Skip to main content
EasyMark
ENFR
Get started free
Back to home

Legal

Privacy Policy

Last updated: May 6, 2026Version 1.1

Privacy Policy

This Privacy Policy explains how SZTek Inc., doing business as EasyMark ("SZTek", "EasyMark", "we", "us", or "our"), collects, uses, discloses, and protects personal information when you use the EasyMark platform, websites, mobile and desktop applications, APIs, and related services (the "Service"). It is designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and other Canadian privacy laws applicable to us, together with international frameworks where they apply.

1. Who We Are and How to Reach Us

SZTek Inc. is the controller of personal information processed about EasyMark account holders, prospects, and visitors. For business-to-business customers, SZTek typically acts as a service provider (processor) for personal information that you upload or generate through the Service in respect of your own contacts, audiences, and clients. The roles, responsibilities, and processing instructions for that data are governed by these terms and by the Data Processing Addendum (where applicable).

Privacy Officer: privacy@easymark.ca — SZTek Inc., Attention: Privacy Officer, Vaughan, Ontario, Canada. We will respond to verifiable requests within the timeframes required by applicable law.

2. The Information We Collect

We collect personal information in the following categories:

  • Account information — name, email address, password (hashed), language preference, role within your organization, time zone, multi-factor authentication settings.

  • Billing information — billing name, billing address, tax registration number, last four digits of payment method, transaction history. Full payment-card data is collected directly by Stripe and is not retained by SZTek.

  • Content you provide — business documents, brand assets, prompts, marketing content, contact lists, audiences, integrations and credentials, support messages.

  • Service usage data — feature interactions, page views, button clicks, agent activity logs, AI prompt and output metadata, error reports, performance metrics.

  • Technical data — IP address, device identifiers, browser type and version, operating system, referrer URL, cookies and similar technologies (see our Cookie Policy).

  • Third-party data — data we receive when you connect a third-party platform (e.g., social network OAuth tokens, analytics, ad-account metrics) and data lawfully obtained from public sources.

  • Communications — support tickets, feedback, survey responses, email correspondence with us.

We do not knowingly collect personal information from children under the age of majority in their jurisdiction. The Service is intended for use by businesses and adult professionals.

3. How We Use Personal Information

We use personal information to:

  • provide, operate, secure, and improve the Service, including running the autonomous marketing workflows you configure;

  • create accounts, authenticate users, and manage subscriptions and billing;

  • generate AI Output and execute requested actions on connected channels;

  • provide customer support, respond to inquiries, and maintain quality records;

  • send transactional and service communications, security alerts, and product announcements;

  • send marketing communications where lawful (you may opt out at any time);

  • detect, prevent, and respond to fraud, abuse, security incidents, and violations of our policies;

  • conduct analytics, research, benchmarking, and product development, including using aggregated and de-identified data;

  • comply with legal, regulatory, and contractual obligations and protect our rights and the rights of others.

4. Lawful Bases and Consent

We rely on the following bases under applicable Canadian law: (a) contract — to provide the Service to you; (b) consent — express or implied, where required (you may withdraw at any time, subject to legal or contractual restrictions); (c) legitimate interests — to secure, improve, and market the Service in a manner proportionate to the privacy impact; and (d) legal obligation — to comply with law, court orders, or regulatory requests.

5. AI and Model Training

We do not use Customer Content to train foundation models for the benefit of unrelated third parties. We do use Customer Content, prompts, and outputs to operate the Service for you, to debug, to improve safety, and to produce aggregated and de-identified analytics for product development. Where you use BYO-AI provider keys, prompts and outputs are transmitted to and processed by the third-party provider you choose, subject to that provider's terms and privacy policy; we are not responsible for that processing.

6. How We Disclose Personal Information

We disclose personal information only as described below:

  • Sub-processors who help us deliver the Service (cloud hosting, database, email delivery, payments, analytics, AI providers, developer tools). The current list is published in our Sub-Processor List and is updated as it changes.

  • At your direction, including to social platforms, ad networks, email recipients, and other channels you configure.

  • Within your organization — to other authorized users on your account, agency, or workspace.

  • Professional advisors — auditors, lawyers, insurers, and accountants, under confidentiality.

  • Business transfers — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, where the recipient agrees to honour this Policy.

  • Legal and safety — to comply with law, lawful requests, court orders, or to investigate fraud, security incidents, or threats to people or property.

We do not sell personal information for monetary consideration.

7. Cross-Border Transfers and Data Residency

The Service is hosted primarily in Canada (Oracle Cloud Infrastructure regions in Toronto and Montréal). Some sub-processors and the third-party platforms you choose to connect (e.g., Meta, Google, AI providers) operate outside Canada, and personal information may be transferred, stored, or processed outside Canada in those cases. Personal information transferred outside Canada is subject to the laws of those jurisdictions, which may differ from Canadian laws. We rely on contractual safeguards, encryption, and other measures to protect personal information regardless of location.

8. Retention

We retain personal information for as long as needed to provide the Service, to meet our legitimate business purposes, and to comply with legal, tax, accounting, audit, and regulatory obligations. Account data is retained for the life of the account; on deletion, content is anonymized or removed within thirty (30) days, subject to a longer retention only where required by law (for example, audit logs, billing records, and records of acceptance of legal documents may be retained for up to seven (7) years). Backups are retained on a rolling basis and are overwritten in the ordinary course.

9. Your Rights

Subject to verification of your identity and to applicable exceptions, you have the right to:

  • access the personal information we hold about you and obtain a copy in a structured, commonly used format (portability);

  • correct inaccurate or incomplete information;

  • delete your personal information (subject to retention obligations and our legitimate interests);

  • withdraw consent where processing is based on consent;

  • object to or restrict certain processing;

  • opt out of marketing communications at any time using the unsubscribe link in our emails;

  • file a complaint with the Office of the Privacy Commissioner of Canada or your provincial regulator (the Commission d'accès à l'information du Québec for Quebec residents). We ask that you contact us first so we can address your concerns directly.

Most rights can be exercised in your account settings; otherwise, write to privacy@easymark.ca. We will respond within thirty (30) days, except where additional time is required by law.

10. Quebec Residents — Law 25

If you are a Quebec resident, you have the right to be informed of the categories of personal information we collect, the purposes for which we use them, the retention period, the categories of persons within SZTek who have access to the information, and any cross-border transfers. You may request the de-indexing or correction of personal information online and obtain information about the principal factors and parameters used in any automated decision based on personal information that produces effects on you. To exercise any of these rights, write to our Privacy Officer at privacy@easymark.ca. We have appointed a person responsible for the protection of personal information whose contact information is the same.

11. Automated Decisions

The Service uses automated processing to generate marketing content, allocate ad budgets, schedule posts, and surface optimization recommendations. These decisions are tools that you, the user, ultimately control through configuration and approval gates. On request, we will provide reasonable information about the principal parameters of these automated processes that produce effects on you and afford an opportunity for human review where required by law.

12. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, multi-factor authentication for staff, audit logging, tenant isolation, vendor security assessments, and incident response procedures. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

13. Breach Notification

If a breach of security safeguards results in a real risk of significant harm, we will notify affected individuals and regulators in accordance with PIPEDA, Law 25, and other applicable laws, and we will keep records of all breaches as required.

14. Cookies and Similar Technologies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your preferences through your browser, the in-product cookie banner (where displayed), or your account settings.

15. Marketing

We may send marketing emails about EasyMark and related products. You consent to receive these by creating an account or by submitting a form on our websites; your consent is express where the law requires (including Canada's Anti-Spam Legislation). Each marketing email contains an unsubscribe link. Transactional and service messages are not marketing and may continue while you have an account.

16. Customer-Provided Personal Information

Where you upload personal information about your contacts, audiences, employees, or clients (including contact lists for email or SMS marketing), you represent and warrant that you have the lawful basis to do so, including any consents required under CASL, PIPEDA, Law 25, or other applicable laws. Between you and us, you are the controller of that personal information. We act on your documented instructions and provide tooling so that you may honour data-subject rights and consent withdrawals.

17. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through in-product notice, email, or our websites at least thirty (30) days before they take effect. Non-material changes take effect on posting. The "Effective" date appears at the top of this page.

18. Contact

SZTek Inc. (DBA EasyMark) — Privacy Officer, Vaughan

, Ontario, Canada. Email: privacy@easymark.ca.

Keep exploring