Privacy Policy, Devoptiv | IT Services and Consulting Company
DevOptiv Inc. ("DevOptiv," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you visit https://devoptiv.com and use our software development, cloud operations, and digital marketing services (collectively, the "Services").
This policy includes our SMS/text messaging practices in compliance with the Telephone Consumer Protection Act (TCPA), RingCentral's SMS/MMS Content Policies, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA).
1. Who We Are
Legal Entity
DevOptiv Inc.
Address
BayWood Dr, Stittsville, ON K2S 1K5, Canada
Phone
+1 (657) 686-6729
Website
Data Protection Officer
2. Information We Collect
2.1 Categories of Personal Information (CCPA Compliance)
| Category | Examples | Collected |
|---|---|---|
| Identifiers | NameEmailPhone numberIP addressAccount credentials | Yes |
| Personal Records | NameContact informationBilling address | Yes |
| Protected Characteristics | AgeGender (if voluntarily provided) | No |
| Commercial Information | Service inquiriesProposalsContractsPayment history | Yes |
| Biometric Information | FingerprintsFace scans | No |
| Internet Activity | Pages visitedSearch queriesClickstream dataReferring URL | Yes |
| Geolocation Data | Approximate location from IP address | Yes |
| Sensory Data | AudioVideo recordings | No |
| Professional/Employment | Job titleCompany nameIndustryBusiness size | Yes |
| Non Public Education | Education records | No |
| Inferences | Profiles reflecting preferencesService needs | Yes |
2.2 Service Specific Data
3. How We Collect Data
4. How We Use Your Data
| Purpose | Legal Basis | Categories Used |
|---|---|---|
| Software Development | Contract | ADItechnical specs |
| Cloud Operations & DevOps | Contract | AFGcloud credentials |
| SEO & Marketing Services | Contract/Consent | AFIK |
| Client Communication | Legitimate Interest | ABI |
| SMS Program Delivery | Consent | A (phone)SMS data |
| Marketing Communications | Consent | AFI |
| Payment Processing | Contract | AD |
| Security & Fraud Prevention | Legitimate Interest | AFG |
| Legal Compliance | Legal Obligation | All categories |
5. SMS / Text Messaging Policy (TCPA & RingCentral Compliant)
5.1 Prior Express Written Consent
We obtain prior express written consent before sending any SMS messages. Consent is never implied, pre-checked, or a condition of purchase.
Consent Disclosure (Displayed at Collection): By providing your mobile number, you consent to receive SMS messages from DevOptiv regarding project updates, cloud operations alerts, and marketing insights. Message frequency: up to 4 messages per month. Message and data rates may apply. Reply STOP to cancel, HELP for assistance. We only send messages between 8:00 AM - 9:00 PM your local time. View our Privacy Policy and Terms of Service.
Consent Methods: Unchecked checkbox on web forms, Keyword opt-in (e.g., texting "DEVOPTIV" to our number), Written agreement (contracts/proposals)
5.2 Prohibited Content (RingCentral TCR Requirements)
Prohibited Content: Per RingCentral's SMS/MMS Content Policies, we strictly prohibit and do not send: Loan, mortgage, or credit repair advertisements, Work from home or multilevel marketing promotions, Political advertisements or campaigning, Alcohol, tobacco, or firearms promotions, Pharmaceutical or drug advertisements, Gambling, sweepstakes, or lottery content, Content using purchased or third party lead lists
5.3 Message Types & Frequency
We may send:
- Service Updates: Development milestones, deployment notifications
- Cloud Operations: Infrastructure alerts, maintenance windows, security notifications
- SEO/Marketing: Campaign performance summaries, optimization recommendations
- Meeting Reminders: Consultation calls, project reviews
- Security Alerts: Unauthorized access warnings, credential reset confirmations
- Frequency: Maximum 4 messages per month
- Quiet Hours: 8:00 AM - 9:00 PM recipient local time only
- Throughput: Maximum 50 messages per minute per number
5.4 Opt-Out Rights
- STOP: Reply STOP to any message for immediate unsubscribe. One confirmation message sent without promotional content.
- HELP: Reply HELP for assistance or contact [email protected]
- Email: Send "SMS Opt-Out" to [email protected]
- Processing Time: Immediate for STOP replies; 10 business days maximum for other methods
5.5 SMS Data Protection
- Phone numbers and consent records stored in HubSpot CRM with restricted access
- SMS opt-in data is NEVER sold or shared with third parties for marketing
- Consent records retained for minimum 5 years as required by TCPA
- Message logs retained for 12 months for delivery verification
6. Data Sharing & Subprocessors
6.1 Service Providers
| Provider | Service | Data Shared | Safeguards |
|---|---|---|---|
| HubSpot | CRM, Marketing Automation, Email | Contact info, engagement data, SMS consent status | GDPR Article 28 DPA, EU-US Data Privacy Framework |
| RingCentral | SMS Gateway | Phone numbers, message content | TCPA compliance, encryption |
| AWS/Azure | Cloud Hosting | All service data | SOC 2 Type II, ISO 27001, encryption |
| Google Analytics | Web Analytics | IP address (anonymized), behavior | GDPR-compliant configuration |
| Stripe | Payment Processing | Payment info (tokenized) | PCI-DSS Level 1 |
6.2 Data Processing Agreements (GDPR Article 28)
All subprocessors (HubSpot, RingCentral, cloud providers) process data only on our documented instructions under Data Processing Agreements that include:
- Confidentiality obligations for personnel
- Security measures per Article 32
- Subprocessor authorization and notification requirements
- Assistance with data subject rights requests
- Return/deletion of data upon termination
- Audit rights and compliance cooperation
Standard Contractual Clauses (SCCs): We use EU Commission-approved SCCs (2021 versions) for international transfers to the US and Canada.
6.3 No Sale of Personal Information
We do not sell your personal information to third parties as defined under CCPA/CPRA. We do not share SMS opt-in data, phone numbers, or consent records with any third parties for their independent marketing purposes.
7. Cookies & Tracking
| Category | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential | Authentication, security, site functionality | Session - 1 year | No |
| Analytics | Google Analytics, performance monitoring | 1-2 years | Yes |
| Marketing | SEO tracking, ad conversion (Google Ads) | 90 days - 1 year | Yes |
| Functional | Language preferences, CMS settings | 1 year | Yes |
Control: Manage preferences via our cookie banner or browser settings. We honor Do Not Track signals for analytics.
8. Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Client account information | Duration of contract + 7 years | Tax/accounting laws |
| SMS consent records | 5 years minimum | TCPA compliance |
| Cloud operations logs | 12 months | Security, debugging |
| SEO campaign data | 3 years after campaign end | Contract performance |
| Marketing data | Until opt-out + 1 year | Consent management |
| Deleted accounts | 30 days post-deletion, then permanent | Data minimization |
Upon expiration, data is securely deleted or irreversibly anonymized.
9. Data Security & Breach Notification
9.1 Security Measures
- Encryption: AES-256 at rest, TLS 1.3 in transit
- Access Controls: Role-based access (RBAC), multi-factor authentication (MFA)
- Monitoring: 24/7 security operations center (SOC), intrusion detection
- Audits: Quarterly vulnerability assessments, annual penetration testing
9.2 Breach Notification
In the event of a personal data breach:
- Supervisory Authorities: Within 72 hours of discovery (GDPR Article 33)
- Affected Individuals: Without undue delay if high risk to rights/freedom
- Clients (B2B): Within 24 hours for breaches affecting client data
- Content: Nature of breach, data categories involved, likely consequences, measures taken, DPO contact
10. Your Privacy Rights
10.1 GDPR Rights (EEA/UK Residents)
- Access, rectify, or erase your personal data
- Restrict or object to processing
- Data portability (machine-readable format)
- Withdraw consent (without affecting prior lawful processing)
- Lodge complaint with supervisory authority (e.g., UK ICO)
10.2 CCPA/CPRA Rights (California Residents)
- Right to Know: Categories and specific pieces of personal information collected
- Right to Delete: Request deletion (subject to service provision/legal obligations)
- Right to Correct: Update inaccurate information
- Right to Opt-Out: Of "sale" or "sharing" (we do not sell data)
- Right to Limit: Use of sensitive personal information
- Right to Non-Discrimination: For exercising privacy rights
Authorized Agents: You may designate an agent to submit requests. We will verify their authority before processing.
Exercising Rights: Contact [email protected] or call +1 (657) 686-6729. We respond within 45 days (extendable with notice).
11. International Data Transfers
Your data may be processed in Canada, the United States, and other jurisdictions. When transferring from the EEA, UK, or Switzerland:
- We use Standard Contractual Clauses (SCCs) (2021 versions)
- HubSpot and AWS participate in the EU-US Data Privacy Framework
- We implement supplementary technical measures (encryption) where required
12. Children's Privacy
We do not knowingly collect data from individuals under 16. If discovered, we will delete such data immediately. Contact [email protected] to report.
13. Third-Party Links
Our Site may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies separately.
14. Policy Updates
We may update this policy to reflect legal, regulatory, or operational changes. Material changes affecting your rights will be notified via:
- Email to registered users (30 days notice)
- Prominent banner on Site (30 days notice)
- SMS notification to opted-in users (for SMS-related changes)
Continued use after changes constitutes acceptance.
15. Contact Us
DevOptiv Inc.
BayWood Dr, Stittsville, ON K2S 1K5, Canada
Email: [email protected] | [email protected]
Phone: +1 (657) 686-6729
Website: https://devoptiv.com
For SMS Support: Reply HELP to any message or contact [email protected] with subject "SMS Support"
Appendix A: SMS Campaign Registration (TCR/10DLC)
Required for RingCentral 10DLC Registration:
| Field | Value |
|---|---|
| Brand Name | DevOptiv Inc. |
| Legal Entity | DevOptiv Inc. |
| Website | https://devoptiv.com |
| Privacy Policy URL | https://devoptiv.com/privacy-policy |
| Terms of Service URL | https://devoptiv.com/terms-of-service |
| Contact Email | [email protected] |
| Contact Phone | +1 (657) 686-6729 |
| Campaign Use Case | Software development, cloud operations, and SEO marketing services communications |
| Message Content | Service updates, cloud ops alerts, SEO campaign updates, meeting reminders, security notifications |
| Message Frequency | Up to 4 messages per month |
| Opt-In Method | Web form (unchecked checkbox), keyword text-to-join, written contract |
| Opt-Out | Reply STOP |
| Help | Reply HELP or email [email protected] |
Prohibited Content Certification:
This campaign does NOT and will NOT transmit prohibited content including: SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco), gambling, sweepstakes, lottery, loan advertisements, credit repair, work-from-home schemes, political content, or pharmaceutical promotions. We do not use purchased lead lists.
Data Privacy Certification:
SMS opt-in data and phone numbers are used solely for message delivery and compliance record-keeping. This data is not sold, shared, or disclosed to third parties for marketing purposes.