanent business logs required for audits and legal compliance.
  • Personal profile data is deleted or anonymized upon account closure.

6. Your Rights and Choices

You have the right to access, correct, or delete your personal information. However, please note that certain data, such as asset custody records and equipment check-out history, must be maintained for legitimate business purposes and cannot be deleted as they constitute essential business records.

7. European Users and GDPR

We align with GDPR requirements. While we respect the "right to be forgotten," much of our data processing falls under legitimate business and legal requirements (GDPR Article 17) that override erasure rights for asset handling and business operations documentation.

8. Quebec Residents Section (Law 25)

In compliance with Quebec's Law 25, we have appointed a Privacy Officer to oversee our personal information protection compliance.

  • Privacy Officer: Our technical management is officially designated as the Person in charge of the protection of personal information.
  • Contact Information: privacy@a7control.com
  • Transfers outside of Quebec: Your data is stored via our processor Supabase (hosting via AWS Canada-Central in Montreal/Toronto). By using our services, you formally acknowledge and consent to this transfer within Canada.
  • Incident Management: In the event of a confidentiality incident involving a risk of serious injury, we will notify you and the Commission d'accès à l'information (CAI).

9. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact our data protection team at support@a7control.com.

By using A7CONTROL, you acknowledge that you have read, understood, and agree to these enterprise terms.