YourAtlas
Privacy Policy
Last updated: March 2025
About this policy
AQX Global Corp. dba YourAtlas ("YourAtlas", "we", "us", or "our") operates the YourAtlas Voice AI platform (youratlas.com). This policy explains how we collect, use, store, and protect personal information — both when we act as a data controller (for our own business operations) and as a data processor (on behalf of enterprise customers).
YourAtlas complies with applicable privacy legislation across the jurisdictions where it operates, including the California Consumer Privacy Act (CCPA) for California residents; Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64), and applicable provincial privacy legislation (including Alberta's Personal Information Protection Act) for Canadian customers; and other applicable US state and federal privacy laws.
Data subjects whose personal information is processed by a YourAtlas enterprise customer acting as data controller should consult that customer's own privacy policies.
1. Controller vs. Processor
YourAtlas processes personal information in two distinct capacities:
• As a data controller — for our own business operations, including managing customer relationships, billing, marketing, and recruitment. This section of the policy applies to that processing.
• As a data processor — when operating the YourAtlas Voice AI platform on behalf of enterprise customers. In this capacity, we process personal information strictly according to our customers' documented instructions and the terms of a Data Processing Agreement (DPA). The customer is the data controller.
This privacy policy covers both capacities. Enterprise customers seeking information about how YourAtlas processes their end-users' data should refer to their DPA and the YourAtlas Cybersecurity & Data Breach Response Policy.
2. What Personal Information We Collect
2.1 Information You Provide Directly
YourAtlas collects personal information that you voluntarily provide when you:
• Register on the YourAtlas website, knowledge base, or community
• Request a demo, contact a solutions consultant, or inquire about our services
• Interact with YourAtlas social media or marketing campaigns
• Register for events, webinars, or roundtables
• Apply for a job or submit a resume
• Download resources from the YourAtlas website
• Contact us directly by phone, chat, or email
The information collected includes: identification data (first name, last name), contact data (business email address, business phone number), and professional details (role, company name, country). For job applicants, we collect information provided in resumes, cover letters, and LinkedIn profiles.
2.2 Information from Third-Party Sources
YourAtlas may use business contact information collected by third parties — including your employer, reseller partners, trusted strategic alliances, and professional contact databases. We conduct appropriate privacy and security assessments to ensure such collection is lawful. The information used is: name, business email, business phone number, role, company, and LinkedIn profile.
2.3 Information from Publicly Accessible Sources
YourAtlas may collect publicly available information (such as from LinkedIn) for recruitment purposes. This includes identification, contact data, job details, and skills.
2.4 Information Processed on Behalf of Enterprise Customers
When operating the YourAtlas Voice AI platform on behalf of enterprise customers, we may process personal information about their end-users (e.g., appointment callers, outbound reminder recipients). The categories of personal information processed, and the purposes for processing, are defined exclusively by the enterprise customer in the applicable DPA. YourAtlas does not use enterprise customer personal information to train, fine-tune, or improve AI models without explicit written authorization from the customer.
3. Why We Collect Personal Information
YourAtlas collects the minimum information necessary for identified purposes. Legal bases include performance of a contract, legitimate interest, and consent (where required). Purposes include:
• Responding to inquiries and providing demo access
• Recruitment and hiring management
• Supporting sales efforts and customer relationship management
• Sending marketing information about products and services (B2B; opt-out available)
• Managing contractual relationships, including billing and payments
• Providing customer support
• Managing business relationships with vendors, resellers, and partners
• Event registration and management
• Complying with applicable laws, regulations, and export controls
• Asserting or defending legal claims
YourAtlas does not sell personal information and does not permit sub-processors to sell personal information (as "sell" is defined under the CCPA and applicable law).
4. Where Is Personal Information Stored?
Data residency depends on the services contracted.
Enterprise customers with US data residency requirements: All personal information processed on your behalf is stored and processed exclusively within US, using Microsoft Azure US. No personal information is transferred, accessed, or stored outside of United States borders.
Enterprise customers with Canadian data residency requirements: All personal information processed on your behalf is stored and processed exclusively within Canada, using Microsoft Azure Canada. No personal information is transferred, accessed, or stored outside of Canadian borders.
All other customers and YourAtlas's own business operations: Personal information may be stored and processed in Canada or the United States, by YourAtlas and its affiliates. The applicable data residency commitment for your organization is specified in your Data Processing Agreement (DPA).
Personal data, when held physically, is stored in the same location as where it was produced.
YourAtlas achieves data residency commitments through the following technical controls:
• Hosting on Microsoft Azure infrastructure, with Canadian-only regions for customers requiring Canadian data residency
• AES-256 encryption for all data at rest; TLS 1.2+ encryption for all data in transit
• No cross-border replication or backup to non-compliant regions
• Role-based access controls and multi-factor authentication (MFA) for all administrative access
• All access to customer personal information is logged with tamper-evident audit trails
5. How Is Personal Information Protected?
YourAtlas has implemented an Information Security and Privacy Information Management System (ISMS/PIMS) and Business Continuity Management System (BCMS) as a framework for continuous improvement of security, privacy, and business continuity. Key controls include:
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Multi-factor authentication (MFA) required for all staff accessing production systems
• Role-based access controls enforcing minimum privilege
• Regular vulnerability scanning and penetration testing
• Employee privacy and security awareness training
• Third-party vendor due diligence and contractual data processing agreements
• Regular testing of business continuity and disaster recovery plans
6. Security Incidents & Breach Notification
In the event of a confirmed breach of security safeguards involving personal information, YourAtlas will notify affected enterprise customers promptly and in all cases within 72 hours of confirmation, regardless of whether regulatory reporting thresholds are met.
Where a breach poses a real risk of significant harm to individuals, YourAtlas will report to the relevant regulatory authority:
• Canada: Office of the Privacy Commissioner of Canada (OPC) under PIPEDA; Commission d'accès à l'information (CAI) for Quebec residents under Law 25
• United States: Applicable state regulators in accordance with state breach notification laws
YourAtlas will cooperate fully with affected customers to support their independent notification obligations to individuals and regulators, including providing forensic findings, timelines, and evidence of containment measures. YourAtlas maintains records of all security incidents for a minimum of 24 months.
For detailed information on YourAtlas's incident response process, please refer to our Cybersecurity & Data Breach Response Policy, available upon request.
7. How Long Is Personal Information Retained?
Retention periods depend on the purposes of processing. YourAtlas retains personal information only as long as necessary to fulfil the identified purpose, comply with legal obligations, or resolve disputes.
• For enterprise customer data: retention periods are defined in the applicable DPA. YourAtlas does not retain personal information beyond the contractually agreed period. Upon account or contract termination, customer personal information is deleted or returned as specified in the DPA.
• For YourAtlas's own business operations data: retained as long as necessary for the purpose collected, or as required by applicable law.
More details on specific retention periods can be obtained from the Data Protection Officer at [email protected].
8. Who May Personal Information Be Shared With?
YourAtlas may share, transfer, or disclose personal information in the following circumstances:
• Trusted SaaS sub-processors acting according to YourAtlas instructions and bound by data processing agreements (see Section 9)
• Reseller partners and strategic alliances supporting YourAtlas's sales efforts, in accordance with applicable privacy law
• Event partners and sponsors of YourAtlas-promoted events, in accordance with applicable privacy law
• YourAtlas affiliates, in accordance with YourAtlas security and privacy policies
• Potential buyers in connection with a merger, acquisition, or transfer, subject to confidentiality obligations
• Government entities or law enforcement where required by applicable law
YourAtlas does not sell personal information and does not permit sub-processors to sell personal information.
9. Sub-Processors
YourAtlas engages sub-processors to support platform delivery. All sub-processors are bound by contractual obligations to: process personal information only in permitted locations; maintain security standards no less stringent than YourAtlas's own; notify YourAtlas within 24 hours of any security incident; and cooperate fully in investigations.
A current list of sub-processors can be provided upon request to [email protected].
10. Your Rights
Your rights depend on the jurisdiction in which you are located. YourAtlas will respond to all rights requests without undue delay and within applicable legal timeframes.
10.1 Rights Available to All Individuals
• Right of access — obtain confirmation of whether your personal information is being processed, and access to that information
• Right to rectification — correct inaccurate personal information
• Right to erasure / to be forgotten — request deletion of your personal information
• Right to restrict processing — limit how your personal information is used
• Right to data portability — receive your personal information in a structured, machine-readable format
• Right to object — object to processing for reasons related to your particular situation
• Right not to be subject to automated decision-making — not to be subject to decisions based solely on automated processing
• Right to withdraw consent — remove consent for specific processing at any time
• Right to complain — submit a complaint to the competent supervisory authority in your jurisdiction
10.2 Additional Rights for California Residents (CCPA)
In accordance with the California Consumer Privacy Act (CCPA), California residents have the right to:
• Know what personal information has been collected, used, and shared
• Delete personal information collected from them
• Opt out of the sale or sharing of personal information
• Non-discrimination for exercising CCPA rights
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information
For grievances, California residents may also contact the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814 (phone: 916-445-1254 or 800-952-5210; email: [email protected]). See also: ftc.gov.
10.3 Additional Rights for Canadian Residents
In addition to the rights above, individuals in Canada have rights under PIPEDA, Quebec Law 25, and applicable provincial privacy legislation, including the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or the Commission d'accès à l'information (Quebec).
10.4 Exercising Your Rights
Submit a request to the Data Protection Officer by email at [email protected]. We may ask you to verify your identity before processing your request.
11. Your Choices
• Marketing messages: Opt out of email marketing by clicking the unsubscribe link in any marketing email or by emailing [email protected].
• Events: Registration for YourAtlas events is voluntary. YourAtlas collects only the information needed to register you and communicate event details.
• Cookies: When visiting our website, you may decline non-essential cookies. See our Cookie Policy for details.
12. Cookies & Similar Technologies
YourAtlas uses cookies and similar technologies on its website for functionality, analytics, and marketing purposes. Details are provided in our Cookie Policy, accessible on our website. You may manage cookie preferences at any time through your browser settings or our cookie consent banner.
13. Contact & Data Protection Officer
YourAtlas Data Protection Officer
AQX Global Corp. dba YourAtlas
Email: [email protected]
Website: youratlas.com/privacypolicy
For security incidents, enterprise customers should use the dedicated contact channel provided in their Data Processing Agreement.
This policy is reviewed and updated at minimum annually, or following any material change to YourAtlas's operations, platform, or applicable regulatory requirements. Material changes will be communicated to enterprise customers via email to the designated contact on file.