IntroductionScope Beta and Feedback Data DisclaimerGDPR ComplianceDefinitionsData CollectionData UsageData Sharing and using third-party tools and servicesDeveloper ResponsibilitiesCompliance and RightsLegal Bases for ProcessingSecurity MeasuresData RetentionInternational TransfersUpdates to the PolicyContact Information
This Privacy Policy applies specifically to the data practices associated with the Avanquest Developer Tools and related services. It outlines how we collect, use, disclose, and protect Personal Data from Developers and End Users interacting with Developer Applications. In addition to the provisions detailed here, this Privacy Policy incorporates and aligns with the Avanquest Global Privacy Policy, which provides a comprehensive overview of our general data handling practices. For more details, please refer to the Avanquest Global Privacy Policy.Welcome to Avanquest Developer Tools Privacy Policy. We are committed to protecting the privacy of our customers and ensuring compliance with applicable privacy laws, and their End Users (as defined in the Developer License Agreement). This Privacy Policy explains how we collect, use, disclose, and protect your Personal Data when you interact with our Developer Tools and the SodaPDF platform. The Personal Data processing activities of End Users is governed by the applicable Data Processing Agreement (DPA), where Avanquest acts as a data processor.This Privacy Policy applies to Personal Data collected from website visitors, service users, including account holders, and any other data subjects for whom Avanquest acts as a Data Controller. It explicitly excludes scenarios where Avanquest functions as a Data Processor, such as handling End User data from Developer Applications, which are governed by our Data Processing Agreement (DPA). This Policy serves as a supplement to, and does not replace, the Avanquest Global Privacy Policy.Beta Services: Any data collected through the use of beta versions of our Developer Tools may be subject to different security and operational standards. Beta features are provided “as-is” without guarantees of full data protection measures.Feedback Data: Data collected as part of a feedback or user experience testing is anonymized where possible. By submitting feedback, you agree that we may use this information to improve our services, without being obligated to implement suggested changes.

1. Controller Statement

For the purposes of Data Protection Laws, Avanquest acts as the Data Controller for the Personal Data collected from website visitors, service users, and account holders. As the Data Controller, Avanquest is responsible for determining the purposes and means of processing this data and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable regulations.

2. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure our compliance with GDPR and related laws. You can contact our DPO with any questions or concerns regarding data privacy at:

Data Protection Officer

Email:[email protected]

Mailing Address: 7075 Robert-Joncas Place, Suite 142, Saint-Laurent, QC H4M 2Z2,CanadaIn addition to the terms defined in the Developer License Agreement, the following terms and definitions apply specifically to this Privacy Policy:
  1. Personal Data: Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  2. Data Subject: The individual to whom Personal Data relates. For the purposes of this policy, Data Subjects may include both Developers who use our tools and End Users who interact with Developer Applications.
  3. Controller: The entity that determines the purposes and means of processing Personal Data. In the context of our Developer Tools, the Developer typically acts as the Controller with respect to the End User data.
  4. Processor: The entity that processes Personal Data on behalf of the Controller. Avanquest acts as a Processor when handling End User data as directed by Developers who use our Developer Tools.
  5. Developer: A business or individual using the SodaPDF Developer Tools to build and manage applications. Developers are responsible for complying with applicable data protection laws and ensuring that End Users’ rights are respected.
  6. End User: An individual who uses the Developer Applications created by Developers. End Users are Data Subjects whose Personal Data may be processed via the Developer Applications.
  7. Applicable Laws: All relevant legislation and regulations that govern the processing of Personal Data, including but not limited to Law 25 (Quebec), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA).
  8. Data Processing Agreement (DPA): A legally binding agreement between a Controller and a Processor that outlines the terms and conditions of data processing activities, ensuring compliance with applicable data protection laws.
  9. Business Associate Agreement (BAA): An agreement required under HIPAA for entities that handle Protected Health Information (PHI) on behalf of a covered entity. The BAA outlines responsibilities for safeguarding PHI and ensuring compliance with HIPAA.
  10. GDPR (General Data Protection Regulation): A comprehensive data protection law enacted by the European Union, which sets out obligations for organizations that process Personal Data of EU residents and grants rights to Data Subjects.
  11. CCPA and CPRA: The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), are state-level data protection laws that provide California residents with rights over their Personal Data and place obligations on businesses handling such data.
  12. HIPAA (Health Insurance Portability and Accountability Act): A U.S. federal law that governs the privacy and security of health information. It requires safeguards to protect the confidentiality and integrity of Protected Health Information (PHI).
  13. Technical and Organizational Measures (TOM): Security measures implemented by a Controller or Processor to ensure the protection of Personal Data. TOMs may include encryption, access controls, regular security assessments, and incident response plans.
  14. Protected Health Information (PHI): As defined by HIPAA, PHI includes any health-related information that can be linked to an individual, such as medical records or health insurance details.
We process different types of Personal Data from Data Subjects to deliver and enhance ourservices. The scope of data collection varies based on your interaction with the Avanquest Developer Platform (each or jointly, a Data Subject will be referred to as “Developer” and respective data processed will be referred to as “Developer Data” in this policy).

1. Website Visitors

Types of Data Collected: Information such as IP address, cookies information (consent-based), browser type, device information, and other online identifiers collected through website analytics and tracking tools. We may collect additional information provided to us directly by you in forms, subscriptions or registrations, or, if you reach out to us by email or any other form provided to you.Purpose: To analyze traffic, improve the user experience, and ensure website security. The purpose of any user-submitted data is provided in the context of the form or channel provided to you.Lawful basis: Consent and Legitimate InterestRetention:varied depending on the type of online tracker and your consent, rejection or deletion of data from your local storage.

2. Service Users and Account Holders

Types of Data Collected: Name, email address, company details, account credentials, billing information, and usage data related to the Developer Tools.Purpose: To manage accounts, provide services, deliver customer support, facilitate billing, and ensure compliance with our legal obligations.Lawful Basis: Processing is necessary for the performance of a contract and our legitimate interests, such as enhancing our services.

3. Other Relevant Data Subjects

Types of Data Collected: Data collected through forms, support tickets, or interactions with Avanquest representatives, which may include job title, organization name, and communication content.Purpose: To respond to inquiries, provide tailored support, and communicate about product updates or policy changes.Note: Data collected as part of processing End User information on behalf of Developers is excluded from this Policy and is governed by our Data Processing Agreement (DPA).We use the data collected from Developers for multiple purposes to deliver, improve, and secure our services:
  1. Service Delivery: We use data to provide access to the Developer Tools, maintain service reliability, and address technical issues as they arise.
  2. Customer Support: Data is utilized to deliver technical assistance, answer queries, and ensure a smooth and enhanced Developer experience.
  3. Analytics: We analyze usage patterns to understand how our services are used, evaluate performance, and optimize the Developer Tools for efficiency.
  4. Billing and Payments: Personal and payment data are processed securely to manage subscriptions, facilitate transactions, and implement fraud prevention measures.
  5. Anti-Fraud and Fraud Detection: We monitor activity and use data to detect, prevent, and address fraudulent or unauthorized activity that may impact our platform or services.
  6. Feedback and Feature Development: We collect feedback to improve our offerings and develop new features that align with user needs. This data informs our development roadmap and service enhancements.
  7. Improvement and Delivery: Data is also used to tailor and deliver new features, updates, and improvements to the Developer Tools.
  8. Monitoring: We monitor the use of our Developer Tools to ensure compliance with our terms, maintain system integrity, and improve service delivery.
  9. Email Communications: With your consent, we may use your email address to send service updates, notifications, and promotional offers related to our products.
  10. Other: as required for our legitimate business purposes or, as otherwise consented by you.

Retention Period

We retain Developer data only as long as necessary to fulfill the above purposes. This includes meeting contractual obligations, resolving disputes, and complying with legal requirements, including those related to transactions, taxes and billing. Data is periodically reviewed to ensure it is retained only for the minimum period required by law or legitimate business interests. When no longer needed, data is securely deleted or anonymized.We take the privacy of Developers seriously and only share their data under specific, carefully controlled circumstances:
  1. Service Providers and Processors.We engage trusted third-party service providers ("Processors") to help us deliver our services. These include:
    • ● Payment Processors: These partners manage billing, process transactions, and handle refunds securely, ensuring financial information is protected and PCI-compliant.
    • ● Cloud Storage and Hosting Providers: We use cloud services for data storage, backup, and system reliability, ensuring your data is accessible yet secure through redundancy and disaster recovery measures.
    • ● Database and Infrastructure Providers: They support our database management, system performance, and network security to ensure efficient and safe data handling.
    • ● Customer Support Platforms: These tools enable effective communication and manage support tickets, helping us resolve issues and maintain high-quality service.
    • Analytics Providers: We use analytics services to collect and analyze usage patterns, which help us optimize service performance, improve the user experience, and make informed business decisions.
    • Each Processor is subject to contractual obligations to use the data only as instructed, maintain strict confidentiality, and implement robust security measures.
  2. Affiliated Companies. We may share Developer data with our Affiliated Companies for purposes consistent with this Privacy Policy, such as enhancing service offerings, providing joint customer support, or conducting internal analysis. These affiliates are bound by similar privacy and security requirements.
  3. Legal Requirements and Protection. We may disclose Developer data if we believe it is necessary to:
    • ● Comply with legal obligations: Such as responding to subpoenas, court orders, or other legal processes.
    • ● Protect rights and safety: To defend against legal claims, and protect the rights, property, or safety of Avanquest, our users, or the public.
  4. Licensors: We may share data with our licensors or partners as necessary to ensure compliance with licensing agreements or to enable them to support our services.
  5. Mergers and Acquisitions (M&A): In the event of a merger, acquisition, asset sale, or other corporate transaction, Personal Data may be transferred to or shared with the acquiring or merging entity. We will ensure that the receiving party upholds the same level of data protection and privacy commitments outlined in this policy.
  6. Law Enforcement and Legal Requirements: We may disclose Personal Data to law enforcement agencies, regulators, or other authorities if we are legally required to do so or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, investigate fraud, or ensure the safety of our users.
  7. Business Partners: On occasion, we may share aggregated, anonymized, or non-personally identifiable information with business partners for research, marketing, or other purposes that support the growth and improvement of our services.
  8. Protecting Our Platforms: We may share data as necessary to protect the integrity and security of our platforms. This includes:
    • ● Monitoring and Auditing: Using data to monitor for compliance, conduct audits, and maintain system integrity.
    • ● Automation Tools: Leveraging automated systems to detect and prevent unauthorized access or activities.
    • ● Authorization and Authentication: Using data to authenticate users and manage access controls securely.
    • ● Security Tools: Implementing advanced security measures, such as firewalls, intrusion detection systems, and encryption, to safeguard data and prevent breaches.
  9. Protecting Our Interests: We reserve the right to share Personal Data to protect the rights, property, or safety of Avanquest, our users, or the public. This includes sharing information to prevent fraud, reduce credit risk, or secure our network.
  10. Consent-Based Sharing. If we need to share your data for purposes not covered in this section, we will obtain your explicit consent. This includes sharing information with partners for marketing or additional service integrations.
Developers using the SodaPDF Developer Tools must adhere to strict data protection and transparency practices to safeguard End User privacy and comply with applicable laws.
  1. Privacy Policy Requirement. Developers are obligated to create and maintain a comprehensive Privacy Policy that is easily accessible to End Users. This Privacy Policy must clearly and transparently outline:
    • ● Data Collection: A detailed description of the types of Personal Data collected from End Users, specifying what information is gathered and for what purposes.
    • ● Data Use: An explanation of how the collected data is processed, stored, and shared, including any third-party data sharing or integration.
    • ● User Rights: Information on End Users' rights under applicable data protection laws, such as the GDPR and Law 25 in Quebec. This should cover the right to access, rectify, or delete Personal Data, and how users can exercise these rights.
  2. Consent and Transparency. Developers are required to obtain valid and informed consent from End Users where necessary, ensuring compliance with laws such as the GDPR. This involves:
    • ● Clear Consent Mechanisms: Implementing straightforward options that allow End Users to easily give, withhold, or withdraw their consent for data processing activities. Consent requests should be unambiguous and specific to the intended purposes.
    • ● Transparency: Developers must communicate data processing practices in a way that is easy for End Users to understand. This includes providing clear information about how data is collected, used, and shared, in a format that is accessible and free from complex legal jargon.
By fulfilling these responsibilities, Developers help ensure the protection of End User privacy and uphold legal and ethical standards in data processing.We are committed to upholding the rights of Data Subjects under applicable privacy laws, including the GDPR and Law 25 in Quebec.
  1. Developer: As Data Subjects, Developers have several rights concerning their Personal Data, including:
    • ● Right of Access: You have the right to request access to the Personal Data we hold about you, including information about how we use and share it.
    • ● Right to Rectification: You can request that we correct or update any inaccurate or incomplete Personal Data.
    • ● Right to Deletion: Also known as the “right to be forgotten,” you can request the deletion of your Personal Data, subject to legal or contractual restrictions.
    • ● Right to Restriction: You may request that we limit the processing of your data under certain conditions.
    • ● Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.
  2. End Users: Developers who use the SodaPDF Developer Tools are responsible for addressing Data Subject rights requests from their End Users. This includes requests for access, correction, deletion, or data portability. As a Data Processor, Avanquest will assist Developers in fulfilling these requests to the extent required by law, and in accordance with our contractual obligations. Developers must notify us promptly if they receive such a request from an End User.
Avanquest processes Personal Data based on various legal grounds to ensure compliance with data protection laws such as the GDPR and Law 25 in Quebec. These legal bases include:
  1. Contractual Necessity: Processing is necessary to fulfill our contractual obligations to Developers. This includes providing access to the Developer Tools, managing accounts, delivering customer support, and processing payments. Without this data, we would be unable to perform these services.
  2. Legitimate Interests: We process data to pursue our legitimate business interests, provided that such processing does not override the rights and freedoms of data subjects. Examples include improving our services, ensuring platform security, fraud prevention, and conducting business analytics.
  3. Legal Obligations: We may process Personal Data to comply with legal requirements, such as financial reporting regulations, responding to legal requests from authorities, or enforcing our terms of service.
  4. Consent: Where required by law, we rely on explicit consent from data subjects to process their Personal Data. This basis is often used for activities like sending promotional communications or collecting data that is not necessary for service delivery. Consent must be freely given, specific, informed, and revocable at any time.
  5. Compliance with Data Protection Regulations: We adhere to laws like the GDPR and Law 25, ensuring that all data processing activities are lawful, fair, and transparent.
We are committed to ensuring the security and integrity of Personal Data collected and processed using our Developer Tools. Our approach to information security involves the implementation of comprehensive Technical and Organizational Measures (TOM) and adherence to our internal Information Security Policy, which is summarized below:

Key Security Measures

  1. Data Encryption: All sensitive data is encrypted using advanced encryption protocols, both when transmitted across networks and when stored on our servers. This ensures that data remains secure and protected from unauthorized access.
  2. Access Controls and Authentication: We enforce stringent access control mechanisms to limit access to Personal Data. Only authorized personnel are granted access based on the principle of least privilege, and multi-factor authentication is used to enhance security further.
  3. Secure Software Development: Our development processes include secure coding practices, regular vulnerability assessments, and thorough code reviews to identify and mitigate potential security threats.
  4. Regular Security Audits and Assessments: We perform regular security audits and risk assessments to evaluate the effectiveness of our security practices and ensure ongoing protection of Personal Data.
  5. Incident Response Plan: We have a well-defined incident response plan to address and mitigate any data breaches or security incidents promptly. This includes notifying affected parties and regulatory authorities, as required by law.
We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law or, in certain cases (such as subscriptions to updates, for as long as you didn’t request a deletion).
  1. Criteria for Retention: Data retention periods depend on the type of data and the reason for its collection. We consider factors such as legal obligations, the duration of our relationship with Developers, and the need to comply with financial or contractual requirements.
  2. Developer Data: Account information, billing records, and communications are retained for the duration of the service relationship and may be kept for a limited period thereafter for legal, accounting, or audit purposes.
  3. End User Data: Data processed on behalf of Developers is retained as per instructions from the Developer, and we comply with requests to delete or anonymize data as required.
We may transfer and process Personal Data to countries outside of your jurisdiction, including regions where data protection laws may differ from those in your home country. These transfers are necessary to deliver our services and manage our global operations.

Transfers from the European Economic Area (EEA) and Switzerland

  • ● Standard Contractual Clauses (SCCs): For data transfers outside of the EEA and Switzerland, we use SCCs approved by the European Commission. These are legally binding agreements that ensure the same level of data protection as guaranteed under the GDPR.
  • ● Adequacy Decisions: Where possible, we rely on adequacy decisions from the European Commission, which confirm that a country outside the EEA provides an adequate level of data protection.
  • ● Supplementary Measures: We may implement additional safeguards, such as encryption and data pseudonymization, to ensure data remains protected during and after the transfer.

Transfers from Quebec and Canada

  • ● Compliance with Law 25: Transfers from Quebec must ensure that the recipient country offers an equivalent level of data protection. We evaluate the legal framework of the destination country and, where necessary, use measures like SCCs or binding corporate rules.
  • ● PIPEDA and Cross-Border Transfers: For data transfers under the Personal Information Protection and Electronic Documents Act (PIPEDA), we ensure contractual protections are in place to maintain privacy and security standards.

Third-Party Service Providers

We may transfer data to third-party service providers or affiliates in various jurisdictions to provide infrastructure, support, or other operational services. These providers are contractually obligated to uphold strict data protection standards and are subject to regular audits.

Data Subject Rights in Cross-Border Transfers

Individuals have rights under the GDPR and Law 25 related to how their data is transferred and processed internationally. If you have concerns about these transfers or wish to know more about the safeguards in place, please contact us using the details provided in the Contact Information section.We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.
  1. Review and Updates: The Privacy Policy is reviewed periodically, and significant changes will be communicated to users through the Developer Console, email, or other appropriate means. The “Last Updated” date will be revised accordingly.
  2. User Notification: When changes materially affect your rights or how your data is processed, we will provide notice and, if required by law, obtain your consent before implementing changes.
For privacy-related inquiries, questions about this Privacy Policy, or to exercise your data protection rights, please contact us: