Privacy Policy

Last updated: March 17, 2026 (v3)  |  Effective: March 15, 2026

This Privacy Policy describes how PVRPOSE AI ("we", "us", or "our"), operated by Coach Juan Gonzalez, collects, uses, and protects personal information in connection with our website at pvrpose.ai and our AI executive assistant services.

We are based in Montreal, Quebec, Canada. This policy is designed to align with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (commonly known as Law 25), and Canada's Anti-Spam Legislation (CASL). We also endeavour to respect GDPR principles for visitors from the European Union.

1. Who This Policy Applies To

This policy applies to anyone who visits our website, contacts us by email, submits a form, books a consultation, or engages us as a client for PVRPOSE AI services.

2. Privacy Officer

In accordance with Quebec Law 25, PVRPOSE AI has designated a Privacy Officer responsible for overseeing personal information practices and handling privacy-related inquiries and complaints.

Privacy Officer: Coach Juan Gonzalez
Email: juan@pvrpose.ai
Location: Montreal, Quebec, Canada

3. What Personal Information We Collect

We may collect the following categories of personal information:

• Contact information: name, email address, phone number
• Professional information: company name, job title, industry
• Communication records: emails, messages, and notes from consultations
• Website usage data: pages visited, time on site, referring URL (via analytics tools)
• Technical data: IP address, browser type, device type (collected automatically via cookies)
• Payment information: billing details (processed by third-party payment processors -- we do not store card numbers)

We collect only the minimum information necessary for the purposes described in this policy.

4. How We Collect Personal Information

• Directly from you, when you fill out a contact or application form on our website
• When you book a consultation via our scheduling tool
• When you email or message us directly
• Automatically through cookies and analytics when you visit our website
• Through third-party services such as Google Analytics, where you have consented

5. Why We Collect and Use Personal Information

We use personal information for the following purposes:

• To respond to inquiries and provide requested services
• To deliver and support our AI executive assistant builds
• To send commercial electronic messages you have expressly consented to receive (CASL-compliant)
• To improve our website and services
• To fulfill contractual obligations
• To comply with applicable laws and regulations

We will not use your personal information for purposes other than those described above without first obtaining your consent, unless required or permitted by law.

6. Legal Basis for Processing

We process your personal information based on one or more of the following:

• Your consent -- for marketing communications and non-essential cookies
• Contractual necessity -- to fulfill a service agreement with you
• Legal obligation -- where required by Canadian law
• Legitimate interests -- for website analytics and service improvement, where not overridden by your privacy rights

7. Commercial Electronic Messages (CASL)

We comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages (emails, newsletters, or promotional content) if you have provided express or implied consent as defined under CASL.

Every commercial message we send will clearly identify us, include our contact information, and contain a simple, working unsubscribe mechanism. You may withdraw consent at any time by clicking "unsubscribe" in any email or by contacting us at juan@pvrpose.ai.

8. Data Storage and Infrastructure

Our AI executive assistant service (PVRPOSE AI OS) is built on infrastructure we configure and control. We do not maintain a central shared database of client business data accessible to other clients under normal operating conditions. Logical separation is maintained at the application layer.

The system operates using established cloud infrastructure and delivery services, including hosting platforms, messaging interfaces (Telegram, Slack), and third-party APIs. Each provider operates under its own security standards. A full list of infrastructure providers used in service delivery is available on request.

AI inference in our service uses Anthropic's API (Claude). When a task requires AI processing, the relevant content is transmitted to Anthropic's servers for that purpose. In this relationship, PVRPOSE AI acts as the party directing data processing. Anthropic processes data under the terms governing API usage, including data handling commitments in Anthropic's published API usage policies. PVRPOSE AI is in the process of executing a formal Data Processing Addendum (DPA) with Anthropic to document this relationship under Loi 25 s.17.3 standards.

Anthropic's API terms permit customers to opt out of having their data used for AI model training. PVRPOSE AI has opted out of training data use at the API account level. Anthropic retains a limited right to use data flagged for safety review regardless of opt-out status -- this is standard across AI API providers. You can review Anthropic's current policies at anthropic.com/legal/privacy. Their terms are subject to change; we monitor for material updates.

Our website is hosted on Vercel. Analytics data may be processed by Google Analytics. By using our website, you consent to the use of cookies as described in our cookie notice.

Cross-Border Transfer Disclosure (Quebec Law 25 / Loi 25 -- Section 17)

The United States does not have privacy laws equivalent to Quebec's Act respecting the protection of personal information in the private sector (Loi 25) or Canada's PIPEDA. Data transmitted to US-based processors may be subject to different legal protections than those available under Quebec or Canadian law, including potential access by US authorities under applicable US law.

The following processors involve cross-border data transfer:

• Anthropic (San Francisco, California, USA) -- AI inference processing. Data transmitted to Anthropic's US servers when AI tasks are processed. We rely on Anthropic's API Terms of Service as contractual safeguards. A Privacy Impact Assessment for this transfer has been completed and is on file.
• Slack Technologies, LLC (San Francisco, California, USA) -- Where Slack is used as a messaging interface for PVRPOSE AI OS, message content and metadata are processed on Slack's US-based servers. Slack is a data processor; PVRPOSE AI is the data controller for workspace data. Slack uses customer message data for predictive ML features (e.g., search, recommendations) unless the workspace administrator opts out by emailing feedback@slack.com with subject line "Slack Global model opt-out request." Slack does not use customer data to train generative AI models. We rely on Slack's published privacy terms as contractual safeguards.
• Telegram (corporate entities: Telegraph Inc., British Virgin Islands; Telegram FZ-LLC, Dubai) -- Where Telegram is used as a messaging interface for PVRPOSE AI OS, message content is routed through Telegram's servers. Cloud chat history is stored on Telegram's servers (Netherlands for EEA users; storage jurisdiction for Canadian users is not specified by Telegram). Telegram's privacy policy does not address AI/ML training use of message data. We rely on Telegram's published privacy terms; we recommend using Telegram's Secret Chat feature for sensitive communications, as secret chats are not stored on Telegram's servers.

We have reviewed each transfer against the requirements of Loi 25 Section 17 and rely on contractual safeguards with each processor. A Privacy Impact Assessment covering these cross-border transfers is on file. If you have questions, contact us at juan@pvrpose.ai.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer required, we securely delete or anonymize it.

General retention guidelines:

• Client project records: retained for 7 years from project completion (for tax and legal purposes)
• Marketing consent records: retained for the duration of the relationship plus 3 years
• Website analytics data: retained per Google Analytics' default retention settings (up to 14 months)
• Inquiry emails: retained for up to 2 years if no engagement results

10. Your Rights

Under PIPEDA and Quebec Law 25, you have the following rights regarding your personal information:

• Right of access: You may request a copy of the personal information we hold about you
• Right to correction: You may request that inaccurate information be corrected
• Right to withdraw consent: You may withdraw consent for processing at any time (subject to legal or contractual restrictions)
• Right to erasure: In certain circumstances, you may request deletion of your personal information
• Right to data portability: Under Quebec Law 25, you may request your data in a structured, commonly used format
• Right to object to automated decision-making: Where automated systems are used to make decisions that affect you, you have the right to be informed and to request human review

To exercise any of these rights, contact us at juan@pvrpose.ai. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

11. Cookies

Our website uses cookies to improve your experience and gather analytics data. You will be presented with a cookie consent notice on your first visit. You may accept or decline non-essential cookies at that time.

We use the following types of cookies:

• Strictly necessary: Required for the website to function. Cannot be disabled.
• Analytics: Help us understand how visitors use our site (Google Analytics). Only set with your consent.
• Preference: Remember your settings and choices.

12. Third-Party Services

Our website and services use the following third-party services that may process your data:

• Anthropic (Claude API) -- Data sub-processor. AI inference for the PVRPOSE AI OS service. US-based. See Section 8 for full disclosure.
• Telegram -- Data processor (where used as messaging interface). Message routing and delivery for PVRPOSE AI OS. Corporate entities in British Virgin Islands and Dubai. See Section 8 for full disclosure.
• Slack Technologies, LLC -- Data processor (where used as messaging interface). Message routing and delivery for PVRPOSE AI OS. US-based. See Section 8 for full disclosure and opt-out instructions.
• Vercel -- Website hosting. US-based. Data limited to website traffic.
• Google Analytics -- Website usage analytics (with consent). US-based.
• Calendly -- Consultation booking. US-based. Data limited to booking information.
• Airtable -- CRM and business contact management (internal use). Stores contact information of prospects and clients (names, emails, company details). Airtable is a US-based processor; their Data Processing Addendum governs handling of this data. Client end-user personal data is not stored in Airtable.

Each third-party service has its own privacy policy. We are not responsible for their data practices, but we select providers that maintain appropriate data protection standards and we disclose their involvement as required under Loi 25 and PIPEDA.

13. AI Data Processing -- Client Business Data

This section applies specifically to clients who engage PVRPOSE AI for service delivery (PVRPOSE EA, EA Amplify, EA Scale, or Pioneer Audit).

As part of building and operating your PVRPOSE AI OS, we handle business data you provide, including workflow descriptions, communication templates, client names, operational procedures, and similar information. This data is used exclusively for the purpose of building and operating your AI executive assistant system.

What we do with your business data:

• Use it to configure, build, and operate your PVRPOSE AI OS
• Transmit relevant content to Anthropic's API for AI processing (see Section 8)
• Retain it for the duration of the service engagement and as required for support

What we do not do with your business data:

• We do not sell it
• We do not share it with other clients
• We do not use it for our own marketing purposes
• We do not use it to train AI models. PVRPOSE AI has opted out of training data use at the Anthropic API level. Anthropic retains a limited right to use data flagged for safety review under their standard terms -- this exception applies regardless of opt-out status, is disclosed in our Privacy Policy Section 8, and is standard across enterprise AI API providers.
• We do not share it with third parties except as required for service delivery (e.g., Anthropic API processing, infrastructure providers listed in Section 12)

Client agreements include specific data handling and confidentiality provisions. If you have questions about how your business data is handled, contact us at juan@pvrpose.ai.

14. Security

We take reasonable technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include access controls, encrypted communications, and restricted data access on a need-to-know basis.

14.1 No Absolute Security Warranty

No method of transmission over the internet, and no method of electronic storage, is 100% secure. While we implement commercially reasonable safeguards consistent with industry standards, we cannot and do not warrant or represent that personal information will be free from unauthorized access, loss, alteration, interception, or disclosure. You acknowledge and accept this inherent limitation of all digital systems. Use of our services constitutes acceptance of this risk.

14.2 Third-Party Platform Security

Our services depend on third-party platforms including Anthropic (Claude API), Telegram (BVI/Dubai), and Slack (USA). Each of these platforms operates its own independent infrastructure under its own security standards, terms of service, and privacy policies. We have no control over the security practices, infrastructure, or data handling of these platforms. We are not responsible for any unauthorized access, breach, loss, or disclosure of data that occurs at the platform level -- including within Anthropic's systems, Telegram's systems, or Slack's systems -- regardless of whether such event is caused by the platform's own negligence, a third-party attack, or any other cause beyond our control.

We have taken the following reasonable steps to minimize exposure on these platforms:

• Opted out of Anthropic's model training at the API account level (subject to Anthropic's safety-review exception)
• Configured data minimization practices to limit what personal information is transmitted to third-party APIs
• Recommended use of Telegram Secret Chat for sensitive communications
• Included Slack's ML opt-out in our platform configuration (pending confirmation)

These steps reflect our best reasonable efforts. They do not and cannot guarantee security outcomes on platforms we do not control.

14.3 Breach Notification

In the event of a confidentiality incident involving personal information that creates a real risk of serious injury to affected individuals, we will notify those individuals and the Commission d'acces a l'information (CAI) as soon as reasonably possible, as required by Quebec Law 25 (An Act Respecting the Protection of Personal Information in the Private Sector). We will also notify the Office of the Privacy Commissioner of Canada (OPC) where PIPEDA applies. If you believe your personal information has been compromised, contact us immediately at juan@pvrpose.ai.

14.4 Limitation of Our Security Liability

To the maximum extent permitted by applicable law, PVRPOSE AI's liability for any security incident, confidentiality breach, or unauthorized disclosure of personal information shall be limited to direct damages only and subject to the aggregate liability cap set out in our Terms of Service. We are not liable for any security failure attributable to a third-party platform, a force majeure event, your own actions or omissions, or any cause beyond our reasonable control. This limitation applies regardless of the legal theory asserted (contract, tort, negligence, statutory, or otherwise).

15. Children's Privacy

Our services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website or services after any update constitutes your acceptance of the revised policy.

17. Contact Us and Complaints

If you have questions, concerns, or a complaint about how we handle your personal information, please contact our Privacy Officer:

Coach Juan Gonzalez
PVRPOSE AI
Montreal, Quebec, Canada
juan@pvrpose.ai

If you are not satisfied with our response, you have the right to contact the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca, or the Commission d'acces a l'information du Quebec (CAI) at www.cai.quebec.ca for Quebec Law 25 matters.