Privacy Policy

This Privacy Policy explains how we collect, use, and disclose personal information that we obtain from users of our website and platform.

Commitment to Privacy

At SIFO, we take your privacy very seriously and are committed to protecting your personal information. This policy outlines how we collect, use, and safeguard your information when you use our website and services. We encourage you to read this policy carefully to understand our practices and how we use your information.

Legal Basis for Processing Personal Data

In compliance with Bill 25, GDPR, CCPA, and PIPEDA, we process personal information based on:

  • User consent (when you provide your data voluntarily).
  • Contractual necessity (to provide you with our services).
  • Legal obligations (when required by law).
  • Legitimate interests (to improve and secure our services).

Information We Collect

We collect the following personal information from users:

  • Name
  • Email address
  • Password
  • IP address
  • Device and browser type
  • Usage data (interactions with our platform)

We collect this information when users sign up for an account, interact with our platform, or contact support.

How We Use Personal Information

We use personal information for the following purposes:

  • To create and maintain user accounts on our platform.
  • To communicate with users about their accounts, our services, and any updates or changes to our policies or terms of service.
  • To improve our services and user experience.
  • To detect, prevent, and respond to security issues or fraudulent activities.

Google User Data Access and Usage

Our platform requests access to Google Analytics data to automate the GA4 setup and tracking process for users of our website builder. Specifically, we request the following OAuth scopes:

  • https://www.googleapis.com/auth/userinfo.email – Used to authenticate users via "Sign in with Google" and manage account access to our platform.
  • https://www.googleapis.com/auth/analytics.edit – Used to create and configure GA4 properties, data streams, and retrieve the Measurement ID for integration into user websites.
  • https://www.googleapis.com/auth/analytics.readonly – Used to retrieve analytics data and display insights within the user's dashboard.

How We Use Google User Data

We use Google user data strictly for the following purposes:

  • Authentication and account management through the "Sign in with Google" feature
  • Automating the setup and configuration of GA4 for users' websites.
  • Providing users with analytics insights within our platform's dashboard.
  • Ensuring seamless integration of GA4 tracking without requiring manual setup.

Data Storage and Sharing

We do not store any Google user credentials or sensitive data beyond what is necessary for integration.

We do not share Google user data with third parties except as required to provide the requested services (e.g., securely storing GA4 configuration within the user's account).

Users can disconnect their Google account at any time, which will remove access to their Google Analytics data from our platform.

By granting these permissions, users allow our platform to automate GA4 tracking, improving their website analytics experience while maintaining full control over their data.

Revoking Access

Users can revoke access granted any time with these steps:

  1. Head to Your Google Account: Open your web browser and visit https://myaccount.google.com.
  2. Security Settings: Click on "Security" from the left-hand menu.
  3. Manage App Access: Scroll down to the "Third-party apps with account access" section and click "Manage third-party access."
  4. Find the App: Locate the app or website whose access you want to revoke.
  5. Revoke Access: Click on the app and choose "Remove Access."

No Use of Google Workspace APIs for AI/ML Training

Important Note: We do not use Google Workspace APIs in our application. Our integration is limited to Google Analytics APIs and Google Sign-In functionality only.

Furthermore, we explicitly affirm that:

  • We do not use any data obtained through Google APIs (including Google Analytics APIs) to develop, improve, or train generalized AI and/or machine learning models.
  • All Google user data is used solely for the specific purposes outlined in this privacy policy (authentication, analytics configuration, and dashboard display).
  • We maintain strict data boundaries and do not repurpose Google user data for any AI/ML training purposes.

This policy is in compliance with Google's API Services User Data Policy and Additional Requirements for Specific API Scopes.


Sharing of Personal Information

We do not share personal information with any third parties except:

  • When required by law or legal authorities.
  • When necessary for business operations (e.g., third-party payment processors, cloud storage services) under strict confidentiality agreements.
  • If we are involved in a merger, acquisition, or sale of assets, in which case users will be notified.

Data Retention

We retain personal information only for as long as necessary to fulfill its intended purpose or comply with legal requirements. After this period, we securely delete or anonymize the data.

Data Security

We take appropriate measures to protect the security of user information, including:

  • Storing user information on secure servers.
  • Using encryption to protect user information during transmission.
  • Regularly monitoring our systems for potential vulnerabilities and threats.

Despite these measures, no data transmission over the Internet can be guaranteed to be 100% secure, and we cannot guarantee the absolute security of user information.

User Rights (GDPR, CCPA, Bill 25 & PIPEDA Compliance)

You have the following rights regarding your personal data:

  • Right to Access – You can request a copy of the data we hold about you.
  • Right to Rectification – You can request corrections to inaccurate or incomplete data.
  • Right to Deletion (Right to Be Forgotten) – You can request the deletion of your data.
  • Right to Data Portability – You can request your data in a machine-readable format.
  • Right to Restrict Processing – You can request to limit how we process your data.
  • Right to Withdraw Consent – You can withdraw consent for processing your data at any time.
  • Right to File a Complaint – If you believe we are mishandling your data, you can contact your local data protection authority.

California Consumer Privacy Act (CCPA) Rights

If you are a resident of California, USA, you have the following additional rights under the CCPA:

  • Right to Know – You can request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete – You can request the deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out – You can opt out of the sale of your personal information, if applicable.
  • Right to Non-Discrimination – We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at the provided details below.

Personal Information Protection and Electronic Documents Act (PIPEDA)

As a company operating in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which provides protection for personal information held by private sector organizations in Canada. Under PIPEDA, you have the right to access your personal information and request corrections if it is inaccurate. You may also request that we delete your personal information, subject to applicable legal requirements.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve user experience, analyze traffic, and enhance security. You can manage cookie preferences through your browser settings.

Data Transfers Outside Quebec & the EU

If we transfer your personal data outside Quebec, the European Union, or any other jurisdiction with strict data protection laws, we ensure that adequate protection measures are in place, such as data processing agreements or standard contractual clauses.

Breach Notification

In case of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities in compliance with Bill 25, GDPR, CCPA, and PIPEDA.

Changes to Our Privacy Policy

We may update this Privacy Policy from time to time by posting a new version on our website. Users should check this page periodically to ensure that they are aware of any changes.

Contact Information & Privacy Officer

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us at:

📧 Email: info@sifo.ai

👤 Privacy Officer: S. Nouari