Version: 1.0
Effective date: August 18, 2025
Next review: February 18, 2026 (or upon material change)
Contact: privacy@hyvery.com | security@hyvery.com | 1‑833‑HYVERY‑0
Hyvery operates a B2B SaaS platform with primary hosting and storage in the United States. Hyvery maintains limited operations in Canada. By default, Customer Content (defined below) is stored in US data centers. Canadian operations are limited to support activity and certain ancillary processing, as described in this statement. Hyvery does notrelocate Customer Content outside the US without Customer direction or a signed addendum.
Customer Content: Data customers create, upload, or process in the Hyvery platform (e.g., locations, owner/operator details, support staff records, issues, tickets, work orders, invoices, programs, campaigns, assessments, floor plans, events).
Account Data: Administrative and billing information about the customer account (e.g., org name, admin contact, subscription tier).
Operational Telemetry: Logs and metrics generated by the Service (e.g., IPs, timestamps, error traces), used for reliability, security, and support.
Compute & storage: Production application services, databases (e.g., MongoDB), object storage, and backups are hosted in US regions.
Encryption: Customer Content and backups are encrypted in transit (TLS 1.2+) and at rest (AES‑256).
Availability: Multi‑AZ design within the US; disaster‑recovery objectives (RTO/RPO) are published on our trust page/SLA.
Hyvery’s Canadian footprint supports the Service while maintaining US residency for Customer Content:
Workforce location: Certain support/operations personnel may access US‑hosted systems from Canada to fulfill support and security duties (least‑privilege, MFA, logging).
Ancillary processing: Operational telemetry may be viewed from Canada (e.g., dashboards, alerting).
Storage posture: By default, Hyvery does not store Customer Content in Canada. Any temporary artifacts created during support (e.g., logs, screenshots) are retained in US systems per our retention schedule.
Sub‑processors: If a Canadian sub‑processor is engaged for ancillary services, it will be listed on our Sub‑processor list with notice rights per the DPA.
Access controls: Role‑based access (RBAC), MFA, device policies, and audit logging apply to all workforce, including personnel in Canada.
Contractual protections: Hyvery uses data‑processing terms and confidentiality agreements with personnel and vendors.
No sale/sharing: Hyvery does not sell personal information or share for cross‑context behavioral advertising.
For EU/UK/Swiss personal data processed in the Service:
Hyvery offers SCCs (EU 2021/914 Modules 2/3) with the UK Addendum and Swiss Addendum in our DPA.
Hyvery performs Transfer Impact Assessments (TIAs) and implements encryption and access controls as supplementary measures.
Primary storage remains in the United States; workforce access may occur from Canada under the same safeguards.
US‑only processing: Default. Customer Content resides in US regions with workforce access controls.
Canada involvement: Limited to workforce access and ancillary processing as described. If you require stricter constraints (e.g., geofenced access or contractual limits), contact privacy@hyvery.com to discuss configuration or a Data Residency Addendum.
Future regions: Hyvery evaluates demand‑driven regional options. Any new residency options will be announced on our trust page and sub‑processor list.
Backups: Encrypted backups are maintained in US locations separate from primary production systems with separate credentials.
DR testing: Periodic restore tests validate integrity and RTO/RPO; tests do not relocate Customer Content outside the US.
Hyvery maintains a public Sub‑processor list and provides ≥30 days advance notice for material changes where feasible.
Material changes to data residency practices will be reflected in this Statement, the Privacy Policy, and the DPA.
Customers can subscribe to change notifications via the trust page.
For questions about residency, contractual assurances, or to request tighter access constraints:
Email: privacy@hyvery.com or legal@hyvery.com
Security: security@hyvery.com
Toll‑free: 1‑833‑HYVERY‑0
| Version | Date | Author | Summary |
|---|---|---|---|
| 1.0 | 2025‑08‑18 | Privacy Officer | Initial publication (US primary; limited Canada operations). |