Profilyt Logo
🌐 EN | FR
Aligned with PIPEDA

Privacy Policy

Last updated: August 2025

Contact Privacy Officer

Profilyt (“we”, “our”, “us”) is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

This policy explains why we collect personal information, how we use it, and your choices, including access, correction, and how to make a complaint.

1. Scope

Applies to all interactions with our services (AI conversational assistant, profile PDF generation, dashboards, and website).

2. PIPEDA Principles

  • Accountability – We designate a Privacy Officer and remain responsible for personal information under our control, including information handled by service providers.
  • Identifying Purposes – We identify purposes at or before collection (e.g., onboarding via conversational forms, profile generation, account management, security).
  • Consent – We obtain valid consent appropriate to the sensitivity and context; you may withdraw consent subject to legal/contractual limits and reasonable notice.
  • Limiting Collection – We collect only what is necessary for the identified purposes.
  • Limiting Use, Disclosure & Retention – We use/disclose only for those purposes (or as required by law) and retain only as long as necessary.
  • Accuracy – We keep information as accurate, complete, and up-to-date as needed.
  • Safeguards – We protect information with administrative, technical, and physical safeguards proportional to sensitivity.
  • Openness – This policy explains our practices in plain language.
  • Individual Access – You can request access and corrections.
  • Challenging Compliance – You can challenge our compliance with our Privacy Officer or the OPC.

3. Information We Collect

  • Account & organization data (name, email, organization, role, authentication details).
  • Conversation inputs & uploaded files used to generate structured profiles.
  • Technical/usage data (logs, IP, device/browser, timestamps, language settings).
  • Billing & subscription data (plan, invoices, payment status).
  • Support communications and preferences.

4. How We Use Information

  • Provide, operate, and improve our services and PDFs.
  • Configure conversations from your form templates and generate profiles.
  • Security, fraud prevention, quality assurance, analytics.
  • Communications about service, updates, and support.
  • Legal compliance and enforcing terms.

We obtain meaningful consent (implicit or express depending on sensitivity). You may withdraw consent; doing so may affect service delivery where information is necessary.

6. AI & Automated Decision-Making Transparency

Our assistant helps structure information conversationally. We do not make binding legal decisions about you solely via automated processing. You may request an explanation of how inputs inform outputs in your session and ask for human review of important outcomes where applicable.

7. Disclosure to Service Providers & Cross‑Border Transfers

We use carefully selected service providers (e.g., hosting, infrastructure, AI processing, billing). Personal information may be processed in Canada, the United States, or other jurisdictions. We use contractual and organizational measures to ensure comparable protection and remain accountable for personal information handled on our behalf.

8. Security Safeguards

We employ layered safeguards (encryption in transit, access controls, least-privilege, monitoring, secure development practices, periodic reviews) proportionate to sensitivity.

9. Breach Notification (RROSH)

If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and report to the Office of the Privacy Commissioner of Canada (OPC) as required, and keep records of all breaches.

10. Retention & De‑Identification

We retain personal information only as long as needed for identified purposes or as required by law. Where feasible, we de‑identify or aggregate data for analytics and service improvement; de‑identified data is not used to re‑identify individuals.

11. Access & Correction

You may request access to your personal information and request corrections if inaccurate or incomplete. Contact our Privacy Officer (details below). We may require verification and will respond within timelines set by law.

12. Children’s Privacy

Our services are intended for business use and not directed to children under the age required by applicable law. We do not knowingly collect information from children without appropriate authorization.

13. Cookies & Similar Technologies

We use essential and functional cookies to provide and improve the service and understand usage. You can control cookies via browser settings; some features may be limited.

14. Openness & Updates to this Policy

We may update this policy to reflect changes in practices or legal requirements. The “Last updated” date indicates the current version. Significant changes will be communicated appropriately.

15. Challenging Compliance & Complaints

You may contact our Privacy Officer with questions or complaints. If unresolved, you may submit a complaint to the Office of the Privacy Commissioner of Canada (OPC). See contact details below.

16. Contact

Privacy Officer – Profilyt (Powered by Triumva)
support@profilyt.com

Office of the Privacy Commissioner of Canada (OPC)
Toll‑free: 1‑800‑282‑1376
Online: File a complaint

On this page 1. Scope 2. PIPEDA Principles 3. Information We Collect 4. How We Use 5. Consent 6. AI Transparency 7. Service Providers & Cross‑Border 8. Security 9. Breach (RROSH) 10. Retention 11. Access 12. Children 13. Cookies 14. Openness 15. Complaints 16. Contact
© 2025 Profilyt. All rights reserved.