Privacy Policy

Effective date: September 29, 2025

Panevo Services Limited (“us”, “we”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose and protect personal data in connection with:

Visitors to our public website at Panevo.com
Users of our B2B SaaS platforms: ioTORQ EMIS and ioTORQ LEAN (the “Services”)

We comply with applicable privacy and data protection laws, including the EU General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec Law 25, and the California Consumer Privacy Rights Act (CPRA).

We use your data to provide and improve the Services. By using the Services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1 Information We Collect

We may collect the following categories of personal data:

Account information: name, email address, company, role, login credentials.
Usage data: user activity within our Services (via Posthog), telemetry data from customer systems integrated with ioTORQ EMIS or ioTORQ LEAN.
Website data: IP address, browser type, device information, and analytics (via Google Analytics cookies).
Communications: records of your support requests, emails, or inquiries.

We do not intentionally collect or process children’s personal information. Our Services are intended for business users only and are not directed at individuals under the age of 16.

2 How We Use Personal Data

Panevo Services Limited uses the collected data for various purposes:

We process personal data for the following purposes:

To provide and operate our Services
To manage customer accounts and billing
To improve our website, products, and user experience
To provide technical support and respond to inquiries
To meet our legal, security, and contractual obligations

We do not use personal data for automated decision-making that produces legal or similarly significant effects.

3 Legal Basis for Processing (GDPR / Law 25)

Where GDPR or Quebec Law 25 applies, our lawful bases for processing may include:

Performance of a contract (to deliver our Services)
Legitimate interests (to improve, secure, and operate our Services)
Consent (for optional analytics cookies and marketing communications)
Legal obligations (to comply with regulatory or contractual requirements)

4 Cookies and Tracking

We use cookies and similar technologies on panevo.com including:

Essential cookies (required for website functionality)
Analytics cookies (Google Analytics)

You may adjust your cookie preferences through our cookie banner (opt-in in the EU/UK, opt-out in California) or via browser settings.

5 Retention of Data

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law or contract. Once no longer needed, data is securely deleted in accordance with our Information Security Policy.

6 International Data Transfers

Our Services are hosted on Microsoft Azure (Canada and U.S.).

We use Sendgrid (U.S.) to send emails, Posthog (U.S.) to analyze in-app usage, and Google Analytics (U.S.) on our website.

Canada is recognized by the European Commission as providing adequate protection.

For transfers to the U.S., we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards, and ensure subprocessors are bound by contractual obligations consistent with GDPR and Law 25.

7 Sharing with Third Parties

We share personal data only with:

Service providers (Azure, Sendgrid, Posthog, Google Analytics) acting on our behalf under strict contractual safeguards
Professional advisors (legal, accounting)
Authorities or regulators, if required by law

We do not sell or share personal information for advertising purposes.

8 Security of Data

We maintain strict technical and organizational measures, audited under our SOC 2 Type II program, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Access controls with least privilege and multi-factor authentication
Continuous monitoring, logging, and annual penetration testing
Incident response procedures aligned with privacy regulations

9 Your Privacy Rights

Depending on your location, you may have the right to:

Access your personal data
Correct or update inaccurate data
Request deletion of your data
Restrict or object to processing
Receive a copy of your data (portability)
Withdraw consent (where processing is based on consent)
File a complaint with a supervisory authority

To exercise your rights, contact us at privacy@panevo.com

10 California Privacy Rights (CPRA)

California residents have additional rights:

Right to know categories of data collected and disclosed
Right to delete personal information
Right to opt-out of sale or sharing of personal data (Panevo does not sell personal data)
Right to limit use of sensitive data
Right to non-discrimination for exercising privacy rights

Requests may be made to privacy@panevo.com

11 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The effective date will be updated on this page. For material changes, we will also notify customers by email.

1.1 Information We Collect