This Privacy Policy ("Policy") describes how Crownwell Advisory Inc. ("Company," "we," "us," or "our") collects, uses, processes, stores, shares, and protects personal information in connection with our artificial intelligence services, software, platforms, and related offerings (collectively, the "Services").
This Policy applies to all users of our Services, including clients, website visitors, and any individuals whose personal information we process in connection with our business operations. We are committed to protecting your privacy and complying with applicable data protection laws, including:
The General Data Protection Regulation (GDPR) and UK GDPR
The Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws in Canada
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other applicable US state and federal privacy laws
Data Controller Information:
Company Name: Crownwell Advisory Inc.
Address: 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada
Email: [email protected]
Phone: 403-667-7245
EU Representative: Nichita Bobu, [email protected]
UK Representative: Nichita Bobu, [email protected]
2.1 Information You Provide Directly
Account and Profile Information:
Name, email address, phone number, job title, company name
Username, password, and account preferences
Profile photos or avatars
Billing and payment information (processed through third-party payment processors)
Communication Information:
Messages, inquiries, and correspondence with us
Feedback, reviews, and survey responses
Support ticket information and chat logs
Marketing preferences and communication consents
Service-Related Information:
AI model inputs, prompts, and queries you submit
Content you upload, generate, or process through our Services
Project details, configurations, and custom settings
Integration and API usage data
2.2 Information Automatically Collected
Technical Information:
IP address, device identifiers, and browser information
Operating system, device type, and technical specifications
Log files, error reports, and diagnostic information
Network connection details and geographic location data
Usage Analytics:
Pages visited, features used, and time spent on Services
Click patterns, navigation paths, and user interactions
API calls, processing requests, and system performance metrics
Session duration, frequency of use, and access patterns
Cookies and Tracking Technologies:
Essential cookies for Service functionality
Analytics cookies for performance monitoring
Preference cookies for personalization
Marketing cookies (with consent where required)
2.3 Information from Third Parties
Integration Partners:
Data received through authorized API integrations
Information from connected third-party services
Enterprise directory information (with appropriate authorization)
Public Sources:
Publicly available business information
Professional networking platforms (where permitted)
Industry databases and directories
We process personal information based on the following legal grounds:
Consent (Article 6(1)(a)):
Marketing communications (where consent is required)
Non-essential cookies and tracking
Processing sensitive personal data (where applicable)
Contract Performance (Article 6(1)(b)):
Providing Services to clients
Account creation and management
Payment processing and billing
Customer support and service delivery
Legitimate Interests (Article 6(1)(f)):
Service improvement and development
Security monitoring and fraud prevention
Analytics and performance optimization
Business communications and relationship management
Legal Obligation (Article 6(1)(c)):
Compliance with applicable laws and regulations
Tax and financial reporting requirements
Data retention obligations
Vital Interests (Article 6(1)(d)):
Emergency situations requiring immediate action
Public Task (Article 6(1)(e)):
Compliance with regulatory requirements
4.1 Service Provision
Delivering, operating, and maintaining our AI Services
Processing AI model requests and generating responses
Managing user accounts and authentication
Providing customer support and technical assistance
Facilitating integrations with third-party platforms
4.2 Business Operations
Processing payments and managing billing
Conducting business analytics and performance monitoring
Improving and developing new Services and features
Maintaining security and preventing fraud
Complying with legal and regulatory requirements
4.3 Communications
Sending service-related notifications and updates
Providing customer support and responding to inquiries
Delivering marketing communications (with appropriate consent)
Conducting surveys and collecting feedback
4.4 Legal and Security
Protecting against fraud, abuse, and security threats
Enforcing our Terms of Service and other policies
Complying with legal obligations and regulatory requirements
Defending legal claims and protecting our rights
5.1 Training Data
We may use aggregated, anonymized data to improve our AI models
Personal information is not used for model training without explicit consent
We implement data minimization principles in model development
Training processes comply with applicable privacy laws
5.2 Model Inputs and Outputs
User inputs to AI models are processed to generate responses
We may temporarily store inputs for processing optimization
Outputs are generated based on model parameters and user inputs
We implement safeguards to prevent unauthorized data exposure
5.3 Automated Decision-Making
Our Services may involve automated processing and decision-making
Users have rights regarding automated decision-making under GDPR
We provide mechanisms for human review where legally required
Profiling activities are conducted in compliance with applicable laws
6.1 Service Providers and Partners
We may share personal information with:
- Cloud hosting and infrastructure providers
- Payment processors and financial institutions
- Customer support and communication platforms
- Analytics and monitoring service providers
- Security and fraud prevention services
6.2 Business Transfers
In connection with mergers, acquisitions, or asset sales, personal information may be transferred to the acquiring entity, subject to appropriate privacy protections.
6.3 Legal Requirements
We may disclose personal information when required by law, including:
- Court orders, subpoenas, and legal processes
- Government investigations and regulatory inquiries
- Emergency situations involving public safety
- Enforcement of our Terms of Service
6.4 Consent-Based Sharing
We may share information with third parties when you provide explicit consent for such sharing.
7.1 Cross-Border Transfers
We may transfer personal information across international borders to provide our Services. Such transfers are conducted in accordance with applicable data protection laws.
7.2 GDPR Transfer Mechanisms
For transfers from the EEA/UK, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules (where applicable)
- Additional technical and organizational measures
7.3 Canadian Transfer Requirements
For transfers from Canada, we ensure appropriate protection through:
- Contractual commitments with recipients
- Assessment of recipient country privacy laws
- Implementation of additional safeguards where necessary
8.1 Retention Principles
We retain personal information only as long as necessary for:
- Fulfilling the purposes for which it was collected
- Complying with legal and regulatory requirements
- Defending legal claims and protecting our interests
- Providing ongoing Services to users
8.2 Specific Retention Periods
- Account information: Duration of account plus 7 years
- Service usage data: 3 years from collection
- Communication records: 7 years from last interaction
- Payment information: As required by financial regulations
- Marketing data: Until consent is withdrawn or 3 years of inactivity
8.3 Secure Deletion
Upon expiration of retention periods, we securely delete or anonymize personal information using industry-standard methods.
9.1 Technical Safeguards
Encryption of data in transit and at rest
Multi-factor authentication and access controls
Regular security assessments and penetration testing
Intrusion detection and monitoring systems
Secure software development practices
9.2 Organizational Measures
Privacy and security training for employees
Incident response and breach notification procedures
Regular policy reviews and updates
Third-party security assessments
Data minimization and purpose limitation practices
9.3 AI-Specific Security
Model security and prompt injection prevention
Output filtering and content moderation
Bias detection and mitigation measures
Adversarial attack protection
10.1 GDPR/UK GDPR Rights (EEA/UK Residents)
Right of Access: Request copies of your personal information
Right of Rectification: Correct inaccurate personal information
Right of Erasure: Request deletion of personal information
Right to Restrict Processing: Limit how we process your information
Right to Data Portability: Receive your information in a portable format
Right to Object: Object to certain types of processing
Rights regarding Automated Decision-Making: Human review of automated decisions
Right to Withdraw Consent: Withdraw consent for consent-based processing
10.2 CCPA/CPRA Rights (California Residents)
Right to Know: Information about data collection and use
Right to Delete: Request deletion of personal information
Right to Correct: Correct inaccurate personal information
Right to Opt-Out: Opt out of sale/sharing of personal information
Right to Limit Use of Sensitive Information: Limit use of sensitive data
Right to Non-Discrimination: Equal treatment regardless of privacy choices
10.3 PIPEDA Rights (Canadian Residents)
Right of Access: Request access to personal information
Right to Challenge Accuracy: Correct inaccurate information
Right to Withdraw Consent: Withdraw consent where applicable
Right to File Complaints: Lodge complaints with privacy commissioners
10.4 Exercising Your Rights
To exercise your privacy rights:
Email: [email protected]
Phone: 403-667-7245
Mail: Crownwell Advisory Inc., 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada
We will respond to requests within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).
11. CHILDREN'S PRIVACY
Our Services are not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly and terminate the associated account.
12.1 Categories of Personal Information
[Include detailed CCPA categories and disclosures]
12.2 Sale and Sharing
We do not sell personal information in the traditional sense. We may share information for targeted advertising, which may constitute "sharing" under CCPA.
12.3 Sensitive Personal Information
We limit the use of sensitive personal information to necessary business purposes and services requested by consumers.
13.1 Cookie Types
Strictly Necessary: Essential for Service functionality
Performance: Analytics and optimization
Functional: Preferences and personalization
Targeting: Marketing and advertising (with consent)
13.2 Cookie Management
Users can manage cookie preferences through:
- Browser settings and controls
- Our cookie preference center
- Opt-out mechanisms for marketing cookies
13.3 Do Not Track
We respond to Do Not Track signals and similar mechanisms as required by applicable law.
We may update this Privacy Policy periodically. Material changes will be communicated through:
- Email notifications to registered users
- Prominent notices on our website
- In-app notifications where applicable
- The "Last Updated" date indicates when changes were made. Continued use of our Services after updates constitutes acceptance of the revised Policy.
15.1 Privacy Officer/Data Protection Officer
Nichita Bobu, CEO & Privacy Officer
Email: [email protected]
Phone: 403-667-7245
Address: Crownwell Advisory Inc., 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada
15.2 Regional Representatives
EU Representative: Nichita Bobu, [email protected]
UK Representative: Nichita Bobu, [email protected]
15.3 Regulatory Complaints
You have the right to file complaints with relevant privacy authorities:
- EU/UK: Local Data Protection Authorities
- Canada: Office of the Privacy Commissioner
- California: California Privacy Protection Agency
16.1 Conflict Resolution
In case of conflicts between this Policy and local privacy laws, the more protective provision shall apply.
16.2 Severability
If any provision of this Policy is deemed invalid, the remaining provisions remain in full effect.
16.3 Governing Law
This Policy is governed by the laws of Alberta, Canada, except where superseded by applicable privacy laws.
This Privacy Policy is effective as of August 19, 2025 and was last updated on August 19, 2025.
This Privacy Policy has been designed to comply with GDPR, PIPEDA, CCPA/CPRA, and other applicable privacy laws. However, legal requirements may vary and change over time. We recommend consulting with qualified legal counsel to ensure full compliance with all applicable laws in your specific circumstances.
Privacy Policy
Effective Date: August 19, 2025
Last Updated: August 19, 2025