Effective Date: June 2025
Last Updated: June 2025
Attollo ("we", "our", or "us") respects your privacy and is committed to protecting the personal information of our users, clients, and platform visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our services. This includes through our website, CRM platform, and communication tools (the “Platform”).
By using our services, you agree to the collection and use of your information in accordance with this Privacy Policy.
1. Information We Collect
We collect various types of information to provide and improve our services, including:
1.1. Personal Information
When you register, sign up, or interact with our services, we may collect:
Name and email address
Business name and contact details
Phone number
Billing and payment information
Account login credentials
Any other information you voluntarily submit via forms, chats, or support channels
1.2. Usage & Device Information
We automatically collect certain technical data, such as:
IP address
Browser type and version
Device type and operating system
Pages viewed and time spent
Referring URL and navigation paths
Cookies and tracking data
1.3. Customer Data (CRM Use)
If you use our platform to store customer contact data, appointment history, notes, or communication logs, you are responsible for ensuring that such data has been lawfully collected and processed. We will only access this information to provide support or maintenance, under the terms outlined in this policy and our Data Processing Agreement.
2. How We Use Your Information
We use your information to:
Provide access to our platform and related services
Process transactions and issue invoices
Deliver customer support
Improve and personalize your user experience
Send relevant updates and promotional emails (opt-out anytime)
Comply with legal obligations
Secure and protect the integrity of our systems
3. Legal Basis for Processing
We collect and process personal information based on:
Your consent
The need to fulfill a contractual obligation
Our legitimate interest in operating and improving our services
Legal compliance with applicable regulations
4. Sharing Your Information
We do not sell or rent your personal information.
We may share data with:
Trusted third-party service providers (e.g., cloud hosting, payment processors, email delivery)
Regulatory authorities or law enforcement if required by law
Business partners in the event of a merger, acquisition, or asset sale — in which case you will be notified
All third parties are contractually bound to protect your data in accordance with this policy and Canadian privacy standards.
5. Cookies and Tracking Technologies
We use cookies and similar tracking tools to:
Enhance website performance
Track visitor activity
Personalize content
You may disable cookies through your browser settings. However, this may impact the full functionality of our services.
6. Data Retention
We retain personal information only for as long as necessary to:
Fulfill the purpose for which it was collected
Comply with legal or regulatory obligations
Resolve disputes
Enforce agreements
Client data stored within the CRM is retained until the user deletes it or the account is terminated.
7. Security
We use industry-standard security practices including:
SSL encryption
Password protection
Firewalls
Secure cloud infrastructure
Despite our efforts, no method of transmission over the internet is 100% secure. We encourage all users to practice good password hygiene and report any suspicious activity.
8. Your Rights (Canadian Residents)
Under PIPEDA, you have the right to:
Access the personal information we hold about you
Request correction of inaccurate or outdated data
Withdraw consent for certain types of processing
File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, contact us using the information at the bottom of this policy.
9. Third-Party Links
Our website and platform may contain links to other websites. We are not responsible for their privacy practices. Please review their privacy policies separately before submitting any information.
10. International Users
If you are accessing the platform from outside Canada, you consent to the transfer, storage, and processing of your information in Canada and other jurisdictions where our service providers operate.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When changes are made, the updated policy will be posted on this page with the revised effective date. Your continued use of our services constitutes acceptance of these changes.
13. Contact Us
If you have any questions about this Privacy Policy or your personal data, please contact us:
Attollo
Ottawa, Ontario, Canada
[email protected]
613-801-6838
Data Processing Agreement (DPA)
This Data Processing Agreement is an integral part of our Privacy Policy and applies to users of the Attollo platform who store or process personal data of their own clients through our services.
1. Data Controller and Processor Roles
You (the Client) are the Data Controller of any personal data you upload or manage within the Platform.
Attollo acts as the Data Processor, handling that data on your behalf in accordance with your instructions and applicable laws.
2. Purpose of Processing
Attollo will process personal data solely to:
Deliver the services as outlined in your plan
Provide support, system updates, and troubleshooting
Fulfill legal obligations if required
3. Security Measures
We agree to implement appropriate technical and organizational measures to protect the data from unauthorized access, disclosure, alteration, or destruction.
4. Subprocessors
We use trusted third-party subprocessors (e.g., Google Cloud, Stripe, Twilio) to support service delivery. All subprocessors are bound by strict data protection agreements.
5. Data Subject Rights
We will assist you, as needed, to respond to data subject access or deletion requests, in compliance with PIPEDA.
6. Deletion or Return of Data
Upon termination of services, you may export or request the deletion of all personal data stored on the Platform. We will comply within 30 days, unless retention is required by law.
By continuing to use our services, you acknowledge and agree to both the Privacy Policy and this Data Processing Agreement.