Privacy Policy

Information We Collect

When you work with Morthex, we collect different types of information depending on how you interact with us. Here's what that looks like in practice:

Information You Give Us Directly

When you reach out for a consultation or engage our testing services, you'll share basic details with us. This typically includes your name, email address, phone number, and company information. If you're sending us an app for testing, we'll also need technical specifications and access credentials.

Technical Information We Gather

Our website collects standard technical data—things like your IP address, browser type, and device information. We track which pages you visit and how long you stay. This helps us understand what content is useful and what needs work.

Testing Data

When we test your mobile applications, we collect performance metrics, crash reports, user interaction data, and quality assurance findings. This is the core of what we do, and we treat this information with particular care since it often contains sensitive business information.

How We Use Your Information

Everything we collect serves a specific purpose. We don't gather data just for the sake of it.

• Delivering our testing and validation services to you—this is the big one
• Communicating about your projects, sending reports, and answering questions
• Improving our testing methodologies based on what we learn
• Maintaining the security and functionality of our systems
• Meeting our legal obligations under Canadian law
• Sending occasional updates about our services if you've opted in

Legal Basis for Processing (Canadian Context)

Under Canadian privacy laws, particularly PIPEDA (Personal Information Protection and Electronic Documents Act), we need legitimate reasons to process your information. Here's our legal standing:

• Contractual necessity: We need your information to fulfill our testing services agreement with you
• Consent: For marketing communications and non-essential uses, we ask for your explicit permission
• Legitimate interests: We process certain data to improve our services and maintain security, balanced against your privacy rights
• Legal compliance: Sometimes we're required by law to retain or process certain information

How We Share Information

We keep your information within Morthex whenever possible. But there are specific situations where we need to share data with others:

Service Providers

We work with carefully selected third-party services that help us run our business—things like cloud hosting providers, email services, and project management tools. These providers only get access to the information they need to do their job, and they're contractually bound to protect your data.

Legal Requirements

If we receive a valid legal request from Canadian authorities or need to protect our legal rights, we may need to disclose information. We'll always notify you unless we're legally prohibited from doing so.

Business Transfers

If Morthex is acquired or merges with another company, your information would transfer to the new entity. We'd notify you well in advance and explain any changes to how your data is handled.

Data Security Measures

Security isn't just a checkbox for us—it's fundamental to our testing business. We protect your information using multiple layers of security:

• All data transmission is encrypted using industry-standard TLS protocols
• Testing data is stored on encrypted servers with restricted access
• Our team members only access information relevant to their specific projects
• We maintain regular backups in secure, geographically distributed locations
• Annual security audits help us identify and address potential vulnerabilities
• Two-factor authentication protects all administrative access

That said, no system is perfectly secure. We do everything reasonably possible to protect your data, but we can't guarantee absolute security. If we ever experience a data breach that affects you, we'll notify you promptly and explain what happened.

Your Privacy Rights

Canadian privacy law gives you significant control over your personal information. Here's what you can do:

To exercise any of these rights, just send us an email. We'll respond within 30 days and verify your identity before proceeding. There's no charge for most requests, though we might ask you to cover reasonable costs for extensive requests.

Data Retention

We don't keep your information longer than necessary. Our retention periods depend on the type of data and why we collected it:

• Active project data: Retained throughout the project and for 90 days after completion
• Testing reports and findings: Kept for 24 months to support ongoing app maintenance and comparison
• Financial records: Maintained for 7 years to meet Canadian tax requirements
• Marketing communications data: Retained until you unsubscribe or request deletion
• Website analytics: Aggregated and anonymized after 18 months

Once the retention period ends, we securely delete or anonymize your information. You can always request earlier deletion, though we might need to retain certain information for legal compliance.

Cookies and Tracking

Our website uses cookies—small text files stored on your device. We use them sparingly and purposefully:

Essential Cookies

These keep our website functioning properly. They remember your preferences and maintain security. You can't fully use our site without these.

Analytics Cookies

We use analytics to understand how visitors use our site. This data is aggregated and doesn't identify you personally. You can opt out if you prefer.

We don't use advertising cookies or third-party tracking for marketing purposes. Most browsers let you control cookie settings—check your browser's help section for instructions.

International Data Transfers

Morthex operates primarily in Canada, and we store most data on Canadian servers. However, some of our service providers use servers in other countries, including the United States.

When we transfer data internationally, we ensure adequate protections through standard contractual clauses and by working only with providers that maintain strong security standards. Your information remains protected regardless of where it's processed.

Children's Privacy

Our services are designed for businesses and professionals. We don't knowingly collect information from anyone under 18. If you're a parent who believes we've inadvertently collected your child's information, please contact us immediately so we can delete it.

Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email or through a prominent notice on our website.

The "Last Updated" date at the top of this page tells you when we last revised the policy. We encourage you to review it periodically, especially before starting a new project with us.