Privacy Policy

1. Introduction

AI Xens ("we," "our," or "us") is committed to protecting the privacy and personal information of our clients, website visitors, and business partners. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

As a strategic AI implementation consulting firm based in Ontario, Canada, we understand the importance of data privacy in the digital age and are committed to maintaining the highest standards of privacy protection.

2. PIPEDA Fair Information Principles

Our privacy practices are built upon the ten Fair Information Principles outlined in PIPEDA:

3. Information We Collect

3.1 Personal Information Collected Directly

We collect personal information that you provide directly to us, including:

• Contact Information: Name, email address, phone number, job title, company name
• Professional Information: Industry, company size, AI implementation challenges, business objectives
• Communication Records: Correspondence, meeting notes, project documentation
• Financial Information: Billing details, payment information (processed through secure third-party payment processors)
• Consultation Information: AI readiness assessment data, strategic planning information, implementation requirements

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Technical Information: IP address, browser type, operating system, device information
• Usage Information: Pages visited, time spent on site, referring websites, click patterns
• Location Information: General geographic location based on IP address

3.3 Information from Third Parties

We may receive information about you from:

• Professional references and business partners
• Public directories and professional networking platforms
• Marketing and analytics service providers

3.4 Your Responsibility for Information Accuracy

4. How We Use and Disclose Personal Information

4.1 Use of Personal Information

We use personal information for the following purposes:

• Providing AI consulting services, assessments, and strategic implementation support
• Communicating about our services and responding to inquiries
• Contract administration, invoicing, and project management
• Sending marketing communications (with explicit consent)
• Improving our website and services through analytics
• Complying with legal and regulatory requirements
• Protecting our rights and interests and those of our clients

4.2 Disclosure of Personal Information

We may disclose personal information in the following circumstances:

• With Consent: When you have provided explicit consent for disclosure
• Service Providers: To trusted third-party service providers who assist us in operating our business (e.g., hosting, analytics, payment processing)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Protection: To protect our rights, property, or safety, or that of our clients or others
• Business Transactions: In connection with a merger, acquisition, or sale of business assets (with appropriate safeguards)

We do not sell, rent, or trade personal information to third parties for their independent use.

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage.

5.2 Types of Cookies We Use

• Essential Cookies: Necessary for basic website functionality and security
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising and marketing (only with consent)

5.3 Cookie Consent and Management

We respect your privacy and give you full control over cookie usage on our website. You can manage your preferences at any time through our cookie preference center.

Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

• Know what cookies and tracking technologies we use
• Access information about your browsing data
• Withdraw consent for non-essential cookies at any time
• Request deletion of your personal information
• File a complaint with the Privacy Commissioner of Canada

You can manage your cookie preferences by:

• Adjusting your browser settings to block or delete cookies
• Using the cookie preference center on our website
• Opting out of Vercel Web Analytics using their opt-out browser add-on

5.4 Third-Party Analytics

We use Vercel Web Analytics to analyze website traffic and usage patterns. Vercel Analytics may collect information about your use of our website and other websites. For more information about Vercel's privacy practices, visit Vercel's Privacy Policy.

6. Data Security and Protection

6.1 Security Measures

We implement appropriate technical, physical, and organizational security measures to protect personal information against unauthorized access, use, disclosure, alteration, or destruction, including:

• Encryption of data in transit and at rest
• Secure hosting infrastructure with regular security updates
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Employee training on privacy and security practices
• Secure disposal of personal information when no longer needed

6.2 Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal requirements, resolve disputes, and enforce our agreements. Specific retention periods include:

• Client Records: 7 years after completion of services (for business and tax purposes)
• Marketing Communications: Until consent is withdrawn or contact becomes inactive
• Website Analytics: 12 months (Vercel Web Analytics default)
• General Inquiries: 2 years after last contact

6.3 Data Breach Response

In the event of a data breach that poses a real risk of significant harm, we will:

• Notify the Privacy Commissioner of Canada as soon as feasible
• Notify affected individuals if the breach creates a real risk of significant harm
• Take immediate steps to contain and remedy the breach
• Maintain records of all breaches as required by law

7. Your Privacy Rights

7.1 Access to Personal Information

You have the right to request access to the personal information we hold about you, including:

• What personal information we have collected
• How we have used your personal information
• To whom we have disclosed your personal information

7.2 Correction of Personal Information

You may request correction of any inaccurate or incomplete personal information we hold about you. We will make reasonable efforts to correct the information and notify third parties who received the incorrect information.

7.3 Withdrawal of Consent

You may withdraw your consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. This may affect our ability to provide certain services.

7.4 Marketing Communications

You may opt out of marketing communications at any time by:

• Clicking the unsubscribe link in our emails
• Contacting our Privacy Management
• Updating your preferences through our website

7.5 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Management using the contact information provided below. We will respond to your request within 30 days and may require verification of your identity.

8. International Data Transfers

Your personal information is primarily stored and processed in Canada. However, some of our service providers may be located outside of Canada, including the United States. When we transfer personal information outside of Canada, we ensure appropriate safeguards are in place to protect your privacy rights.

By using our services, you consent to the transfer of your personal information to these locations for the purposes described in this Privacy Policy.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. Privacy Complaints Process

10.1 Internal Complaint Process

If you have concerns about our privacy practices, please contact our Privacy Management first. We will:

1. Acknowledge receipt of your complaint within 5 business days
2. Investigate your complaint thoroughly and impartially
3. Provide a written response within 30 days of receiving your complaint
4. Take appropriate corrective action if your complaint is substantiated

10.2 External Complaint Options

If you are not satisfied with our response to your privacy complaint, you may file a complaint with:

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will post the updated policy on our website and indicate the effective date of the changes.

For material changes that may affect how we use your personal information, we will provide additional notice and may seek your consent where required by law.

12. Contact Information