Privacy Policy

Effective Date: March 2, 2026
Last Updated: March 2, 2026

1. Introduction

PVRPOSE AI ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and international regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website pvrpose.ai, use our services, or interact with us.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Complete our AI Readiness Assessment
  • Subscribe to our newsletter or resources (e.g., "5 Signs Your Business Is Ready for AI")
  • Schedule a discovery call via Calendly
  • Contact us via email or contact forms
  • Engage with our services

Data Collected:

  • Contact Information: First name, email address
  • Assessment Data: Responses to AI readiness questions, business pain points, priorities
  • Business Information: Industry, team size, revenue indicators (optional)
  • Consent Records: Marketing consent, timestamp, jurisdiction

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

  • Usage Data: Pages viewed, time spent, links clicked, scroll depth
  • Device Information: Browser type, operating system, device type (mobile/desktop)
  • Location Data: Country, province/state (based on IP address, anonymized)
  • Analytics Data: Via Google Analytics 4 (GA4) with IP anonymization enabled
  • Cookies: See Section 5 for cookie details

2.3 Information from Third Parties

We may receive information from third-party services you use to interact with us:

  • Calendly: Appointment scheduling data (name, email, meeting preferences)
  • LinkedIn: If you engage with our LinkedIn content (public profile data only)
  • Airtable: Submission data storage (we are the data controller)

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

  • Provide AI Readiness Assessment results and personalized recommendations
  • Send requested resources (e.g., "5 Signs" PDF checklist)
  • Schedule and conduct discovery calls
  • Deliver AI automation services to clients

3.2 Marketing & Communication (With Consent)

  • Send educational content, case studies, and industry insights
  • Notify you of new services, webinars, or resources
  • Follow up on assessment submissions or inquiries

CASL Compliance: We only send Commercial Electronic Messages (CEMs) to recipients who have provided express consent. You can unsubscribe at any time via the link in every email.

3.3 Analytics & Improvement

  • Analyze website performance and user behavior (anonymized data)
  • Improve our services, content, and user experience
  • Conduct A/B testing to optimize conversion rates

3.4 Legal & Compliance

  • Comply with legal obligations (e.g., tax records, PIPEDA audits)
  • Prevent fraud, spam, and abuse
  • Protect our rights, property, and safety

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Consent: You have explicitly agreed to receive marketing emails or resources.
  • Contractual Necessity: Processing is required to deliver services you've requested.
  • Legitimate Interests: Analytics, fraud prevention, and business operations (balanced against your rights).
  • Legal Compliance: Required by law (e.g., tax records, data protection regulations).

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze website performance.

5.1 Types of Cookies

Cookie Type Purpose Duration
Essential Cookie consent tracking, session management 1 year
Analytics Google Analytics 4 (anonymized IP) 2 years
Functional Exit popup tracking (one-time display) 30 days

5.2 Managing Cookies

You can control cookies through:

  • Cookie Banner: Accept or decline non-essential cookies when you first visit our site
  • Browser Settings: Most browsers allow you to block or delete cookies (instructions: allaboutcookies.org)
  • Opt-Out Tools: Google Analytics opt-out: tools.google.com/dlpage/gaoptout

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We only share data with:

6.1 Service Providers

  • Vercel: Website hosting and serverless functions
  • Airtable: Assessment data storage and CRM
  • Google Analytics: Website analytics (anonymized data)
  • Calendly: Appointment scheduling

All service providers are bound by data processing agreements (DPAs) and must comply with PIPEDA, GDPR, and applicable privacy laws.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Marketing Contacts: Until you unsubscribe, or 2 years of inactivity
  • Assessment Data: 1 year for service improvement
  • Client Records: 7 years (tax/legal compliance requirements)
  • Analytics Data: 26 months (Google Analytics default)

8. Your Privacy Rights

8.1 PIPEDA Rights (Canada)

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update inaccurate or incomplete data
  • Withdraw Consent: Unsubscribe from marketing emails at any time
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

8.2 GDPR Rights (EEA)

You have additional rights:

  • Erasure ("Right to Be Forgotten"): Request deletion of your data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests

8.3 CCPA Rights (California)

California residents have the right to:

  • Know what personal information is collected and how it's used
  • Request deletion of personal information
  • Opt-out of the "sale" of personal information (we do not sell data)
  • Non-discrimination for exercising privacy rights

8.4 Quebec Privacy Rights (Law 25 / Loi 25)

Quebec residents have additional rights under Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64, fully in force September 2023), including:

  • Right to De-indexation: Request that information about you published online be de-indexed or re-anonymized where it causes you harm
  • Right to Portability: Request your personal information be communicated to you or transferred to another organization in a structured, commonly used technological format
  • Right to be Informed of Automated Decisions: Be informed when a decision is made solely based on automated processing of your personal information, and request that a person review the decision
  • Right to Withdraw Consent: Withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice
  • Stricter Consent Rules: Consent must be manifestly free, informed, and given for specific purposes

To exercise any of these rights, contact our Privacy Officer at juan@pvrpose.ai with the subject line "Quebec Privacy Rights Request – [Your Name]". We will respond within 30 days.

8.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Privacy Request:

Email: juan@pvrpose.ai

Subject Line: "Privacy Rights Request - [Your Name]"

We will respond to verified requests within 30 days (PIPEDA/GDPR) or 45 days (CCPA).

9. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: HTTPS/TLS encryption for data transmission
  • Access Controls: Role-based access to personal data (need-to-know basis)
  • Secure Storage: Data stored on SOC 2 Type II compliant platforms (Vercel, Airtable)
  • Regular Audits: Security reviews and vulnerability assessments
  • Breach Protocol: Incident response plan compliant with PIPEDA/GDPR notification requirements

10. International Data Transfers

PVRPOSE AI is based in Canada. If you are accessing our services from outside Canada (e.g., EEA, USA), your data may be transferred to and processed in Canada or the United States (where our service providers operate).

Safeguards: We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Data Processing Agreements (DPAs) with all service providers
  • Compliance with PIPEDA's cross-border data transfer rules

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, contact us immediately at juan@pvrpose.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification (if you're on our mailing list)

Your continued use of our services after changes indicates acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

PVRPOSE AI

Privacy Officer: Juan Gonzalez

Email: juan@pvrpose.ai

Website: pvrpose.ai

Mailing Address: 124 Louis Riel, Dollard-des-Ormeaux, H9B 3B5, Quebec, Canada

Office of the Privacy Commissioner of Canada:
If you are not satisfied with our response, you may file a complaint at priv.gc.ca

Document Version: 1.0
Compliance: PIPEDA, CASL, GDPR, CCPA, AODA/WCAG AA
Jurisdiction: Canada (Primary), with international applicability

↑ Back to Top