Webroots provides a software platform and related implementation services. This policy explains how information is collected, used, and protected across both our marketing website and our SaaS operations platform.
1. Scope
This policy applies to:
- Visitors to the Webroots website
- Clients using the Webroots SaaS platform
- Individuals whose information is processed through client-managed systems
Webroots may act as:
- A data controller for website visitors and direct client relationships
- A data processor for operational data managed by our clients
2. Information We Collect
A. Website and Marketing Data
- Contact form submissions
- Consultation requests
- Basic usage analytics
- Email communications
B. Client Account Data
- Organization name and billing details
- Administrative user accounts
- Support communications
C. Platform Operational Data (Processed on Behalf of Clients)
Depending on configuration, this may include:
- Registration information
- Participant details
- Membership records
- Payment references (no full card storage)
- Conference submissions and proceedings files
- Program attendance data
- Exhibitor and sponsor records
Clients control the data collected through their own systems.
3. How We Use Information
We use information to:
- Provide and maintain the Webroots platform
- Authenticate and secure user accounts
- Process payments through integrated providers
- Deliver support and implementation services
- Improve system reliability and performance
- Communicate essential service updates
We do not sell personal information.
4. Legal Basis
Where applicable, processing is based on:
- Contractual necessity
- Legal obligations
- Legitimate business interests
- Client instructions (when acting as a processor)
5. Data Retention
- Marketing inquiries are retained as long as reasonably necessary.
- Client account data is retained for the duration of the service relationship.
- Operational data is retained according to client configuration and contractual terms.
- Backup retention follows standard operational security practices.
6. Subprocessors and Infrastructure
Webroots may use third-party service providers for:
- Cloud hosting
- Payment processing
- Email delivery
- Security monitoring
These providers are contractually obligated to maintain appropriate safeguards.
7. Security
We apply practical administrative, technical, and organizational safeguards, including:
- Encrypted data transmission (TLS)
- Role-based access controls
- Infrastructure-level protections
- System monitoring and logging
No system can guarantee absolute security, but we design for operational reliability and controlled access.
8. International Data Transfers
Data may be processed in jurisdictions where our infrastructure providers operate. We rely on contractual safeguards where required.
9. Your Rights
Subject to applicable law, individuals may request:
- Access to their personal information
- Correction of inaccurate information
- Deletion where legally permitted
Requests should be directed to the relevant organization administering the data. General privacy inquiries may be sent to Webroots directly.
10. Contact
For privacy-related inquiries:
support@webroots.ca
