EVDEV Privacy Policy
Privacy Policy
Last updated:
EVDEV Inc. ("EVDEV", "we", "our", or "us") is a Shopify Plus ecommerce agency headquartered in Toronto, Ontario, Canada. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have under Canadian and international privacy laws.
01. Scope of this Policy
This Privacy Policy applies to information we collect on the EVDEV website (evdev.dev), through our contact and brief forms, via email and phone communications, during project engagements with our clients, and through any other interaction you have with us.
By using our website or engaging our services, you agree to the practices described in this Policy. If you do not agree with these practices, please do not use our website or submit information to us.
02. Personal information we collect
We only collect personal information that is reasonably necessary for the purposes described in this Policy. The categories of information we collect include:
- Contact details you submit: first name, last name, email address, phone number, company name, and any project details you provide through our contact or brief forms.
- Communication history: emails, phone calls, meeting notes, and project briefs exchanged while scoping or delivering a Shopify Plus engagement.
- Website usage data: pages visited, time on page, referring URL, browser type, device type, and approximate location — collected via cookies and analytics tools described in our Cookie Policy.
- Technical data: IP address, user agent string, and similar identifiers captured automatically when you access our website.
- Client project data: any personal or business information you provide to us while we deliver Shopify Plus design, development, SEO, or optimization services — including access to your Shopify admin, analytics dashboards, or other systems you authorize.
- Marketing preferences: your opt-in status for our newsletter and any unsubscribe events.
03. How we use your information
We use personal information for the purposes outlined below. We do not sell your personal information, and we do not use it for automated decision-making that produces legal or similarly significant effects.
- To respond to inquiries you submit via our contact and brief forms and to provide quotes and proposals.
- To deliver, support, and invoice the Shopify Plus services you engage us for.
- To communicate with you about active engagements, project updates, and administrative matters.
- To send you optional marketing emails (only if you opt in), including newsletters, case studies, and occasional updates — you can unsubscribe at any time.
- To measure and improve website performance, diagnose bugs, and strengthen security.
- To meet our legal, regulatory, accounting, and tax obligations in Canada and other jurisdictions where we operate.
- To protect our rights, property, and the safety of our team, clients, and the public.
04. Legal bases for processing
Depending on where you are located, we rely on the following legal bases for processing your personal information:
- Canada (PIPEDA) and Quebec (Law 25): express or implied consent, the necessity of processing to perform a contract with you, or a legitimate business interest that does not override your privacy rights.
- European Economic Area and the United Kingdom (GDPR / UK GDPR): your consent (Art. 6(1)(a)), the necessity of processing to perform a contract (Art. 6(1)(b)), compliance with a legal obligation (Art. 6(1)(c)), or our legitimate interests (Art. 6(1)(f)) in operating and promoting our business.
- United States (CCPA/CPRA and state laws): your inquiry, contract, or consent as applicable; we do not sell or share personal information for cross-context behavioural advertising.
05. Cookies and tracking technologies
We use a small number of cookies and similar technologies to make the website function, remember your preferences, and measure aggregate traffic. Details about each cookie, its purpose, and how to manage your choices are set out in our Cookie Policy.
Where required by law (for example, under GDPR in the EEA or Quebec Law 25 in Québec), we only place non-essential cookies after obtaining your consent. You can withdraw your consent at any time through our cookie preference centre.
06. Service providers we share information with
We share personal information only with trusted service providers who help us operate our business. Each service provider is contractually required to protect your information and only process it on our instructions. Our principal service providers include:
- Vercel Inc. — hosting and content delivery for this website (data processed in multiple regions).
- Sanity.io — content management system used to manage the website and client case studies.
- Resend — transactional email delivery for contact form submissions and newsletters.
- Google LLC — Google Analytics 4 for aggregate website analytics; data is processed in accordance with Google’s privacy terms and anonymized where possible.
- Shopify Inc. — where a client authorizes us to access their Shopify Plus admin for project delivery.
- Our accounting and legal advisors, strictly for tax, audit, and legal compliance purposes in Canada.
07. International data transfers
EVDEV is based in Toronto, Ontario. Some of our service providers process data outside of Canada, including in the United States and the European Union. When personal information is transferred outside your jurisdiction, we rely on safeguards such as the EU Standard Contractual Clauses, UK International Data Transfer Agreement, and the equivalents recognized under PIPEDA and Quebec Law 25.
If you would like a copy of the safeguards in place for a specific transfer, contact us at info@evdev.dev.
08. How long we keep your information
We keep personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and contractual obligations, and to resolve disputes. Typical retention periods are:
- Contact and brief form submissions that do not result in an engagement: up to 24 months, then deleted or anonymized.
- Client engagement records (contracts, invoices, project files): 7 years from the end of the engagement, in line with Canadian tax and accounting requirements.
- Newsletter subscribers: until you unsubscribe, plus a short suppression list to honour your opt-out.
- Website analytics data: retained for 14 months in Google Analytics 4 and then automatically deleted.
09. Your privacy rights
Depending on where you live, you may have some or all of the following rights with respect to your personal information:
- Right of access: request a copy of the personal information we hold about you.
- Right of correction: ask us to correct information that is inaccurate or incomplete.
- Right of deletion: ask us to delete personal information we no longer need a valid basis to keep.
- Right of portability: request a machine-readable copy of information you provided to us (GDPR, Law 25).
- Right to withdraw consent: at any time, for any processing that relies on your consent.
- Right to object or restrict: object to processing based on legitimate interests or ask us to restrict certain uses (GDPR).
- Right to non-discrimination: we will not discriminate against you for exercising any privacy right.
- Right to lodge a complaint: with the Office of the Privacy Commissioner of Canada (priv.gc.ca), the Commission d’accès à l’information du Québec (cai.gouv.qc.ca), or your local supervisory authority in the EEA / UK.
10. How to exercise your rights
To exercise any of the rights above, email us at info@evdev.dev with "Privacy Request" in the subject line. We will respond within 30 days (or as required by applicable law). For security, we may need to verify your identity before acting on a request.
Under Quebec Law 25, the individual responsible for the protection of personal information at EVDEV is our Privacy Officer, reachable at the same email address.
11. Security
We use industry-standard administrative, technical, and physical safeguards to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. These include HTTPS encryption, access controls, least-privilege principles, routine security reviews, and vendor security assessments.
No method of transmission or storage is perfectly secure. If we become aware of a confidentiality incident that creates a risk of serious harm, we will notify you and the applicable privacy regulators as required by PIPEDA, Law 25, GDPR, or other applicable laws.
12. Children’s privacy
Our services are directed to businesses, not to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated through the website or, where appropriate, by email.
14. Contact us
If you have questions or concerns about this Privacy Policy or our privacy practices, contact our Privacy Officer:
- Email: info@evdev.dev
- Office of the Privacy Commissioner of Canada: priv.gc.ca