Cieblink

← Back Terms of use Privacy Policy

Privacy Policy

Cieblink — Privacy Policy

Version
2026 — v2
Effective date
September 1, 2024
Last updated
June 17, 2026

1. Commitment and identity of the controller

8240167 Canada Inc., doing business as Les logiciels Cienapps (French) and Cienapps Software (English) ("Cienapps", "we", "our"), places great importance on protecting the personal information you entrust to us when using the Cieblink platform, accessible in particular through the following sites:

  • https://cieblink.com (marketing site)
  • https://app.cieblink.com (transactional platform)
  • https://lab.cieblink.com (test environment)
  • Any private subdomain operated by Cieblink (e.g., https://fournisseur.cieblink.com)

(hereinafter collectively the "Platform" or the "Services")

This privacy policy (the "Policy") describes the personal information we collect, the purposes for which we use it, the parties with whom we share it, and your rights in this regard.

Head office address: 2697 Boulevard du Curé-Labelle, Prévost (Québec) J0R 1T0, Canada

2. Privacy officer

In accordance with the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1, known as "Law 25"), we have designated a person responsible for the protection of personal information.

NameJean-Marc Paquin
TitleGeneral Manager
Emailprivacy@cienapps.com
Mailing address2697 Boulevard du Curé-Labelle, Prévost (Québec) J0R 1T0, Canada

You may contact this person with any question regarding this Policy, to exercise your rights, or to file a complaint.

3. B2B nature of the Platform and data qualification

Cieblink is a professional B2B platform intended for legally constituted businesses. The data processed on the Platform falls into two main categories.

3.1 Company data (commercial data)

This is data that belongs to the registered Company and relates to that Company's commercial activity, without directly identifying a natural person:

  • product catalogues, technical sheets, prices, terms of sale;
  • orders, quotes, delivery statuses, invoices issued between Buyers and Suppliers;
  • Company account settings and configurations;
  • technical integrations (API, ERP, Biesse files, etc.).

This data is governed primarily by the Terms of Use and not by this Privacy Policy.

3.2 Personal information

This is any information concerning a natural person that allows them to be identified, directly or indirectly, even when collected in a professional context. In accordance with the prudent position recommended under Law 25, we treat the professional contact details of employees of registered Companies (for example, firstname.lastname@company.com) as personal information and apply the protections described in this Policy to them.

4. Personal information we collect

We collect only the personal information necessary to provide and improve our Services. All this information is collected in a professional context, from individuals acting on behalf of and for a Company registered on the Platform.

4.1 Information you provide to us directly

  • Professional identification: first name, last name, title, Company name, language of communication.
  • Professional contact details: business email, telephone number, Company address.
  • Account credentials: username, password (encrypted), API key.
  • Professional information: role within the Company, industry, usage preferences.
  • Communications: emails, support requests, exchanges via contact forms.
  • Payment information (where applicable): processed directly by our payment provider (see section 8); we do not store full credit card numbers.

4.2 Information collected automatically

When you use the Platform, we automatically collect:

  • Technical data: IP address, browser type and version, operating system, device identifiers.
  • Browsing data: pages visited, session duration, actions taken, search queries, access dates and times.
  • Connection data: authentication logs, login attempts, API activity.
  • Cookies and similar technologies: see section 7.

5. Purposes of use

We use your personal information only for the following purposes:

  • Provide the Services: account creation and management, order processing, Buyer-Supplier matching.
  • Support and communication: respond to your requests, send you notices related to your account or the Services.
  • Security and integrity: detect and prevent fraud, abuse, and unauthorized access.
  • Service improvement: aggregated usage statistics, performance analysis, feature development.
  • Legal compliance: meet our tax, accounting, and regulatory obligations.
  • Marketing communications (with your consent): Cienews newsletter, product announcements, event invitations.

We will never process your information for other purposes without first informing you and, where required by law, without having obtained your consent.

6. Automated decisions and artificial intelligence

As of the effective date of this Policy, the Platform makes no decision based exclusively on automated processing that would produce a legal effect concerning you or significantly affect you.

If we implement such processing in the future (for example, algorithmic supplier recommendations, automated scoring, AI content analysis), we will update this Policy and inform you in accordance with sections 12.1 and 65.2 of Law 25.

7. Cookies and similar technologies

7.1 Categories of cookies used

CategoryDescription
Strictly necessary
(no consent required)
Essential to operation: authentication, security, protection against bots and abuse (Google reCAPTCHA), language preference (the "language" cookie).
Performance and analytics Google Analytics (audience measurement and usage statistics) and Hotjar (analysis of journeys, interactions, and sessions).
Marketing The Platform currently uses no advertising or retargeting cookies.

7.2 Managing your consent

You can configure your browser to block or delete cookies. Please note that this may affect the proper functioning of the Platform.

Cienapps is deploying a consent management mechanism that allows you, on your first visit, to accept, refuse, or customize non-essential cookies (in particular performance and analytics cookies), and to change your preferences at any time.

8. Sharing personal information with third parties

We do not sell your personal information. We share it only in the following cases.

8.1 With other Platform users

As Cieblink is a B2B platform, certain information from your professional profile (Company name, professional contact details, catalogue, order statuses) is visible to the other users with whom you interact (for example, a Supplier receiving your order). Your account settings specify what is visible.

8.2 With our service providers (processors)

We rely on trusted providers, contractually bound by strict confidentiality and security obligations. The main categories are:

PurposeProviderLocation
Cloud hostingAmazon Web Services (AWS)Canada
Payment processingStripeUnited States and Ireland
Transactional communications (emails)Amazon SES (Amazon Web Services)United States
Audience measurement and bot protectionGoogle Analytics and Google reCAPTCHA (Google LLC); HotjarUnited States; European Union
AccountingQuickBooks Online (Intuit)United States
Customer supportCienapps (by email: support@cienapps.com); no third-party support tool is currently integratedCanada

8.3 For legal reasons

We may disclose information if required by law (court order, warrant, legitimate government request), to enforce our terms, or to protect our rights, our security, or those of others.

8.4 In the context of a corporate transaction

In the event of a merger, acquisition, asset sale, or reorganization, your information could be transferred to the entity concerned, which will be required to comply with this Policy.

9. Disclosure of information outside Québec and Canada

9.1 Primary hosting in Canada

Our primary infrastructure (hosting, database, backups) is operated by Amazon Web Services (AWS) in data centres located in Canada. The vast majority of your information therefore remains processed in Canada, under Canadian and Québec law.

9.2 Limited transfers to certain processors

Certain specialized processors may process data outside Canada, in particular QuickBooks Online (accounting), Stripe (payments), Amazon SES (transactional emails), and Google Analytics or Google reCAPTCHA in the United States, as well as Hotjar in the European Union.

In accordance with section 17 of Law 25, before any transfer outside Québec, we conduct a privacy impact assessment (PIA) that takes into account:

  • the sensitivity of the information;
  • the purpose of its use;
  • the contractual, organizational, and technical protection measures in place;
  • the legal framework applicable in the receiving jurisdiction.

We carry out such a transfer only if the assessment demonstrates that the information will benefit from adequate protection.

10. Retention of information

We keep your personal information only as long as necessary to fulfill the purposes described, or for the following periods:

Type of informationRetention period
Active account dataDuration of the contractual relationship
Data after account closure7 years (tax and accounting obligations)
Transactional data (orders, invoices)7 years
Connection and activity logs24 months
Marketing communications (with consent)Until consent is withdrawn
Analytics cookies13 months maximum

Beyond these periods, information is securely destroyed, deleted, or anonymized.

11. Security measures

We implement reasonable security measures appropriate to the sensitivity of the information, including:

  • encryption of communications (TLS/HTTPS);
  • encryption of passwords and sensitive data at rest;
  • role-based access controls;
  • strengthened authentication for administrative accounts;
  • access logging and monitoring;
  • regular backups and disaster recovery plans;
  • staff training and confidentiality commitments.

As no method of electronic transmission or storage is 100% infallible, we cannot guarantee absolute security.

12. Role of the registered Company

When a Company registers its employees, agents, or representatives on the Platform, or allows them to access it through an account it administers:

  • The Company is responsible for informing those persons that their professional contact details will be disclosed to Cienapps and processed through the Platform in accordance with this Policy;
  • The Company must ensure that it has a legitimate basis for doing so (for example, employment contract, internal policy, consent);
  • With respect to the operational information processed on behalf of the Company, Cienapps acts as a person carrying on an enterprise on behalf of the Company within the meaning of Law 25, within the limits defined herein and by any applicable service agreement.

The Company remains free to implement its own internal policies and may, upon request, enter into a personal information processing agreement with Cienapps specifying the terms applicable to its own data.

13. Your rights

In accordance with Law 25 and PIPEDA, any natural person whose personal information is processed by Cienapps has the following rights:

  • Right of access: obtain a copy of the information we hold about you.
  • Right of rectification: correct inaccurate, incomplete, or ambiguous information.
  • Right to erasure and de-indexing: request deletion or de-indexing under the conditions provided by law.
  • Right to portability: receive your information in a structured, commonly used technological format (in force since September 2024).
  • Right to withdraw your consent: for processing based on consent (in particular marketing).
  • Right to stop dissemination: request that information cease to be disseminated where this causes serious harm.

These rights are exercised personally by the individual concerned — your Company cannot exercise them on your behalf. They are, however, individual rights distinct from your Company's rights over its own commercial data (catalogue, transactions), which are governed by the Terms of Use.

To exercise a right, write to the privacy officer (see section 2). We will respond within 30 days. A refusal or a failure to respond within this period entitles you to a recourse before the Commission d'accès à l'information du Québec (CAI): www.cai.gouv.qc.ca.

14. Confidentiality incidents

In the event of a confidentiality incident (loss, unauthorized access, communication, or use of personal information) presenting a risk of serious harm, we will:

  • promptly notify the persons concerned;
  • report the incident to the CAI (and to the Office of the Privacy Commissioner of Canada where applicable);
  • maintain a register of incidents that we can provide to the CAI on request.

If the incident concerns a client Company, we will also notify that Company as soon as possible so that it can, in turn, inform its own affected employees or clients.

15. Minors

The Platform is intended for professional B2B use and is not designed for persons under 18 years of age. We do not knowingly collect information concerning minors. If we discover that a minor has provided us with personal information, we will delete it without delay.

16. Changes to the Policy

We may amend this Policy. Any significant change will be communicated to you:

  • by a notice on the Platform;
  • by email, where the changes significantly affect your rights or our processing purposes.

The date of the last update appears at the top of the document. Your continued use of the Services after a change takes effect constitutes acceptance of the revised version.

17. Contact information

For any question, request, or complaint:

Jean-Marc Paquin, General Manager — Privacy Officer
8240167 Canada Inc. (Les logiciels Cienapps / Cienapps Software)
2697 Boulevard du Curé-Labelle, Prévost (Québec) J0R 1T0, Canada
Email: privacy@cienapps.com

Commission d'accès à l'information du Québec (CAI): www.cai.gouv.qc.ca

← Back Top ↑