Privacy Policy

How Isaphia Security Inc. and the Isaphia ASM platform handle your information.

Last updated: May 18, 2026

Isaphia Security Inc. (“Isaphia,” “we,” “us”) respects your privacy. This policy explains what personal information we collect through our website (isaphia.com) and the Isaphia ASM platform, why we collect it, who we share it with, and the choices available to you.

Isaphia is headquartered in Toronto, Ontario, Canada. We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

1. Information we collect

1.1 Information you provide

  • Contact and proposal requests. When you submit our contact form or email us, we collect your name, business email, organization, and the contents of your message.
  • Isaphia ASM tenants. If your organization is an Isaphia ASM customer, we collect account information (administrator names, business email addresses, organization details), the seed domains and assets you authorize us to scan, and security findings produced by the platform.
  • Engagement deliverables. For consulting engagements (penetration testing, red teaming, advisory, etc.), we receive whatever information you choose to share for scoping and execution. These are governed by the engagement contract and any associated NDA.

1.2 Information collected automatically

  • Server and CDN logs. Our website is hosted on GitHub Pages and uses Cloudflare and Google-hosted libraries for fonts and icons. These providers automatically log IP addresses, user-agent strings, referrer, and timestamps as part of standard web hosting and content delivery.
  • Isaphia ASM platform logs. The Isaphia ASM application logs authentication events, API requests, and administrative actions for security, audit, and abuse-prevention purposes.

1.3 Cookies and tracking

The isaphia.com marketing website does not set first-party tracking cookies and does not use advertising trackers or third-party analytics for behavioral profiling. Embedded third-party resources (Google Fonts, Font Awesome / Cloudflare CDN, LinkedIn icons) may set their own cookies under their respective privacy policies.

The Isaphia ASM application uses strictly necessary session cookies required for authentication. These are not used for tracking or advertising.

2. How we use information

  • To respond to inquiries, prepare proposals, and deliver the services you request.
  • To operate, secure, and improve the Isaphia ASM platform.
  • To meet contractual, legal, regulatory, and accounting obligations.
  • To detect, prevent, and respond to fraud, abuse, or security incidents affecting our services or yours.

3. Sharing with third parties

We do not sell personal information. We share information only with:

  • Service providers acting on our behalf, such as our website host, contact-form intake provider, cloud infrastructure, and email providers. These third parties handle information only as needed to deliver their service to us and are bound by appropriate confidentiality obligations. A current list of providers is available on request to enterprise customers under NDA.
  • Professional advisors such as legal counsel, accountants, or auditors, under appropriate confidentiality obligations.
  • Authorities, where required by law, court order, or to protect the rights, safety, or property of Isaphia, our customers, or the public.
  • Successors in connection with a merger, acquisition, or sale of assets, with notice to affected individuals where required.

4. International transfers

Some of our service providers are located outside Canada, including in the United States. Where personal information is transferred internationally, we rely on contractual safeguards consistent with PIPEDA.

5. Data retention

We retain personal information only for as long as needed to fulfill the purposes described in this policy, to comply with legal and contractual obligations, and to resolve disputes. Inquiry and proposal data is retained for the duration of the prospective engagement plus a reasonable follow-up period. Isaphia ASM customer data is retained for the term of the customer agreement and the period required by that agreement for export and deletion.

6. Security

Isaphia applies administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle, including access controls, encryption in transit, hardened cloud configurations, and continuous monitoring of our own external attack surface. No system is perfectly secure; if we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate or incomplete information;
  • Withdraw consent where processing is based on consent; and
  • File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

To exercise any of these rights, email info@isaphia.com. We may need to verify your identity before responding.

8. Children

Isaphia’s services are intended for businesses and security professionals. We do not knowingly collect personal information from children.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the “Last updated” date above. Significant changes affecting Isaphia ASM customers will also be communicated through the platform or by email.

10. Contact

Questions, requests, or complaints about this policy or our handling of personal information can be directed to:

Isaphia Security Inc.
Toronto, Ontario, Canada
Email: info@isaphia.com