Privacy Policy — How Fortis Handles Your Data

This Privacy Policy explains how Fortis Communications Inc (“Fortis”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit fortis-tele.com or use any Fortis product — VeloConnect, VeloeSIM, VeloPBX, or VeloVerify (the “Services”). Fortis is a Canadian company and complies with the federal Personal Information Protection and Electronic Documents Act (PIPEDA). If you are a resident of the European Economic Area, the United Kingdom, or California, we honour the data-subject rights granted to you under your local law on request, even where this policy is framed around PIPEDA.

Who we are #

Fortis Communications Inc is a Canadian corporation headquartered in the Province of Ontario, Canada. We provide four telecommunications products: VeloConnect (CPaaS — SMS, voice, WhatsApp, Viber, Telegram), VeloeSIM (eSIM and roaming), VeloPBX (cloud virtual PBX), and VeloVerify (HLR, MNP, and IRSF lookups). For any privacy matter, contact [email protected]. We do not maintain a public office address; all correspondence should be by email.

What personal information we collect #

We collect personal information in three contexts, each described below.

(a) Website visitors. When you visit fortis-tele.com we automatically collect your IP address, browser user-agent, the page you requested, the page that referred you, and the date and time of the request. If you submit a contact, demo, or newsletter form, we collect the fields you fill in (typically name, work email, company, phone, and the message body). If you accept statistics cookies in our consent banner, our analytics provider (Google Analytics 4 via Google Tag Manager) collects pseudonymous behavioural data — pages viewed, session duration, device class, approximate city-level location derived from IP, and a randomized client identifier.

(b) Customers. When you create an account or purchase a Service, we collect the information needed to operate the account: your name, business email, billing address, billing currency, payment method details (handled by our payment processor — we never store full card numbers), and the contents of any support or sales tickets you open with us.

(c) End-user traffic data. Some of our Services process personal information about your end-users — the people you send messages to, place calls to, or verify numbers for. For this category Fortis acts as a service provider (PIPEDA), data processor (GDPR), or service provider (CCPA), and the customer is the controller. We process this data only on the customer’s documented instructions under the applicable order form or master services agreement.

How we collect it #

Most personal information is collected directly from you when you fill in a form, create an account, send us an email, or place an order. Some information is generated automatically — server logs, analytics events from your browser, and traffic records produced as your messages or calls transit our infrastructure. We do not buy contact lists, scrape third-party sites, or enrich your profile from data brokers.

Why we collect it #

PIPEDA requires us to identify the purpose of each collection at or before the time it occurs. We use personal information to: provide and operate the Services you have requested; respond to your enquiries; bill you and reconcile payments; protect the Services against fraud, abuse, and unauthorized access (including bot-protection challenges); detect and prevent telecommunications fraud such as IRSF, wangiri, and AIT; comply with our obligations under telecommunications, anti-spam, sanctions, and tax law; understand which parts of fortis-tele.com are useful so we can improve them; and send transactional notifications (such as account, security, and billing alerts), and — only with your explicit opt-in — marketing communications. We do not use your personal information for any purpose materially different from these without first asking for your consent.

Under PIPEDA, our basis for processing is your knowledge and consent, except where another basis is permitted by law (for example, where we are required to disclose information to law enforcement under a valid order). Consent is implied for activity that is reasonably necessary to operate a Service you have already requested (such as routing your message through our carrier partners). Consent is express — collected through a checkbox or equivalent affirmative action — for marketing communications, statistics cookies, and any other use that is not strictly necessary. You may withdraw consent at any time by writing to [email protected]; we will explain the practical consequences if withdrawal would end your access to a Service. If you are in the EEA or UK, the legal bases under Article 6 GDPR are the same set translated into GDPR terms: performance of a contract, legitimate interests (fraud prevention, security, product analytics), legal obligation, and consent. If you are in California, our processing is consistent with the disclosures required by CCPA/CPRA and we do not “sell” or “share” personal information for cross-context behavioural advertising.

We share personal information only with parties that need it to deliver the Services or to meet a legal obligation. Categories of recipients are:

Sub-processors and service providers: our hosting provider, our edge / security provider (Cloudflare), our email and customer-support tooling, payment processors, telecommunications carriers and aggregators that route your messages and calls, and the analytics provider you have consented to (Google).
Professional advisers: our lawyers, accountants, auditors, and insurers, bound by their own confidentiality obligations.
Authorities: where we are required by Canadian law or a valid order from a competent authority to produce information.
Acquirers: if Fortis is involved in a merger, acquisition, financing, or insolvency, personal information may be transferred to the acquiring or succeeding entity, subject to equivalent confidentiality obligations.

We do not sell personal information.

International transfers #

Fortis is based in Canada, but our sub-processors and carrier partners operate globally. Personal information may be processed outside the country where it was collected, including in the United States and the European Union. By using the Services or fortis-tele.com you acknowledge this. Where the transfer involves personal information of EEA or UK residents, we rely on the European Commission’s Standard Contractual Clauses (or equivalent UK transfer mechanism) with the sub-processor. Canada is recognized by the European Commission as providing an adequate level of protection for personal information transferred from the EU.

How long we keep it #

We keep personal information only as long as we have a legitimate purpose for doing so. As a guide: contact-form messages and demo enquiries are retained for up to 24 months from last contact; customer account data for the duration of the account plus seven (7) years after closure for tax and audit purposes; billing records for seven (7) years to meet Canada Revenue Agency requirements; server logs for up to 90 days unless retained longer for an active security investigation; analytics data for 14 months at the user-property level. End-user traffic data processed on behalf of customers is retained per the customer’s order form, typically 30 days for messaging metadata and shorter for call recordings.

How we protect it #

We apply administrative, technical, and physical safeguards proportionate to the sensitivity of the personal information we hold. These include role-based access controls, encryption in transit (TLS 1.2 or higher), encryption at rest for data stores that support it, mandatory two-factor authentication for our administrative accounts, regular access reviews, vendor security assessments, and an incident-response plan. No system is ever perfectly secure; in the event of a breach involving real risk of significant harm we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA’s mandatory breach-reporting rules.

Your rights #

Under PIPEDA you have the right to: (a) be informed about the existence, use, and disclosure of your personal information; (b) access the personal information we hold about you; (c) request correction of inaccurate or incomplete information; and (d) withdraw consent (subject to legal or contractual restrictions). To exercise any of these rights, write to [email protected] from the email address associated with your account or enquiry. We respond within 30 days; if we cannot meet that timeline we will tell you why and provide a revised date. There is no charge for a standard request. We may decline to act on a request that is manifestly unfounded, excessive, or that would require us to disclose information about another individual.

If you are in the EEA or UK you additionally have rights of erasure, restriction of processing, data portability, and objection to processing under Articles 15–22 GDPR. If you are in California you additionally have rights to know, delete, correct, and limit the use of sensitive personal information under CCPA/CPRA. To exercise any of these regime-specific rights, write to the same email and tell us which jurisdiction you are exercising rights under.

Cookies and similar technologies #

fortis-tele.com uses a small number of cookies and similar technologies. Strictly necessary cookies (including Cloudflare’s bot-protection cookies and our consent-banner state) load without consent because the site would not work without them. Statistics cookies — Google Analytics 4 loaded through Google Tag Manager — load only after you give consent through our cookie banner. We do not use marketing or cross-site tracking cookies. Full detail of every cookie, its purpose, and its duration is in our Cookie Policy.

Automated decision-making #

We do not use personal information collected from fortis-tele.com to make decisions about you that produce legal or similarly significant effects without human review. Some Services use automated systems internally — for example, fraud-detection rules that flag suspicious traffic patterns for review — but a human Fortis operator is in the loop before any account-level action is taken.

Children #

Our Services are not directed at children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please write to [email protected] and we will delete it.

Changes to this policy #

We may revise this Privacy Policy from time to time. When we make material changes we update the “Last updated” date at the top of this page and, where appropriate, notify account holders by email. Continued use of fortis-tele.com or the Services after a change takes effect constitutes acceptance of the revised policy.

How to complain #

If you have a concern about how Fortis handles your personal information, contact us first at [email protected]. We take complaints seriously and will work to resolve the matter directly. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada. EEA / UK residents may also complain to their local supervisory authority; California residents may contact the California Privacy Protection Agency at cppa.ca.gov.

Contact #

Fortis Communications Inc, Ontario, Canada. For any privacy question, please write to [email protected].