Privacy Policy

Last updated: November 25, 2025

1. Introduction

BEFORE USING THE WEBSITE AND OUR APPLICATIONS, PLEASE READ OUR PRIVACY POLICY CAREFULLY (the “Policy”).

This Policy addresses the protection of Personal Information by Vasco HQ Inc., doing business as Vasco (hereinafter referred to as “Vasco” or “we”).

We take special care to protect your Personal Information collected through our website vasco.app and our applications (hereinafter collectively referred to as “Applications”) and through the Vasco Products (hereinafter collectively referred to as “Platform”).

However, this Policy applies, in its entirety, only to Personal Information of the Applications users (hereinafter: “you”). Its purpose is to explain how we collect, use and disclose your Personal Information.

When we process customer data on behalf of customers, that’s governed by the DPA, not this Policy.

If you are an Authorized User of a Customer, any section of this Policy is applicable to you only where it specifically provides that it applies to such users. Each Customer is responsible for complying with the legal obligations applicable to persons who collect Personal Information about others and, in this respect, is responsible for obtaining valid consent for its collection, disclosure and use. In addition, the Customer shall be responsible for establishing its own privacy policy, determining the safeguards applicable to Personal Information and providing the persons concerned by such information with the means to exercise their rights.

In addition, this Policy does not apply to Personal Information about our employees, and Personal Information about our Subprocessors (as those terms are defined in Section 6 of this Policy).

Lastly, this Policy aims to comply with Canadian and Quebec laws relating to the protection of Personal Information and, where applicable, the General Data Protection Regulation (“GDPR”).

For the purposes of this Policy, the following definitions shall apply:

1.1. “Account Administrator”

Member of an Organization to which the Organization grants the right to administer the account, which right includes the following prerogatives:

  • amendment of the User Account information;
  • addition of Authorized Users and their User Profiles;
  • amendment of payment information;
  • performance of any operation related to the business relationship of the Organization with Vasco.

1.2. “Vasco Products”

Means:

  1. The Vasco solutions and software as a service for Revenue Operations (RevOps), including the Data Hub, Planning Hub, Review Hub, Execution Hub, BI Hub, and Gama AI (AI revenue analyst);
  2. The Vasco solutions offered in whole or in part as mobile apps for smartphones or tablets;
  3. Any other solution providing new functionalities which may be added in the form of a module to the solutions listed above; and
  4. Support for Authorized Users and related maintenance provided by Vasco.

1.3. “Authorized User”

Member of a Customer, Organization or Affiliate which an Account Administrator authorizes to use the Vasco Products after the Customer has paid all related charges. An Authorized User may be a member of several Customers, Organizations or Affiliates, as the case may be.

1.4. “Customer”

An Organization designated on the registration form who has received an email confirming the order of Vasco Products.

1.5. “Organization”

A person who carries on a business, limited partnership, limited liability company, partnership, union, employer organization, sole proprietorship, business corporation or company (with or without share capital), legal person, cooperative, trust, unincorporated association, joint venture, non-profit or not-for-profit organization, government authority or any other entity, regardless its legal form, incorporation status or the jurisdictions in which it operates, carrying on an organized activity of any nature whatsoever and which uses the Vasco Products. An Authorized User who manages the accounts of other Authorized Users is considered an Organization.

1.6. “Personal Information”

Any information pertaining to a natural person which directly or indirectly allows the person to be identified. For the purposes of this Policy, Personal Information corresponds to “personal data” within the meaning of the GDPR.

1.7. “User Profile”

All Personal Information concerning an Authorized User transcribed in an intelligible and structured manner which is accessible and modifiable via the Platform.

2. Personal Information We Collect

We collect only the Personal Information about you that is necessary to establish, manage and maintain our relationship with you. This collection is limited, in most cases, to the following Personal Information:

  • Last name, First name;
  • Email address, phone numbers;
  • Banking/Billing information, if applicable; and
  • Cookies (see Section 9 of this Policy for more details).

We may collect Personal Information through the Applications, when you sign a contract or, more broadly, when you interact with one of our employees or representatives by email, telephone or in person.

Personal Information that is entered by Authorized Users in their User Profiles is the responsibility of their Organizations.

Your consent to the collection, use or disclosure of your Personal Information must be freely given, unambiguous, and informed. It must be given for specific purposes.

Our policies and contracts are written in plain language to make it easier for you to understand the nature, purposes and consequences of the collection, use and disclosure of your Personal Information.

Depending on the nature and sensitivity of your Personal Information, your consent may be explicit (such consent may be given verbally, in writing or electronically) or implied (when you voluntarily provide Personal Information, for instance).

Generally, we will seek your consent, except where otherwise required or permitted by law. If you are an Authorized User, our Terms and Conditions require your Organization to obtain your consent, and we presume that it is acting within the limits set by law. In the event that you witness or experience a breach in this regard, you may notify us using the contact information provided at the end of the Policy.

By using the Applications, you consent to the use of your Personal Information in accordance with this Policy.

4. Security and Governance

Cybersecurity is a priority for us. We have adopted a comprehensive set of policies and practices to guide the governance of Personal Information. These policies define how we protect and manage information throughout its lifecycle and form part of our SOC 2-aligned Information Security Program.

Our governance framework provides for:

  • The use, communication, retention, and destruction of Personal Information in accordance with documented policies;
  • Clearly defined roles and responsibilities of employees and contractors throughout the information lifecycle; and
  • A documented process for reporting and managing incidents or complaints concerning the protection of information.

These policies and practices include:

  1. Data Classification and Protection Policies: Define how information is categorized according to sensitivity and outline our obligations to protect and maintain records of operations performed on that information.
  2. Information Security Policy: Establishes processes to safeguard the confidentiality, integrity, and availability of the information and systems we manage.
  3. Vendor and Subprocessor Security Review Process: Outlines how we evaluate and approve subprocessors and third-party vendors, including the security requirements they must meet before handling Personal Information.

In addition to these administrative measures, we have implemented physical and technological safeguards appropriate to the sensitivity, purpose, quantity, and medium of Personal Information processed.

We take all reasonable steps to minimize the risk of a confidentiality breach. For instance, we apply the principles of maximum protection by default, ensuring that Platform settings have the highest level of privacy by default.

Security at Vasco

5. Use of Personal Information

We use your Personal Information primarily to provide, maintain, and improve our Platform and services. Specifically, we may use your information to:

  • Provide Services: Establish and manage your account, authenticate your identity, and provide the features of the Vasco Products you have subscribed to.
  • Support: Respond to your comments, questions, and requests, and provide customer service and technical support.
  • Communication: Send you technical notices, updates, security alerts, and administrative messages.
  • Improvement: Monitor and analyze trends, usage, and activities in connection with our Platform to improve the user experience and develop new functionalities.
  • Billing: Process payments and manage billing relationships.
  • Legal Compliance: Comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

6. Disclosure of Your Personal Information

We may disclose Personal Information to third parties in specific circumstances permitted by law.

To Service Providers, Agents, Subprocessors (“Subprocessors”)

  • Description and purpose: We may enter into contracts with Subprocessors to provide a service to our Customers, such as a Platform feature (e.g., hosting, payment processing). These Subprocessors may also provide a service to you directly on our behalf.
  • Steps: The contract requires Subprocessors to:
    • Use only Personal Information that is necessary for providing the service.
    • Refrain from disclosing or communicating Personal Information without our consent.
    • Implement rigorous security measures and allow us to audit these measures.
    • Notify us immediately of a confidentiality incident.
    • Destroy Personal Information at the end of a contract.

Another Party in a Business Transaction

  • Description and purpose: We may enter into a contract with a third party for the purpose of a Business Transaction (e.g., merger, acquisition, financing).
  • Steps: We require the other party to use Personal Information only for the purposes of entering into the transaction and to implement rigorous security measures.

Legitimate Authorities

  • Description and purpose: In order to comply with a court order, search warrant, or regulatory decision, we may be required to provide Personal Information.
  • Steps: We decline to provide access where the request is not valid. We inform Customers of requests regarding their Authorized Users unless prohibited by law.

7. Retention

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy.

  • Account Duration: We retain your Personal Information as long as your account is active or as needed to provide you with the Vasco Products.
  • Legal Obligations: We will also retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
  • Anonymization: When we no longer have a legitimate business need to process your Personal Information, we will either delete or anonymize it. If this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

8. Your Rights

ALL REQUESTS FROM AUTHORIZED USERS SHOULD BE DIRECTED TO THE PRIVACY OFFICER OF THEIR ORGANIZATION.

For Applications users who are not Authorized Users of an Organization (or where applicable by law), you have the following rights:

  1. Right to be informed: You have the right to be informed of the types of operations carried out on your Personal Information.
  2. Right to access: You may access your Personal Information by logging into the Platform or by sending an email to the address provided at the end of this Policy.
  3. Right to object/withdraw consent: In some cases, you may object to or withdraw your consent by giving reasonable notice via email. Note that withdrawing consent may affect your ability to use the Applications.
  4. Right to correction: You may request correction of inaccurate or incomplete Personal Information.
  5. Right to deletion: You may request deletion of your Personal Information subject to our legal obligations.
  6. Right to portability: You may obtain your Personal Information in a commonly used digital form.

We will respond to any request within 30 days of receipt, except where the law permits an extension.

9. Cookies

9.1. Definition

A cookie is a small text sent by a server to your browser, which it will send back the next time it connects to servers sharing the same domain name. You do not need to accept cookies to visit our Applications, but refusing them may limit some features.

9.2. Types of cookies used by Vasco

  • Technical cookies: Used to facilitate the use of the Applications (e.g., remembering your username or preferences).
  • Analytical cookies: Anonymous cookies used to collect statistics on the use of the Applications.
  • Advertising cookies: May be added by the Applications or other sites to build up your visitor profile anonymously.

The specific third-party tools we use on our marketing website are:

  • Analytics: Google Analytics and Microsoft Clarity (usage statistics).
  • Marketing: the LinkedIn Insight Tag and the Meta (Facebook) Pixel (ad measurement and retargeting).

9.3. Managing your choices

Strictly necessary cookies are always active. For visitors in the EU, UK, EEA, and Switzerland, analytics and marketing cookies are set only after you opt in via the consent banner shown on your first visit. You can review or change your choice at any time using the “Cookie preferences” link in the website footer.

10. Privacy Officer

The Privacy Officer at Vasco is Sebastien Rothlisberger. This function corresponds to that of the Data Protection Officer (DPO) under the GDPR.

If you have any questions or requests regarding the Policy, you can send an email to the following address: privacy@vasco.app.

11. Changes

Vasco reserves the right to change the content of this Policy at any time. Any changes will be posted on our Platform and brought to your attention when you log in. We recommend that you print a copy of this Policy for your records and review this section of our Platform periodically.

Unless you wish to refer specifically to the English version of this policy, please consult the French version available at Politique de confidentialite.