Privacy Policy

# Privacy Policy

Effective Date: June 17, 2026

---

## 1. Role of MAYTRYX

MAYTRYX acts as a "data processor / service provider" on behalf of its clients.

Clients are the "data controllers" responsible for:

- Obtaining lawful consent from their contacts

- Ensuring the lawful use of personal data provided to MAYTRYX

- Complying with all applicable privacy and anti-spam laws in their jurisdiction

---

## 2. Information We Collect

We may collect the following categories of personal information:

- Contact details — name, phone number, email address, mailing address

- Client-provided lead data — contact lists, prospect databases, and any data uploaded by clients

- SMS and messaging data — mobile phone numbers, opt-in consent records, consent timestamps, consent source, message delivery status, and interaction history

- Usage and analytics data — website activity, platform interactions, and performance metrics

- Communication records — records of messages sent, received, and responded to through our platform

- Payment information — processed securely through Stripe; MAYTRYX does not store raw card data

---

## 3. SMS and Text Message Data

When contacts opt in to receive text messages through campaigns managed on our platform, we collect:

- Mobile phone number

- Opt-in consent timestamp and source

- Message interaction and delivery data

We do not sell, share, rent, or transfer SMS opt-in information or consent records to any third party for their own marketing purposes. This data is used solely to deliver the agreed communications on behalf of the client.

Recipients may opt out of text messages at any time by replying STOP. For assistance, recipients may reply HELP or contact us at [email protected]. Message and data rates may apply.

---

## 4. Client Data Responsibility

All third-party contact data:

- Is provided directly by the Client

- Remains the sole responsibility of the Client

- Must have been collected in compliance with applicable laws (including CASL, TCPA, GDPR, and any other applicable legislation)

MAYTRYX does not independently verify the consent or legality of client-provided data. Clients certify at the time of upload or campaign initiation that all contacts have provided the required consent.

---

## 5. How We Use Information

We use collected data to:

- Deliver and manage services on behalf of clients

- Send communications (SMS, email, voice) as directed by clients

- Monitor and improve platform performance

- Process payments and manage billing

- Comply with legal obligations

- Respond to support requests

---

## 6. Sharing of Information

We share personal data only with the following categories of third-party service providers, strictly for the purpose of delivering our services:

| Provider | Purpose |

|---|---|

| Stripe | Payment processing |

| GoHighLevel | CRM, messaging, and automation platform |

| Google | Analytics, cloud infrastructure |

We do not sell personal data. We do not share personal data with third parties for their own marketing or advertising purposes.

All third-party providers are required to handle data in accordance with applicable privacy law and their own published data processing agreements.

---

## 7. Cookies & Tracking

We use cookies and similar tracking technologies on our website for analytics and performance monitoring. By using our website, you consent to the use of cookies as described in this policy. You may adjust cookie preferences through your browser settings.

---

## 8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction.

We do not guarantee absolute security. No method of transmission or storage is 100% secure. In the event of a data breach that creates a real risk of significant harm to individuals, we will:

- Notify affected clients within 72 hours of becoming aware of the breach

- Cooperate with required regulatory notifications under applicable Canadian privacy law (PIPEDA / Quebec Law 25) and any other applicable legislation

- Provide a summary of the nature of the breach, data affected, and steps taken to mitigate harm

---

## 9. Data Retention

We retain personal data for as long as necessary to deliver services and meet our legal obligations.

- Active client data is retained for the duration of the service relationship plus 12 months

- Consent and opt-in records are retained for a minimum of 3 years to support compliance with CASL and applicable messaging regulations

- Anonymized or aggregated data may be retained indefinitely for analytics and reporting purposes

Upon termination of services, client data will be deleted or returned upon written request within 30 days.

---

## 10. Individual Rights (PIPEDA / Privacy Law)

Individuals whose personal data is processed through our platform have the right to:

- Access — request a copy of their personal information

- Correction — request correction of inaccurate or incomplete data

- Withdrawal of consent — withdraw consent for processing, subject to legal or contractual limitations

- Complaint — lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca

Because MAYTRYX operates as a data processor on behalf of clients, requests from individuals will in most cases need to be directed to the client organization (the data controller). MAYTRYX will assist clients in fulfilling valid data subject requests within applicable timelines.

---

## 11. International Data Processing

Data may be processed, stored, or accessed in countries outside Canada, including the United States, where privacy laws may differ from those in your jurisdiction. By using our services or submitting your data through a client's campaign, you consent to this international processing.

We require third-party providers operating outside Canada to implement appropriate data protection safeguards.

---

## 12. Limitation of Liability

To the fullest extent permitted by applicable law, MAYTRYX is not liable for:

- Misuse of data by clients or their authorized users

- Failures of third-party service providers (including GoHighLevel, Stripe, or Google)

- Data breaches or unauthorized access resulting from events outside our reasonable control

- Any regulatory fines or enforcement actions arising from a client's failure to comply with applicable privacy, anti-spam, or telecommunications laws

---

## 13. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated by updating the Effective Date and, where appropriate, by direct notice to active clients. Continued use of our services following any update constitutes acceptance of the revised policy.

---

## 14. Contact

For privacy-related questions, requests, or concerns:

MAYTRYX

[email protected]

647-544-3686

AI Automation Agency — Ontario, Canada