CaIoT logo
Legal

CaIoT Privacy Policy

How CaIoT collects, uses, shares, stores, and protects information.

Effective Date: November 27, 2023
Last Updated: July 6, 2026
Version: 2.0

1. Overview

This Privacy Policy explains how CaIoT Inc. ("CaIoT", "we", "us", or "our") collects, uses, discloses, stores, and protects personal information when you use our websites, software, applications, cloud infrastructure, device marketplace, APIs, contributor programs, and related services (the "Platform").

This Policy is intended to support compliance with Canadian privacy laws, including PIPEDA, and to reflect privacy principles relevant to users in other regions, including the European Economic Area, the United Kingdom, and California where applicable.

2. Policies Incorporated by Reference

This Privacy Policy is part of and incorporated into the Terms of Service. Other related policies may apply, including the Cookie Policy, Security Policy, Acceptable Use Policy, Device Contributor Agreement, and Customer Agreement.

3. Information We Collect

We may collect information you provide directly, information collected automatically, and information from third parties.

  • Account information: name, email address, phone number, organization, role, login credentials, preferences, and authentication data.
  • Business and contributor information: company details, contributor profile, device ownership confirmations, payout details, tax-related information, verification information, and support records.
  • Device information: device model, manufacturer, operating system, identifiers, network status, availability, location signals where enabled or necessary, installed CaIoT software version, diagnostics, and technical configuration.
  • Usage and session information: session start/end times, device selected, connection method, relay usage, bandwidth metrics, crash logs, audit logs, actions required for support, billing records, and abuse-prevention signals.
  • Payment information: payment status, transaction IDs, invoices, credits, billing address, and payment metadata. Full card details are generally processed by payment providers such as Stripe and not stored by CaIoT.
  • Communications: support messages, emails, feedback, survey responses, and other communications with CaIoT.
  • Website and cookie data: IP address, browser type, device type, pages viewed, referral URLs, timestamps, and analytics identifiers.

4. How We Use Information

We use information to provide, operate, secure, maintain, improve, and support the Platform; create and manage accounts; process payments and credits; provide remote device access; match Customers and Device Contributors; diagnose streaming and connectivity issues; prevent fraud and abuse; enforce policies; communicate with users; comply with law; and develop new services.

5. Remote Device and Session Data

Because CaIoT provides remote device access and cloud connectivity, the Platform may process technical session data, device identifiers, streaming metadata, connection logs, relay diagnostics, performance metrics, and security events. This information helps provide service delivery, billing, troubleshooting, abuse detection, and platform security. CaIoT does not commit to reviewing every session and is not responsible for all user activity performed through sessions.

6. Legal Bases Where Required

Where laws such as the GDPR require a legal basis, we may process personal information based on performance of a contract, legitimate interests, consent, compliance with legal obligations, or protection of rights and security. Legitimate interests may include operating the Platform, securing services, preventing fraud, supporting users, improving products, and enforcing agreements.

7. Sharing and Disclosure

We may share information with service providers, payment processors, hosting and cloud providers, analytics providers, communication providers, security tools, support vendors, professional advisors, business partners, enterprise administrators, contributors or customers where necessary to operate the marketplace, law enforcement or regulators where required, and parties involved in a business transaction such as merger, financing, acquisition, or sale of assets.

We do not sell personal information in the traditional sense. If applicable law defines certain analytics or advertising activities as "sale" or "sharing," users may have rights described under applicable law.

8. International Transfers

CaIoT is based in Canada, and information may be processed in Canada, the United States, the European Economic Area, the United Kingdom, or other jurisdictions where CaIoT, its users, contributors, partners, or service providers operate. These jurisdictions may have different data protection laws. We use reasonable safeguards appropriate to the nature of the information and service.

9. Cookies and Analytics

We may use cookies, pixels, local storage, SDKs, and similar technologies for authentication, security, preferences, analytics, performance, and marketing. See the Cookie Policy for more information.

10. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, support accounting, and preserve business records. Retention periods vary depending on the type of information and the purpose of processing.

11. Security

We use reasonable technical and organizational safeguards designed to protect information, including access controls, authentication, encryption where appropriate, logging, monitoring, and operational controls. No internet or cloud service is completely secure, and we cannot guarantee absolute security. Users are responsible for securing their accounts, credentials, devices, and data.

12. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent, request portability, or complain to a supervisory authority. We may need to verify your identity before responding. Some rights may be limited by legal, security, fraud-prevention, or operational requirements.

13. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that personal information from a child has been collected without required consent, we will take reasonable steps to delete it.

14. Enterprise and Administrator Access

If you use the Platform through an organization, enterprise administrator, employer, client, or team account, that organization may access usage, billing, audit, account, and administrative information associated with your use. Your organization's own policies may also apply.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised "Last Updated" date. Continued use of the Platform after an update means the updated policy applies to future use.

16. Contact

Privacy questions may be sent to [email protected] or CaIoT Inc., Mississauga, Ontario, Canada.