Complete Privacy Policy
Who We Are
Sergio is operated by Axenvoy Inc., a federally incorporated Canadian corporation with its principal place of business in Saskatchewan, Canada. We provide field service management software designed to help businesses manage their operations efficiently and securely. We take your privacy seriously.
Platform Relationship (B2B2C)
Sergio operates as a business-to-business-to-consumer (B2B2C) platform. This means your information flows through multiple parties, and we want you to understand exactly how this works.
The Service Provider (Tenant)
The business you requested service from (e.g., a window cleaning company) collects your information to provide their services. They are the data controller — they decide what information to collect and how to use it for their business purposes.
Sergio (Axenvoy Inc.)
We provide the software platform that service providers use to manage their operations. We are a data processor — we process your data on behalf of the service provider according to their instructions and our contractual obligations.
What This Means For You
When you submit a service request, your data is stored in Sergio's secure infrastructure but controlled by the service provider you chose. Both parties are responsible for protecting your privacy. You can contact either the service provider directly or Sergio's Privacy Officer with privacy concerns.
Your Rights Apply to Both
You can exercise your privacy rights (access, correction, deletion) by contacting either:
- The service provider who collected your information, or
- Sergio's Privacy Officer at legal@axenvoy.com
What Information We Collect
Information You Provide
For Customers:
- Name, email, phone number, and service address
- Photos of your property for quoting and service reference
- Window count, special access requirements, and preferences
- Service notes and special instructions
For Internal Users:
- Work email and password credentials
- Role and access permissions
- Account activity and usage logs
- Team assignment and scheduling information
Information Collected Automatically
- IP address, browser type, and device information
- Pages visited, features used, and time spent in the app
- Login attempts and authentication events
- Error logs and performance metrics
Payment Card Information
We do not directly collect or store payment card information. Payment processing is handled securely by Stripe. We only record invoice amounts, payment status, and transaction IDs.
How We Use Your Information
1. Deliver Services
- Schedule and complete service jobs
- Send appointment reminders and service updates
- Generate and send invoices and quotes
- Manage your account and service history
2. Improve Operations
- Optimize routes for efficient service delivery
- Train staff and ensure quality control
- Debug technical issues and improve the platform
3. Communicate About Service
- Respond to inquiries and support requests
- Send appointment reminders via SMS and email
- Request feedback on completed jobs
- Send invoices, quotes, and payment reminders
Marketing Communications (Email Only)
Marketing communications are sent exclusively via email to customers who have explicitly opted in. We never send marketing messages via SMS. Service-related communications (reminders, invoices) are sent via SMS and email as they're essential to service delivery.
Who We Share Information With
We Do Not Sell Your Data
We do not sell, rent, or trade your personal information. Period.
Service Providers (Sub-Processors)
These companies help us operate Sergio and are contractually required to protect your data:
- Supabase - Database hosting (Canadian data centers)
- Cloudflare - Security and DDoS protection
- Mapbox - Mapping and routing services
- Stripe - Payment processing
- Resend - Email delivery
- Telnyx - VoIP calling, SMS messaging, phone number provisioning
- Anthropic - AI inference services (support bot, damage assessment, photo moderation)
- QuickBooks (Intuit) - Optional accounting integration (opt-in only)
How Long We Keep Your Information
Customer Records:
- Active customers: Duration of service + 7 years (tax compliance)
- Leads with no service: Up to 24 months
- Marketing data: Retained until opt-out or deletion
Security Logs:
- Audit logs and security events: 2 years
Staff Accounts:
- Active employment + 1 year after separation
How We Protect Your Information
Technical Safeguards
- Encryption in transit (HTTPS/TLS) and at rest (AES-256)
- Role-based access controls
- Secure authentication via Supabase
- Network firewalls and intrusion detection
Organizational Measures
- Staff training on privacy and data handling
- Confidentiality agreements with employees
- Regular access reviews and permission audits
- Incident response procedures
Your Rights
Access Your Information
Request a copy of the personal information we hold about you. We'll provide it within 30 days.
Correct Your Information
Ask us to correct inaccurate or incomplete records. We'll update promptly.
Delete Your Information
Request deletion of your personal information. We will comply unless legally required to retain it for:
- Tax and accounting (up to 7 years per CRA requirements)
- Active legal disputes or unpaid invoices
- Regulatory investigations or court orders
Export Your Data
Request a copy of your data in portable format (CSV, JSON) to transfer elsewhere.
California Privacy Rights (CCPA/CPRA)
We Do Not Sell Your Personal Information
Sergio does not sell, share, or use your personal information for cross-context behavioral advertising. We have not sold personal information in the preceding 12 months.
Your California Rights
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected
- Right to Delete: Request deletion of your personal information (subject to certain exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information (we don't sell, but you can still exercise this right)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Limit: Limit use of sensitive personal information (we minimize collection of sensitive data)
Categories of Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers: Name, email address, phone number, IP address
- Commercial Information: Service history, invoices, quotes
- Geolocation Data: Service address for scheduling purposes
- Internet Activity: Browsing history within our platform, interactions with our services
Sensitive Personal Information (CPRA)
We collect and use sensitive personal information ONLY for the following purposes:
| Category | Purpose | Necessity |
|---|---|---|
| Precise Geolocation | Turn-by-turn navigation, geofencing for job completion | Required for service delivery |
| Account Credentials | User authentication and account security | Required for platform access |
We do NOT use sensitive personal information for:
- Inferring characteristics about you
- Advertising or marketing purposes
- Profiling or automated decision-making
- Any purpose beyond service provision
Right to Limit: California residents may request we limit use of sensitive personal information to what is necessary to perform services. Contact legal@axenvoy.com to exercise this right.
How to Exercise Your Rights
Submit a verifiable consumer request by emailing legal@axenvoy.com with "CCPA Request" in the subject line. We will respond within 45 days. You may also designate an authorized agent to make a request on your behalf.
Note: We do not sell personal information, but this link is provided for CCPA compliance.
Cookies and Local Storage
Sergio works without cookies or local storage.
However, with your permission, we can improve your experience by storing preferences like theme selection, dashboard views, and recently viewed data for faster loading.
Your Choice: Accept for better performance, or decline and the platform works perfectly (preferences just reset each session).
What We Never Do
- Use cookies for advertising or cross-site tracking
- Sell or share your data with third parties
- Require cookies for core functionality
International Data Transfers
Your data is primarily stored in Canadian data centers (via Supabase). However, some service providers operate globally:
- Stripe: May process payment data in the United States with appropriate safeguards
- Cloudflare: Operates a global content delivery network
- Resend: May process email data in the United States
- Telnyx: VoIP and SMS services processed in the United States
- Anthropic: AI inference services in the United States
- QuickBooks (Intuit): Accounting integration in the United States (opt-in only)
All transfers are protected by standard contractual clauses and security measures equivalent to Canadian privacy standards.
Data Breach Notification
In the unlikely event of a security breach involving your personal information that creates a real risk of significant harm, we will:
1. Notify You Directly
We will contact you as soon as feasible via your email address on file. Our notification will include the nature of the breach, approximate date, types of information involved, steps we are taking, and steps you can take to protect yourself.
2. Report to Authorities
We will report breaches to the Office of the Privacy Commissioner of Canada within 72 hours as required by PIPEDA.
3. Maintain Records
We maintain records of all breaches for a minimum of 24 months as required by law.
Quebec Law 25 Breach Register
In compliance with Quebec Law 25 (An Act to modernize legislative provisions as regards the protection of personal information), we maintain a register of all confidentiality incidents (breaches) affecting Quebec residents. This register:
- Is maintained for a minimum of 24 months from the date the breach was discovered
- Contains: nature of incident, categories of personal information affected, number of individuals affected, dates of discovery and notification, measures taken to reduce risk
- Is available for inspection by the Commission d'acces a l'information (CAI) upon request
Business customers (as data controllers) must maintain their own breach registers for incidents affecting their Quebec-based end customers.
Suspect a Breach?
If you believe your personal information has been compromised, contact our Privacy Officer immediately at legal@axenvoy.com.
How to File a Privacy Complaint
Under PIPEDA Principle 10, you have the right to challenge our compliance with privacy principles.
Step 1: Contact Us First
Email our Privacy Officer, Cody Lepine, at legal@axenvoy.com with details of your concern. We will acknowledge receipt within 5 business days and provide a substantive response within 30 days.
Step 2: Escalate if Unsatisfied
If you are not satisfied with our response, you may file a complaint with:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca
We will not penalize you in any way for filing a privacy complaint.