Privacy Policies - Organization

Retour à l'accueil
Dernière mise à jour
May 11, 2026

1. Identification of the Company Responsible for Data Processing

This Privacy Policy is implemented by Productions Extrevent inc., a corporation duly incorporated under the laws of Quebec.For any questions regarding the protection of your personal information, to exercise your rights of access, rectification, or deletion of your data, or for any request related to this policy, you may contact us by email at: hello@silkfy.ca

Productions Extrevent inc. is committed to processing your personal information in compliance with Quebec’s Act respecting the protection of personal information in the private sector as well as any other applicable privacy legislation.This Privacy Policy applies to all data collected as of its effective date and replaces any previous policies.‍The most recent version is accessible at all times at silkfy.ca/politiques/confidentialite and upon request by email at hello@silkfy.ca.‍

2. Scope of Application

This Privacy Policy applies exclusively to Organizations that have subscribed to Silkfy services within the framework of a commercial relationship (hereinafter "the Client").It applies to all natural persons acting on behalf of or for the Client, including:

  • The legal representative and signatories of the contract;
  • Silkfy account administrators and managers;
  • Any employee or collaborator authorized to access the services.

It covers personal information processed in connection with the use of Silkfy services.This policy does not apply to the End Users of the content or communications published by the Client. These individuals are subject to the Client’s own privacy policy, for which the Client remains solely responsible.‍

3. Definitions

For the purposes of this Privacy Policy, the following terms shall be understood as follows:

  • "Organization" or "Client": Any company, corporation, or legal entity that has subscribed to Silkfy services within a commercial relationship.
  • "Silkfy" or "Platform": All digital tools, interfaces, and services developed and operated by Silkfy, accessible to the Client.
  • "Data Controller": The party that determines the purposes and means of processing personal information. Under this Policy, Silkfy acts as the data controller for the personal information of the Client's representatives, and the Client remains the controller for the personal information of its own End Users.
  • "Personal Information": Any information concerning a natural person that allows them to be identified, directly or indirectly, including the contact details of contact persons, representatives, and Client account administrators, in accordance with the definition provided by Law 25.
  • "Organizational Data": Information relating to the organization as a legal entity, which does not constitute personal information within the meaning of Law 25.
  • "Professional Instagram Account": The professional Instagram account connected to the Platform by the Client for the purpose of using the services.
  • "Instagram Data": All information collected from the Client's Professional Instagram Account through the Meta API, within the limits permitted by Meta’s terms of use.
  • "Law 25": The Act to modernize legislative provisions as regards the protection of personal information, S.Q. 2021, c. 25, as amended, as well as the Act respecting the protection of personal information in the private sector, CQLR, c. P-39.1, which it amends.
  • "PIPEDA": The Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, the federal law applicable to personal information processed in the course of interprovincial or international commercial activities.

Silkfy collects only the personal information strictly necessary for the provision of its services. The categories of data collected are as follows:‍

4. Personal Information Collected

4.1 Account Information

In the context of creating and managing a Silkfy account, we collect the identification information of the organization, including:

  • Its legal and trade name;
  • Its full business address;
  • Its Quebec Business Number (NEQ).

Regarding the primary contact person designated by the organization, we collect:

  • Their last name and first name;
  • Their title or position within the organization;
  • Their professional email address;
  • Their professional phone number.

For each account administrator and employee authorized to access the Platform, we collect their professional email address, as well as their assigned role and permissions.‍

4.2 Billing and Payment Information

For billing purposes, we collect:

  • The organization's billing address;
  • The name of the person responsible for billing;
  • The email address dedicated to receiving invoices.

Payment information:

  • Credit or debit card number;
  • Expiration date;
  • Cardholder's name;
  • Security code (CVV).

This information is transmitted directly to our third-party payment processor via an encrypted and secure connection. This information is not stored directly in Silkfy's systems. The CVV code is never retained after the transaction is validated.‍We also maintain a billing history including:

  • Amounts billed and paid;
  • Transaction dates;
  • Status of each payment;
  • Invoices issued.‍

4.3 Professional Instagram Account Data

When connecting the organization's Professional Instagram account to the Platform, Silkfy collects, via Meta’s OAuth protocol:

  • An access token;
  • The unique account identifier (ID);
  • Initial connection and token renewal dates.

We also access public data from the organization's Instagram profile:

  • Username (@username);
  • Display name;
  • Profile picture URL;
  • Follower count.

For each post (Reels, Carousel, Photos, Videos), Silkfy collects:

  • Post identifier;
  • Media URL;
  • Date and time of publication;
  • Caption;
  • Engagement statistics available via Meta’s API, such as likes and comments counts.

Regarding comments posted on the organization's posts, we collect:

  • The content;
  • The Instagram handle (@username) of the author;
  • Date and time of publication;
  • Unique identifier.

Silkfy collects no other personal data relating to the authors of these comments. Silkfy also detects mentions of the organization’s account in other users' stories and posts, collecting the author's ID and the date/time of the mention.‍

4.4 Platform Usage Data

To ensure the proper functioning of the Platform and improve services, Silkfy collects data related to user account activity. This includes:

  • Connection dates and times;
  • IP addresses;
  • Browser and operating system used;
  • Actions performed within the Platform.

Configurations and content created by the organization for its loyalty campaigns are also retained, including:

  • Reward catalog;
  • Promo codes;
  • Generated QRs;
  • Instagram reward information;
  • Created events.‍

4.5 Technical Data and Cookies

Silkfy uses cookies and similar technologies to operate the Platform, remember user preferences, and analyze service usage. These include:

  • Session cookies;
  • Preference cookies (language, display settings);
  • Analytics cookies (such as Google Analytics);
  • Device identifiers.

Technical logs are automatically generated and include IP addresses, browser/device information, pages visited, time spent on each page, and technical errors encountered.‍

5. Purposes of Collection and Use of Personal Information

Silkfy collects and uses Organizations' personal information only for specific, explicit, and legitimate purposes, in accordance with Law 25. Each purpose is based on a specific legal basis described below.‍

5.1 Provision and Management of Service

(Art. 12 of Law 25)Collected information is primarily used to provide the services the organization has subscribed to. This includes account creation/maintenance, authentication, and managing permissions for administrators and authorized employees.‍For Instagram integration, data allows for account connection, synchronization for automatic point attribution, comparing End User IDs with interactions (comments, mentions), and displaying engagement statistics on the dashboard.‍Loyalty campaign data is used to manage active campaigns, apply point attribution rules, and manage reward exchanges.‍Finally, contact information is used to send account-related notifications (confirmations, alerts, updates), respond to support requests, and send invoices.‍

5.2 Billing and Payment

(Art. 12 of Law 25)Billing info is used to process monthly subscriptions, process credit card payments via third-party processors, and manage payment failures. This data is also kept to comply with tax and accounting obligations (GST/QST) and Canadian law.‍

5.3 Security and Fraud Prevention

(Art. 12 of Law 25)Silkfy uses technical data to identify suspicious activity (hacking, point system abuse, fake accounts). It helps monitor unusual connections (suspicious IPs) and protect against cyberattacks like DDoS or SQL injections.‍

5.4 Service Improvement

(Art. 12 of Law 25)Usage data is analyzed to identify popular features, detect bugs, and understand needs for future development. Silkfy may produce aggregated and anonymized statistics that do not identify specific organizations.‍

5.5 Marketing Communications

(Art. 14 of Law 25)Silkfy only sends marketing communications with the prior explicit consent of the Organization. This includes newsletters, webinars, and feature updates. The Organization can unsubscribe at any time via the link in the email. Essential service communications (invoices, security alerts) cannot be opted out of.‍

5.6 Legal and Regulatory Compliance

(Art. 11 of Law 25)Certain data is kept for 7 years for tax purposes or to comply with court orders and regulatory investigations. Silkfy will notify the Commission d’accès à l’information (CAI) of security incidents as required by Law 25.‍

5.7 Dispute Resolution

(Art. 12 of Law 25)Silkfy may retain data to document the fulfillment of contractual obligations, record violations of Terms of Use, and defend its rights in legal proceedings.‍

6. Legal Basis for Processing

According to Law 25, all processing falls under one of the following:

  • 6.1 Performance of Contract (Art. 12): Necessary to provide the service (account management, billing, Instagram integration). Refusal to provide this data prevents the execution of the contract.
  • 6.2 Consent (Art. 14): For marketing communications or using the organization's logo for Silkfy's promotional purposes. Consent can be withdrawn at any time.
  • 6.3 Legitimate Interest (Art. 12): For platform security, fraud prevention, and service improvement. A proportionality test has been conducted to ensure these interests do not override the Organization's rights.
  • 6.4 Legal Obligation (Art. 11): 7-year tax record retention, responding to court orders, and reporting privacy incidents to the CAI.‍

7. Sharing and Communication of Personal Information

Silkfy only shares personal information with strictly necessary third parties:

7.1 Sub-processors

  • Vercel Inc. (Web Hosting): Servers in the USA (with Canadian data center options). SOC 2 and ISO 27001 certified.
  • Supabase Inc. (Database): Hosts Silkfy’s PostgreSQL database. The Canada region is prioritized. Data is encrypted at rest and in transit.
  • Zoho Payments (Payment Processor): PCI-DSS Level 1 certified. Servers in the USA. Silkfy never stores full card numbers. Policy: zoho.com/privacy.html.
  • Brevo (Email Service): Servers in Europe (France). GDPR compliant. Used for transactional and marketing emails.
  • Meta Platforms Inc. (Instagram API): Facilitates Instagram integration. Data flows from Meta to Silkfy.

7.2 Other Third Parties

  • Legal Authorities: When required by court order or the CAI.
  • Professional Advisors: Lawyers/auditors under confidentiality agreements.
  • Potential Acquirers: In the event of a merger or sale, with prior notification to the Client.‍

8. Data Retention

  • Active Subscription: Data updated in real-time. Logs kept for 12 months. Anonymized analytics kept indefinitely.
  • Post-Termination:
    • General Account Data: 30 days (for potential reactivation/export), then deleted.
    • Instagram Data: 30 days (except point history linked to loyalty programs).
    • Billing Data: 7 years (tax/legal requirements).
    • Litigation Data: Duration of dispute + 3 years.
  • Deletion Process: Logical deletion occurs first (marked as deleted), followed by physical deletion from backups within 90 days.
  • Request for Deletion: Organizations can request account deletion via hello@silkfy.ca. Silkfy will process this within 30 days, subject to legal retention exceptions.‍

9. Data Security

  • Technical Measures: HTTPS/TLS 1.2+ encryption, AES-256 for sensitive data, and passwordless authentication (OTP via email) as a 2FA equivalent. Role-based access control (RBAC) is enforced.
  • Organizational Measures: Restricted staff access, mandatory employee cybersecurity training, and annual security policy audits.
  • Limitations: While Silkfy implements industry-standard measures, absolute security cannot be guaranteed for internet-connected systems. Clients are responsible for their own login security.‍

10. Security Incidents

  • Definition: Any event leading to unauthorized access, loss, or alteration of personal information.
  • Silkfy Obligations: Notification to the Organization within 72 hours of discovery. Notification to the CAI if there is a risk of serious injury.
  • Client Obligations: Notify Silkfy within 24 hours if the client discovers a breach due to their own negligence (e.g., compromised email).‍

11. Rights of the Organization

Under Law 25, representatives have the following rights:

  • Access (Art. 27): Confirm processing and receive a copy of data.
  • Rectification (Art. 29): Correct inaccurate or incomplete info.
  • Deletion (Art. 28): Request account/data removal (subject to legal exceptions).
  • Portability (Art. 30): Request data in a structured format (CSV/JSON). Note: Feature currently under development.
  • Withdrawal of Consent (Art. 14): Opt-out of marketing.
  • Right to Complain: File a complaint with the CAI.

Procedure: Email hello@silkfy.ca with "Exercise of Rights" in the subject line. Silkfy will respond within 30 days.‍

12. Cookies and Similar Technologies

  • Strictly Necessary: Essential for login and security (e.g., CSRF protection). No consent required.
  • Preference/Functional: Remember language/settings. Can be managed via browser settings.
  • Web Beacons: Used by Brevo to track email opens.‍

13. Third-Party Links

Silkfy is not responsible for the privacy practices of third-party sites (Meta, payment processors, etc.). Users should review the specific policies of these entities.‍

14. Modifications

  • Substantial Changes: 30-day notice via email and platform banner.
  • Minor Changes: 15-day notice or immediate effect for clarifications.
  • Acceptance: Continued use of the platform constitutes acceptance of the new policy.‍

15. Transfer of Ownership

In the event of a merger or acquisition, data may be transferred. The Client will be notified 30 days in advance and retains the right to terminate their subscription.‍

16. Contact and Complaints

Privacy Officer:Name: Samuel LabbéEmail: samuel@silkfy.ca

Regulatory Authority (CAI):Commission d’accès à l’information du Québec525, boul. René-Lévesque Est, Suite 1.20, Quebec City, QC G1R 5S9Tel: 1 888 528-7741 | Website: www.cai.gouv.qc.ca

17. Governing Law and Jurisdiction

  • Governing Law: Law 25 (Quebec), PIPEDA (Canada), and the Civil Code of Quebec.
  • Jurisdiction: Courts of the judicial district of Quebec City, Quebec, Canada.
  • Language: This policy is written in French, which constitutes the official and binding version. In the event of a translation, the French version prevails.

InstagramFacebookLinkedIn
À propos de nousModulesForfaitsUtilisationDémo
|
© 2026 tout droits réservés. Une solution de Productions ExtrEvent. Créé par Métriques
Politiques & Termes