PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy ("Policy") describes how Crownwell Advisory Inc. ("Company," "we," "us," or "our") collects, uses, processes, stores, shares, and protects personal information in connection with our artificial intelligence services, software, platforms, and related offerings (collectively, the "Services").

 

This Policy applies to all users of our Services, including clients, website visitors, and any individuals whose personal information we process in connection with our business operations. We are committed to protecting your privacy and complying with applicable data protection laws, including:

 

The General Data Protection Regulation (GDPR) and UK GDPR

The Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws in Canada

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Other applicable US state and federal privacy laws

Data Controller Information:

 

Company Name: Crownwell Advisory Inc.

Address: 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada

Email: [email protected]

Phone: 403-667-7245

EU Representative: Nichita Bobu, [email protected]

UK Representative: Nichita Bobu, [email protected]

2. PERSONAL INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account and Profile Information:

Name, email address, phone number, job title, company name

Username, password, and account preferences

Profile photos or avatars

Billing and payment information (processed through third-party payment processors)

Communication Information:

Messages, inquiries, and correspondence with us

Feedback, reviews, and survey responses

Support ticket information and chat logs

Marketing preferences and communication consents

Service-Related Information:

AI model inputs, prompts, and queries you submit

Content you upload, generate, or process through our Services

Project details, configurations, and custom settings

Integration and API usage data

2.2 Information Automatically Collected

Technical Information:

IP address, device identifiers, and browser information

Operating system, device type, and technical specifications

Log files, error reports, and diagnostic information

Network connection details and geographic location data

Usage Analytics:

 Pages visited, features used, and time spent on Services

Click patterns, navigation paths, and user interactions

API calls, processing requests, and system performance metrics

Session duration, frequency of use, and access patterns

Cookies and Tracking Technologies:

 Essential cookies for Service functionality

Analytics cookies for performance monitoring

Preference cookies for personalization

Marketing cookies (with consent where required)

2.3 Information from Third Parties

Integration Partners:

Data received through authorized API integrations

Information from connected third-party services

Enterprise directory information (with appropriate authorization)

Public Sources:

 Publicly available business information

Professional networking platforms (where permitted)

Industry databases and directories

3. LEGAL BASIS FOR PROCESSING (GDPR/UK GDPR)

We process personal information based on the following legal grounds:

 

Consent (Article 6(1)(a)):

Marketing communications (where consent is required)

Non-essential cookies and tracking

Processing sensitive personal data (where applicable)

Contract Performance (Article 6(1)(b)):

Providing Services to clients

Account creation and management

Payment processing and billing

Customer support and service delivery

Legitimate Interests (Article 6(1)(f)):

Service improvement and development

Security monitoring and fraud prevention

Analytics and performance optimization

Business communications and relationship management

Legal Obligation (Article 6(1)(c)):

Compliance with applicable laws and regulations

Tax and financial reporting requirements

Data retention obligations

Vital Interests (Article 6(1)(d)):

Emergency situations requiring immediate action

Public Task (Article 6(1)(e)):

Compliance with regulatory requirements

4. HOW WE USE PERSONAL INFORMATION

4.1 Service Provision

Delivering, operating, and maintaining our AI Services

Processing AI model requests and generating responses

Managing user accounts and authentication

Providing customer support and technical assistance

Facilitating integrations with third-party platforms

4.2 Business Operations

Processing payments and managing billing

Conducting business analytics and performance monitoring

Improving and developing new Services and features

Maintaining security and preventing fraud

Complying with legal and regulatory requirements

4.3 Communications

Sending service-related notifications and updates

Providing customer support and responding to inquiries

Delivering marketing communications (with appropriate consent)

Conducting surveys and collecting feedback

4.4 Legal and Security

Protecting against fraud, abuse, and security threats

Enforcing our Terms of Service and other policies

Complying with legal obligations and regulatory requirements

Defending legal claims and protecting our rights

5. AI-SPECIFIC DATA PROCESSING

5.1 Training Data

We may use aggregated, anonymized data to improve our AI models

Personal information is not used for model training without explicit consent

We implement data minimization principles in model development

Training processes comply with applicable privacy laws

5.2 Model Inputs and Outputs

User inputs to AI models are processed to generate responses

We may temporarily store inputs for processing optimization

Outputs are generated based on model parameters and user inputs

We implement safeguards to prevent unauthorized data exposure

5.3 Automated Decision-Making

Our Services may involve automated processing and decision-making

Users have rights regarding automated decision-making under GDPR

We provide mechanisms for human review where legally required

Profiling activities are conducted in compliance with applicable laws

6. SHARING AND DISCLOSURE

6.1 Service Providers and Partners

We may share personal information with:

- Cloud hosting and infrastructure providers

- Payment processors and financial institutions

- Customer support and communication platforms

- Analytics and monitoring service providers

- Security and fraud prevention services

6.2 Business Transfers

In connection with mergers, acquisitions, or asset sales, personal information may be transferred to the acquiring entity, subject to appropriate privacy protections.

 

6.3 Legal Requirements

We may disclose personal information when required by law, including:

- Court orders, subpoenas, and legal processes

- Government investigations and regulatory inquiries

- Emergency situations involving public safety

- Enforcement of our Terms of Service

6.4 Consent-Based Sharing

We may share information with third parties when you provide explicit consent for such sharing.

 

7. INTERNATIONAL DATA TRANSFERS

7.1 Cross-Border Transfers

We may transfer personal information across international borders to provide our Services. Such transfers are conducted in accordance with applicable data protection laws.

 

7.2 GDPR Transfer Mechanisms

For transfers from the EEA/UK, we implement appropriate safeguards:

- Standard Contractual Clauses (SCCs)

- Adequacy decisions by the European Commission

- Binding Corporate Rules (where applicable)

- Additional technical and organizational measures

7.3 Canadian Transfer Requirements

For transfers from Canada, we ensure appropriate protection through:

- Contractual commitments with recipients

- Assessment of recipient country privacy laws

- Implementation of additional safeguards where necessary

8. DATA RETENTION

8.1 Retention Principles

We retain personal information only as long as necessary for:

- Fulfilling the purposes for which it was collected

- Complying with legal and regulatory requirements

- Defending legal claims and protecting our interests

- Providing ongoing Services to users

8.2 Specific Retention Periods

- Account information: Duration of account plus 7 years

- Service usage data: 3 years from collection

- Communication records: 7 years from last interaction

- Payment information: As required by financial regulations

- Marketing data: Until consent is withdrawn or 3 years of inactivity

8.3 Secure Deletion

Upon expiration of retention periods, we securely delete or anonymize personal information using industry-standard methods.

 

9. SECURITY MEASURES

9.1 Technical Safeguards

Encryption of data in transit and at rest

Multi-factor authentication and access controls

Regular security assessments and penetration testing

Intrusion detection and monitoring systems

Secure software development practices

9.2 Organizational Measures

Privacy and security training for employees

Incident response and breach notification procedures

Regular policy reviews and updates

Third-party security assessments

Data minimization and purpose limitation practices

9.3 AI-Specific Security

Model security and prompt injection prevention

Output filtering and content moderation

Bias detection and mitigation measures

Adversarial attack protection

10. YOUR PRIVACY RIGHTS

10.1 GDPR/UK GDPR Rights (EEA/UK Residents)

Right of Access: Request copies of your personal information

Right of Rectification: Correct inaccurate personal information

Right of Erasure: Request deletion of personal information

Right to Restrict Processing: Limit how we process your information

Right to Data Portability: Receive your information in a portable format

Right to Object: Object to certain types of processing

Rights regarding Automated Decision-Making: Human review of automated decisions

Right to Withdraw Consent: Withdraw consent for consent-based processing

10.2 CCPA/CPRA Rights (California Residents)

Right to Know: Information about data collection and use

Right to Delete: Request deletion of personal information

Right to Correct: Correct inaccurate personal information

Right to Opt-Out: Opt out of sale/sharing of personal information

Right to Limit Use of Sensitive Information: Limit use of sensitive data

Right to Non-Discrimination: Equal treatment regardless of privacy choices

10.3 PIPEDA Rights (Canadian Residents)

Right of Access: Request access to personal information

Right to Challenge Accuracy: Correct inaccurate information

Right to Withdraw Consent: Withdraw consent where applicable

Right to File Complaints: Lodge complaints with privacy commissioners

10.4 Exercising Your Rights

To exercise your privacy rights:

Email: [email protected]

Phone: 403-667-7245

Mail: Crownwell Advisory Inc., 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada

We will respond to requests within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

 

11. CHILDREN'S PRIVACY

11. CHILDREN'S PRIVACY

Our Services are not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly and terminate the associated account.

 

12. CALIFORNIA-SPECIFIC DISCLOSURES

12.1 Categories of Personal Information

[Include detailed CCPA categories and disclosures]

 

12.2 Sale and Sharing

We do not sell personal information in the traditional sense. We may share information for targeted advertising, which may constitute "sharing" under CCPA.

 

12.3 Sensitive Personal Information

We limit the use of sensitive personal information to necessary business purposes and services requested by consumers.

 

13. COOKIES AND TRACKING

13.1 Cookie Types

Strictly Necessary: Essential for Service functionality

Performance: Analytics and optimization

Functional: Preferences and personalization

Targeting: Marketing and advertising (with consent)

13.2 Cookie Management

Users can manage cookie preferences through:

- Browser settings and controls

- Our cookie preference center

- Opt-out mechanisms for marketing cookies

13.3 Do Not Track

We respond to Do Not Track signals and similar mechanisms as required by applicable law.

 

14. UPDATES TO THIS POLICY

We may update this Privacy Policy periodically. Material changes will be communicated through:

- Email notifications to registered users

- Prominent notices on our website

- In-app notifications where applicable

- The "Last Updated" date indicates when changes were made. Continued use of our Services after updates constitutes acceptance of the revised Policy.

 

15. CONTACT INFORMATION

15.1 Privacy Officer/Data Protection Officer

Nichita Bobu, CEO & Privacy Officer

Email: [email protected]

Phone: 403-667-7245

Address: Crownwell Advisory Inc., 1572 Evergreen Hill SW, Calgary, Alberta, T2Y 2R7, Canada

 

15.2 Regional Representatives

EU Representative: Nichita Bobu, [email protected]

UK Representative: Nichita Bobu, [email protected]

 

15.3 Regulatory Complaints

You have the right to file complaints with relevant privacy authorities:

- EU/UK: Local Data Protection Authorities

- Canada: Office of the Privacy Commissioner

- California: California Privacy Protection Agency

16. ADDITIONAL TERMS

16.1 Conflict Resolution

In case of conflicts between this Policy and local privacy laws, the more protective provision shall apply.

 

16.2 Severability

If any provision of this Policy is deemed invalid, the remaining provisions remain in full effect.

 

16.3 Governing Law

This Policy is governed by the laws of Alberta, Canada, except where superseded by applicable privacy laws.

This Privacy Policy is effective as of August 19, 2025 and was last updated on August 19, 2025.

 

This Privacy Policy has been designed to comply with GDPR, PIPEDA, CCPA/CPRA, and other applicable privacy laws. However, legal requirements may vary and change over time. We recommend consulting with qualified legal counsel to ensure full compliance with all applicable laws in your specific circumstances.

Privacy Policy

Effective Date: August 19, 2025

Last Updated: August 19, 2025

© 2025 Crownwell Advisory Inc. All Rights Reserved.