How ServeFlow collects, uses, discloses, retains and protects personal information and Customer Data in connection with the Platform.
Last updated: April 30, 2026
This Privacy Policy explains how ServeFlow Process Serving Software ("ServeFlow", "we", "us", or "our") collects, uses, discloses, retains, and protects personal information in connection with our websites, web application, mobile features, APIs, customer support, billing, communications, and related services (collectively, the "Platform").
ServeFlow is process-serving workflow software. The Platform may be used by process-serving agencies, law firms, lawyers, licensed paralegals where permitted, legal support providers, government or public-sector agencies, contractors, individual business users, and other customers to manage service jobs, documents, attempts, notes, proofs of service, affidavits, invoicing, reporting, and related workflow activities.
This Policy applies to personal information that ServeFlow controls. When a Customer uploads, stores, generates, or transmits information through the Platform for its own business or legal workflow, the Customer remains responsible for determining whether it has authority to collect, use, disclose, and instruct ServeFlow to process that information. In that context, ServeFlow generally acts as a service provider or processor to the Customer.
This Policy does not apply to third-party websites, applications, payment processors, mapping services, communications tools, or integrations that we do not own or control. Those third parties have their own terms and privacy practices.
The categories of personal information we collect depend on how the Platform is used and what Customers and Authorized Users choose to submit.
We may collect names, business names, job titles, mailing addresses, business addresses, email addresses, telephone numbers, usernames, authentication credentials or tokens, account settings, role permissions, team membership, and similar account information.
We may collect billing contacts, billing addresses, plan information, subscription status, invoices, payment history, tax information, and limited payment-related information. Full payment card or bank account details may be collected and processed by a payment processor rather than stored directly by ServeFlow.
Customers and Authorized Users may upload or generate Customer Data through the Platform, including court or tribunal file numbers, matter names, party names, addresses, workplace addresses, telephone numbers, email addresses, descriptions used for identification, photographs, documents to be served, affidavits, proof-of-service information, notes, attempts, timestamps, optional GPS coordinates, route information, messages, invoices, and status updates.
GPS/location features are not mandatory. If an Authorized User chooses to use mobile or location-enabled features on the Authorized User’s own device, the Platform may collect GPS coordinates, timestamps, IP address, device type, operating system, browser information, usage logs, and related technical information to support attempt records, proofs, routing, auditability, fraud prevention, security, and Platform functionality. Users can disable location services through device or browser settings, although doing so may limit location-based features.
ServeFlow does not use optional GPS/location features to secretly track Service Targets or members of the public. Customers are responsible for ensuring that their Authorized Users understand and agree to location-enabled features where required by law, policy, contract, or workplace practice.
When you contact us, we may collect your contact details, the content of your messages, call notes, support tickets, troubleshooting information, attachments, and related correspondence.
We may collect information about visits to our websites and Platform, including IP address, browser type, device type, referring pages, pages viewed, session duration, links clicked, log data, and cookie identifiers. We may use cookies and similar technologies for authentication, security, preferences, analytics, performance, and, where permitted and enabled, marketing.
If you apply to work with us, contract with us, provide services to us, or become an affiliate or service provider, we may collect contact information, resumes, professional qualifications, business information, background information, references, tax forms, payment details, and related assessment information.
We collect personal information directly from Customers, Authorized Users, applicants, contractors, and website visitors; automatically through the Platform and related technologies; from third-party services that a Customer connects to the Platform; from payment, identity, analytics, security, hosting, communications, and support vendors; and from public or lawful sources where permitted.
Customers may submit personal information about third parties, including Service Target Data. Customers are responsible for ensuring that such information is collected and provided to ServeFlow lawfully and that their use of the Platform complies with applicable court rules, privacy laws, professional duties, client instructions, and contractual obligations.
We use personal information for purposes that are reasonable in the circumstances, including to:
We collect, use, and disclose personal information with consent where required and otherwise as permitted or required by applicable law. Consent may be express or implied depending on the sensitivity of the information and the context. You may withdraw consent where legally available, but doing so may affect our ability to provide the Platform or certain features.
Because Customers may use the Platform to process Service Target Data or legal workflow information about individuals who do not have a direct relationship with ServeFlow, each Customer represents that it has the lawful authority, client instructions, contractual rights, consent, legal obligation, or other basis required to collect, upload, use, disclose, and process Customer Data through the Platform.
Customers must not use the Platform to collect, upload, or disclose personal information in a way that is unlawful, deceptive, excessive, discriminatory, harassing, or unrelated to a legitimate process-serving, legal support, public-sector, or business purpose.
We do not sell personal information. We may disclose personal information in the following circumstances:
ServeFlow’s production Customer Data is stored in Canada. ServeFlow will not intentionally store production Customer Data outside Canada unless the applicable Customer is notified or a written agreement permits it. Business contact information, payment metadata, support communications, analytics, or operational records may be handled by service providers that support the Platform, but ServeFlow will use reasonable contractual, technical, and organizational safeguards for such providers.
For Quebec users and Quebec-related personal information, data stored or processed in another Canadian province is still outside Quebec. Before communicating personal information outside Quebec where Quebec privacy law applies, ServeFlow will use a privacy impact assessment and written contractual safeguards where required. If a Customer is a public-sector or regulated entity with stricter data-residency, procurement, access-to-information, professional, or confidentiality requirements, the Customer must notify ServeFlow before using the Platform for that data.
We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the personal information we handle. These safeguards may include role-based access controls, encryption in transit, encrypted storage where appropriate, audit logs, backups, monitoring, personnel controls, vendor review, incident response procedures, and separation of account permissions.
No system is perfectly secure. Customers and Authorized Users are responsible for keeping credentials confidential, using strong passwords and multi-factor authentication where available, limiting permissions to authorized personnel, promptly removing users who no longer require access, and notifying us immediately of suspected unauthorized access or misuse.
We maintain procedures to assess, contain, investigate, document, and respond to suspected privacy or security incidents. Where we determine that a breach of security safeguards involving personal information under our control creates a real risk of significant harm, we will notify affected individuals, the Office of the Privacy Commissioner of Canada, and any other required regulator or organization as required by applicable law.
Where Customer Data is involved and the Customer controls the affected personal information, we will notify the Customer without unreasonable delay and cooperate reasonably with the Customer’s assessment and legally required notices. We maintain breach and incident records as required by applicable law.
We retain personal information only as long as reasonably necessary for the purposes described in this Policy, for the duration of the Customer relationship, as directed by the Customer, or as required or permitted by law. Retention periods may vary depending on account settings, plan type, legal requirements, backup cycles, billing and tax obligations, dispute resolution, audit needs, fraud prevention, security, and service records.
Unless a written agreement, legal hold, court order, public-sector contract, or applicable law requires a different period, ServeFlow uses the following baseline retention schedule:
| Category | Baseline retention |
|---|---|
| Active account data and Customer Data | Retained while the account is active and as needed to provide the Platform. |
| Closed or cancelled accounts | Customer export access is ordinarily available for 30 days after cancellation, unless the account is suspended for security, non-payment, legal, or abuse reasons. |
| Service job records, attempt logs, proof-of-service records, affidavits, photos saved to a job, and GPS/location data saved to a job | Retained for 7 years after the job is closed or the account is cancelled, whichever is later, unless the Customer’s written agreement or law requires a longer or shorter period. This period is intended to preserve evidence and align with Canadian business recordkeeping needs while avoiding indefinite retention. |
| Billing, tax, invoice, and payment records | Retained for 7 years after the end of the relevant tax or fiscal year, unless law requires otherwise. |
| Security logs and access/audit logs | Ordinarily retained for up to 24 months, or longer if needed for security, fraud prevention, investigation, legal claims, or audit. |
| Privacy requests, complaints, and related correspondence | Retained for 24 months after closure, or longer if needed to show compliance, resolve a dispute, or comply with law. |
| Breach and incident records | Retained for at least 24 months after the incident is determined, and longer if required by law, litigation, insurance, or regulator request. |
| Marketing leads and non-customer inquiries | Retained for up to 24 months after the last meaningful interaction, unless consent, an active relationship, unsubscribe records, or law supports a different period. |
| Support tickets and administrative communications | Retained for up to 3 years after closure, or longer if needed for account administration, security, dispute resolution, or legal compliance. |
| Backups | Deleted, overwritten, or de-identified through normal backup rotation, ordinarily within 90 days after deletion from active systems, unless restoration, security, legal hold, or disaster recovery requires longer. |
Customer Data shared with another Customer, third-party process server, contractor, integration, government body, court, tribunal, or external service may not be fully controlled by ServeFlow and may not be deletable by us. Customers are responsible for managing data they export, file, print, disclose, or transmit outside the Platform.
Individuals may request access to personal information about them that is under our control, request correction of inaccurate information, ask questions about our privacy practices, withdraw consent where legally available, or make a privacy complaint by contacting the Privacy Officer at privacy@serveflow.ca. We will verify identity and authority before responding where appropriate.
We ordinarily respond to access requests within 30 calendar days or within another period permitted by applicable law. We may extend the response period where legally permitted. We may refuse or limit a request where permitted by law, including where disclosure would reveal another person’s personal information, confidential commercial information, privileged information, legal strategy, security-sensitive information, or information that cannot be disclosed under law.
If the request relates to Customer Data controlled by one of our Customers, we may refer the request to that Customer or require the requester to contact the Customer directly. Where required by applicable law, including Quebec law where applicable, we will provide computerized personal information collected from the individual in a structured, commonly used technological format, subject to legal exceptions and technical feasibility.
We may use strictly necessary cookies for authentication, security, session management, fraud prevention, and Platform operation. We may also use preference cookies, analytics cookies, performance cookies, and marketing cookies where enabled.
You can adjust browser settings to block or delete cookies, but some Platform features may not function properly without necessary cookies. Where required, we will provide appropriate cookie notices or consent controls.
We may send commercial electronic messages about ServeFlow products, services, updates, events, offers, and content where permitted by Canada’s anti-spam law and other applicable laws. Marketing messages will identify the sender and include an unsubscribe mechanism. Transactional, account, billing, service, security, and legal notices may still be sent even if you unsubscribe from marketing communications.
We may create, use, and disclose aggregated, anonymized, or de-identified information for analytics, benchmarking, service improvement, research, development, security, and business purposes, provided the information does not identify an individual and is not reasonably capable of being used to identify an individual. We will not attempt to re-identify de-identified information except as permitted by law, such as to validate safeguards or comply with legal obligations.
The Platform is intended for business users who are at least the age of majority in their jurisdiction. We do not knowingly collect personal information directly from children for account registration. Customers must not use the Platform to collect personal information from minors unless they have lawful authority and the collection is necessary for a legitimate process-serving, legal, public-sector, or business purpose.
The Platform may link to or integrate with third-party services. We are not responsible for the privacy practices, security, content, availability, or terms of third-party services. A Customer’s use of third-party services is governed by the terms and privacy policies of those third parties.
We may update this Policy from time to time. If we make material changes, we will provide notice by posting the updated Policy, updating the date above, emailing account administrators, or using another reasonable method. Continued use of the Platform after the effective date of an updated Policy means the Platform will be subject to the updated Policy.
Privacy Officer: Privacy Officer, ServeFlow Process Serving Software
Email: privacy@serveflow.ca
Mailing address: 714 York St Unit 9C, London, ON N5W 2S8, Canada
Telephone: 226-503-9599
Support: support@serveflow.ca
Legal: legal@serveflow.ca
Note de publication: Cette version française doit être mise à la disposition des clients du Québec avant l’acceptation d’un contrat d’adhésion ou de conditions normalisées, lorsque la loi du Québec l’exige.
Dernière mise à jour : April 30, 2026
La présente Politique de confidentialité explique comment ServeFlow Process Serving Software ("ServeFlow", "nous", "notre" ou "nos") recueille, utilise, communique, conserve et protège les renseignements personnels dans le cadre de nos sites Web, de notre application Web, de nos fonctions mobiles, de nos API, du soutien à la clientèle, de la facturation, des communications et des services connexes (collectivement, la "Plateforme").
ServeFlow est un logiciel de flux de travail pour la signification d’actes et la gestion de travaux connexes. La Plateforme peut être utilisée par des agences de signification, cabinets d’avocats, avocats, parajuristes lorsque permis, fournisseurs de services juridiques, organismes gouvernementaux ou publics, entrepreneurs, utilisateurs professionnels individuels et autres clients pour gérer des dossiers, documents, tentatives de signification, notes, preuves de signification, affidavits ou déclarations sous serment, facturation, rapports et activités connexes.
La présente Politique s’applique aux renseignements personnels sous le contrôle de ServeFlow. Lorsqu’un Client téléverse, stocke, crée ou transmet des renseignements dans la Plateforme pour ses propres fins commerciales, juridiques ou administratives, ce Client demeure responsable de déterminer s’il a l’autorité nécessaire pour recueillir, utiliser, communiquer et nous demander de traiter ces renseignements. Dans ce contexte, ServeFlow agit généralement comme fournisseur de services ou sous-traitant du Client.
Les catégories de renseignements personnels que nous recueillons dépendent de l’utilisation de la Plateforme et des renseignements fournis par les Clients et les utilisateurs autorisés. Nous pouvons notamment recueillir :
Les fonctions GPS ou de localisation ne sont pas obligatoires. Lorsqu’un utilisateur autorisé choisit d’utiliser des fonctions mobiles ou de localisation sur son propre appareil, la Plateforme peut recueillir des coordonnées GPS, horodatages, adresses IP, renseignements sur l’appareil, journaux d’utilisation, photographies et notes liées à une tentative ou à un travail. L’utilisateur peut désactiver la localisation dans les paramètres de son appareil ou de son navigateur, mais certaines fonctions pourraient alors être limitées.
ServeFlow n’utilise pas ces fonctions pour suivre secrètement une personne visée par une signification ou un membre du public. Les Clients sont responsables des avis, consentements, politiques d’emploi, autorisations d’appareil et obligations applicables à leurs employés, entrepreneurs, agents ou utilisateurs autorisés.
Nous utilisons les renseignements personnels à des fins raisonnables, notamment pour :
Nous ne vendons pas de renseignements personnels. Nous pouvons communiquer des renseignements personnels :
Les données de production du Client sont stockées au Canada. ServeFlow ne stockera pas intentionnellement les données de production du Client à l’extérieur du Canada sauf si le Client applicable reçoit un avis ou si une entente écrite le permet. Certains renseignements de contact professionnel, métadonnées de paiement, communications de soutien, analyses ou dossiers opérationnels peuvent être traités par des fournisseurs de services nécessaires au fonctionnement de la Plateforme, sous réserve de mesures contractuelles, techniques et organisationnelles raisonnables.
Pour les utilisateurs du Québec et les renseignements assujettis aux lois québécoises, un traitement dans une autre province canadienne constitue tout de même une communication à l’extérieur du Québec. Lorsque la loi du Québec s’applique, ServeFlow utilisera une évaluation des facteurs relatifs à la vie privée et des protections contractuelles écrites avant de communiquer des renseignements personnels à l’extérieur du Québec lorsque requis.
Nous utilisons des mesures administratives, techniques et physiques raisonnables et proportionnelles à la sensibilité des renseignements personnels. Ces mesures peuvent comprendre les contrôles d’accès par rôle, le chiffrement en transit, le stockage chiffré lorsque approprié, les journaux d’audit, les sauvegardes, la surveillance, les contrôles du personnel, l’examen des fournisseurs et les procédures de réponse aux incidents.
Aucun système n’est parfaitement sécurisé. Les Clients et utilisateurs autorisés doivent protéger leurs identifiants, utiliser des mots de passe robustes et l’authentification multifactorielle lorsqu’elle est disponible, limiter les permissions, retirer rapidement les accès inutiles et nous aviser immédiatement de tout accès ou usage non autorisé soupçonné.
Nous maintenons des procédures pour évaluer, contenir, enquêter, documenter et traiter les incidents de confidentialité ou de sécurité soupçonnés. Lorsque nous déterminons qu’une atteinte aux mesures de sécurité concernant des renseignements personnels sous notre contrôle présente un risque réel de préjudice grave, nous aviserons les personnes concernées, le Commissariat à la protection de la vie privée du Canada et tout autre organisme requis, conformément à la loi applicable.
Lorsque des données du Client sont touchées et que le Client contrôle les renseignements en cause, nous aviserons le Client sans délai déraisonnable et coopérerons raisonnablement avec son évaluation et ses avis requis par la loi. Nous conservons les registres d’incidents requis par la loi applicable.
Nous conservons les renseignements personnels seulement aussi longtemps qu’il est raisonnablement nécessaire pour les fins décrites dans la présente Politique, pendant la relation avec le Client, selon les instructions du Client, ou tel que permis ou exigé par la loi. Sauf entente écrite, obligation légale, suspension légale ou ordonnance contraire, ServeFlow applique les périodes de base suivantes :
Vous pouvez demander l’accès aux renseignements personnels sous notre contrôle, demander une correction, poser des questions, retirer votre consentement lorsque disponible, ou déposer une plainte en communiquant avec le responsable de la protection des renseignements personnels à privacy@serveflow.ca. Nous pouvons vérifier votre identité et votre autorité avant de répondre.
Nous répondons généralement aux demandes d’accès dans les 30 jours civils ou dans tout autre délai permis par la loi. Si la demande concerne des données contrôlées par un Client, nous pouvons vous référer au Client ou exiger que vous communiquiez directement avec lui. Lorsque requis par la loi, y compris au Québec, nous fournirons les renseignements personnels informatisés recueillis auprès de la personne dans un format technologique structuré et couramment utilisé, sous réserve des exceptions légales et de la faisabilité technique.
Nous pouvons utiliser des témoins nécessaires pour l’authentification, la sécurité, les sessions, la prévention de la fraude et le fonctionnement de la Plateforme, ainsi que des témoins de préférence, d’analyse, de performance et de marketing lorsque permis et activés. Les communications commerciales électroniques respecteront les exigences applicables, y compris l’identification de l’expéditeur et un mécanisme de désabonnement. La Plateforme peut contenir des liens ou intégrations de tiers; ces tiers ont leurs propres pratiques et conditions.
Responsable de la protection des renseignements personnels : Privacy Officer, ServeFlow Process Serving Software
Courriel : privacy@serveflow.ca
Adresse postale : 714 York St Unit 9C, London, ON N5W 2S8, Canada
Téléphone : 226-503-9599
Soutien : support@serveflow.ca
Avis juridiques : legal@serveflow.ca
