Vastura Digital

Privacy Policy

Effective 2026-06-01. Privacy questions, data-access requests, or DPA requests: info@vastura.ca.

1. Who we are

Vastura Ltd is an Alberta-incorporated corporation operating vasturadigital.ca and the related SaaS products described at /pages/catalogue. We act as a controller of personal information about visitors to our marketing site and account-holders, and as a processor of personal information that subscribers ingest into the Services (Customer Content). Throughout this Policy, "we", "us", "Vastura" means Vastura Ltd.

2. What we collect

Marketing-site visitors

Subscribers

3. How we use it

4. Lawful basis (PIPEDA)

We collect, use, and disclose personal information only for purposes a reasonable person would consider appropriate in the circumstances, with your knowledge and consent (express or implied) where required by PIPEDA. You may withdraw consent at any time subject to legal or contractual restrictions; doing so may prevent us from continuing to provide the Services.

5. How we share it

We do not sell personal information. We share it only with the sub-processors listed below to provide the Services, with our professional advisors under confidentiality, when legally required, or in connection with a corporate transaction (merger or sale) where the acquirer agrees to honour this Policy.

6. Sub-processors

We engage the following sub-processors to deliver the Services. We will provide reasonable notice of changes via this page.

Sub-processor Purpose Location
Stripe Inc. Payment processing & subscription billing United States (PCI-DSS Level 1)
Cloudflare Inc. Edge compute, D1 database, R2 object storage, CDN Global (data residency Canada/US)
Anthropic PBC AI model processing for product features United States (zero data retention via API)
Shopify Inc. Marketing storefront (vasturadigital.ca only) Canada / United States
Resend Transactional email delivery United States
Render Services Inc. Backend hosting United States

DocuSign and Google Analytics 4 may be engaged in the future and will be added here with notice.

7. Cross-border transfers

Some sub-processors store and process data outside Canada. We rely on contractual protections (DPAs, standard contractual clauses where applicable) and on industry-recognised security certifications held by those sub-processors. By using the Services, you consent to this transfer for the stated purposes.

8. Retention

We retain account information for as long as you maintain an active subscription and for a reasonable period afterwards (typically 36 months) to comply with tax, audit, and legal-defence requirements. Customer Content is deleted from active systems within 30 days of account closure on written request. Backups are retained per our backup-retention schedule and are deleted on rolling cycles.

9. Security

We implement administrative, technical, and physical safeguards commensurate with the sensitivity of the information processed. These include encryption in transit (TLS 1.2+), encryption at rest where supported by our sub-processors, role-based access control, audit logging (append-only), least-privilege access, and security training for staff.

10. Your rights

You may request access to, correction of, or deletion of your personal information by emailing info@vastura.ca. We will respond within 30 days, subject to verification of identity and applicable legal exceptions. You may also complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) if you believe we have not complied with PIPEDA.

11. Cookies & tracking

See our Cookie Policy. We display a cookie consent banner on first visit and gate non-essential cookies (analytics, marketing) behind your explicit consent.

12. Children

The Services are not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy. Material changes will be notified by email or via the subscriber dashboard. The current version is always at this URL.

14. Contact

Privacy Officer
Vastura Ltd
Alberta, Canada
info@vastura.ca