ConformVaultConformVault

Quebec Law 25 Compliance

Product of: Les Entreprises SecuAAS Inc.
NEQ: 1177504777
Domain: conformvault.com
Last updated: 2026-03-04

5.1 Our Commitment

Les Entreprises SecuAAS Inc. is committed to complying with the Act to modernize legislative provisions as regards the protection of personal information (S.Q. 2021, c. 25), hereinafter "Law 25", including the amendments to the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1).

5.2 Measures Implemented

Governance

  • Person Responsible for the Protection of Personal Information (PRPPI): Olivier, Founding President — dpo@secuaas.com
  • Publication of the PRPPI's identity and contact information on the SecuAAS website
  • Documented and accessible governance policies and practices

Consent

  • Obtaining manifest, free, informed consent given for specific purposes
  • Granular consent (per purpose) for cookies and communications
  • Simple and accessible consent withdrawal mechanism
  • Separate consent for each processing purpose

Privacy Impact Assessments (PIA)

PIAs have been conducted for any processing involving:

  • A transfer of personal information outside Quebec (s. 17)
  • The acquisition, development, or redesign of an information system (s. 3.3)
  • The communication of personal information to third parties

The PIAs conducted cover the following subcontractors:

  • Anthropic (Claude API) — United States
  • Google (Vertex AI / Gemini / Analytics) — United States
  • OpenAI — United States
  • Stripe — United States
  • Microsoft (Exchange / SharePoint) — United States / Canada

Privacy Incident Registry

  • Maintaining an incident registry in accordance with section 3.5
  • Notification process to the CAI and affected individuals in case of risk of serious harm
  • Analysis of each incident to assess the risk of harm

Right to Portability

  • In accordance with the provisions in force, personal information may be communicated in a structured and commonly used technological format upon request

Transparency

  • Privacy policy written in simple and clear terms
  • Information about subcontractors and transfers outside Quebec
  • Identification of the specific purposes of each collection

5.3 Data Sovereignty

All of ConformVault's infrastructure is hosted in Quebec (OVH Beauharnois). The only transfers outside Quebec involve transient processing through the APIs of technology subcontractors, for which PIAs have been conducted and mitigation measures applied.

5.4 Your Rights Under Law 25

  • Access to your personal information
  • Rectification of inaccurate, incomplete, or ambiguous information
  • Withdrawal of consent
  • Right to erasure (right to be forgotten, subject to legal exceptions)
  • Right to portability
  • Right to file a complaint with the CAI

Contact: dpo@secuaas.com — Response time: 30 days.

Les Entreprises SecuAAS Inc. — Quebec, Canada
Last updated: 2026-03-04

1

Cookies & Law 25 Compliance

ConformVault only uses essential cookies for authentication and security. Our internal analytics system is 100% compliant with Quebec's Law 25: no IP addresses, no tracking cookies, no digital fingerprinting, and no personal information is collected or stored.

Law 25 — No personal information collected. Hosted in Quebec.

Learn more in our Cookie Policy and Law 25 Compliance.