Privacy Policy

EnviroByte Inc. ("EnviroByte," "we," "us," or "our") develops and operates enterprise software solutions for environmental data management, including but not limited to EmissiONX, OpenPEMS, DataPivot, Decarb, and Reduction in Motion (RIM) (collectively, the "Applications"). This Privacy Policy explains how EnviroByte collects, uses, discloses, and protects personal information when authorized employees, contractors, or agents ("Users") of our business clients ("Customers") access our Applications or related services. EnviroByte is committed to protecting privacy and handling personal information in compliance with the Alberta Personal Information Protection Act (PIPA) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), as well as other applicable data protection laws. We treat personal data with the same level of care and protection regardless of where you are located.

This Policy applies to personal information that EnviroByte collects and processes:

• • when you use or access any EnviroByte Application or platform
• • when your employer or organization (the Customer) provides data to EnviroByte for integration or processing
• • when you interact with EnviroByte for support, communications, or training

This Policy does not apply to Customer data managed within the Customer’s own systems or governed by their own privacy policies. EnviroByte acts as a data processor or service provider in relation to such data, we process it only as instructed by the Customer.

Personal Information means any information about an identifiable individual, or that is linked or linkable to an identifiable individual. This may include direct identifiers (such as name or email address) and indirect identifiers (such as device information, user activity logs, or metadata associated with user actions).

• a. Information You Provide
• • Name, business contact details (email, phone, title, organization).
• • Account credentials and authentication information (stored encrypted).
• • Support requests, feedback, and communications.
• b. Information Collected Automatically
• • Device and browser information, IP address, operating system.
• • Log data and activity records (e.g., login time, data upload events, report generation).
• • Diagnostic and performance data used to improve system functionality.
• c. Information from Customer Integrations EnviroByte may process information imported from Customer data sources, including:
• • enterprise databases, cloud storage (S3, Azure, GCS), or API feeds
• • uploaded files (e.g., emissions, compliance, or facility data)
• • metadata needed for data validation and integration logs. Such data may include personal information incidentally embedded within datasets. EnviroByte processes it solely to deliver the contracted service.

EnviroByte uses personal information to:

• 1. Provide and operate the Applications and related services.
• 2. Authenticate and authorize Users and manage access permissions.
• 3. Support Customer integrations and data processing in accordance with Customer instructions.
• 4. Monitor and improve system security, reliability, and performance.
• 5. Communicate with Users about technical, operational, or security matters.
• 6. Analyze usage patterns in aggregated form to enhance product design and efficiency.
• 7. Comply with legal, regulatory, or contractual obligations. EnviroByte does not sell or rent personal information.

EnviroByte Applications and websites may use cookies and telemetry tools to enhance user experience and system reliability. We use:

• • Session cookies for secure authentication.
• • Performance cookies for load balancing and uptime optimization.
• • Analytics tools (e.g., usage metrics, error logs, feature adoption) to improve our services.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit Application functionality. EnviroByte does not use tracking technologies for targeted advertising or behavioral profiling.

When EnviroByte connects to Customer environments (e.g., Azure Blob, AWS S3, Google Cloud Storage, SFTP, on-prem databases), we:

• • use encrypted communication channels (TLS 1.2 or higher)
• • authenticate through secure credentials or tokens controlled by the Customer
• • restrict processing to the data necessary for the requested computation or reporting; and
• • store intermediate data in secure, access-controlled systems located in Canada unless otherwise agreed. EnviroByte does not access Customer systems beyond the scope authorized by the Customer Agreement.

EnviroByte may share personal information only with:

• • Service Providers performing hosting, support, or authentication (under binding confidentiality agreements)
• • Customer administrators for account management and oversight
• • Legal or regulatory authorities when required by law or court order; and
• • Business successors in case of a merger, acquisition, or reorganization (with confidentiality safeguards).

We do not disclose user information for marketing or unrelated purposes.

If personal information is transferred outside of Alberta or Canada, EnviroByte ensures equivalent protection through:

• • encryption in transit and at rest
• • contractual safeguards (e.g., Standard Contractual Clauses); and
• • verification that third-party processors maintain comparable privacy standards.

EnviroByte retains personal information only for as long as:

• • necessary to fulfill contractual obligations; - required by law or regulatory standards; or
• • needed for legitimate operational or audit purposes.

When no longer required, data is securely deleted, anonymized, or destroyed in accordance with EnviroByte's data retention policy.

We employ industry-standard administrative, technical, and physical safeguards, including:

• • encryption of stored and transmitted data
• • multi-factor authentication
• • least-privilege access controls
• • network segmentation and intrusion monitoring; and
• • periodic audits and penetration testing.

While no system is completely secure, EnviroByte continuously improves its security posture and promptly addresses vulnerabilities.

EnviroByte treats privacy as a core business principle. We maintain internal policies, employee training, and oversight to ensure ongoing compliance with privacy and security obligations. Our Privacy Officer oversees all data protection practices and serves as the point of contact for regulators and Customers.

Under Alberta PIPA and PIPEDA, individuals have the right to:

• • access and request correction of their personal information
• • withdraw consent to processing (subject to contractual limits); and
• • inquire about how their information is collected, used, or shared.

Requests can be submitted to privacy@envirobyte.com. We respond to verified requests within 30 days, unless otherwise permitted by law.

EnviroByte may update this Policy periodically to reflect operational or legal changes. The revised version will include an updated effective date and will be posted at www.envirobyte.com. If material changes are made, we will notify Customers or Users through in-app notice or email.