Privacy Policy

1. Information we collect

We collect the minimum information needed to operate the Service for you. Categories:

— Account information: email address, name, and any additional details you provide during registration or in your profile.

— Authentication data: hashed passwords, or OAuth identifiers from providers you connect (Google, LinkedIn, Microsoft).

— Usage information: pages visited, features used, and similar telemetry — collected only when you have given analytics consent through our cookie banner.

— Content: data, files, and other material you create or upload within P3Analytica applications.

— Communications: messages you send to our support channels or that we exchange with you about your account.

— Technical data: IP address, browser type, device information — collected as needed for security and service operation.

2. How we use information

We use personal information to:

— provide, maintain, and improve the Service; — authenticate you and secure your account; — communicate with you about service updates, security alerts, and your account; — understand product usage and improve the Service (only with your analytics consent); — comply with legal obligations and enforce our Terms of Engagement; — prevent fraud, abuse, and unauthorized access.

We do not sell your personal information. We do not use your content to train artificial intelligence or machine learning models without your explicit consent, whether those models are operated by us or by third parties on our behalf.

3. Legal basis

In Canada, we process your personal information based on your consent under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws including Quebec's Law 25. Consent may be express (e.g., creating an account, opting in to analytics) or implied (e.g., using the Service for its intended purpose). You may withdraw consent at any time, subject to legal or contractual restrictions.

4. Cookies and similar technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and (with your consent) measure usage. Essential cookies are always active; analytics and marketing cookies require your consent.

For a full inventory and to change your preferences at any time, visit our Cookie Policy at /legal/cookies.

5. Sharing and disclosure

We share personal information with:

— Service providers acting on our behalf, under contract (see section 12 for the current list); — Legal authorities when required by applicable law, valid legal process, or to protect rights, property, and safety; — In the context of a business transfer (merger, acquisition, asset sale), with notice to you; — With your consent or at your direction.

We do not sell, rent, or trade your personal information.

6. Where your data is stored

P3Analytica services are hosted on Supabase, with infrastructure operated by Amazon Web Services in the us-west-2 region (Oregon, United States). When you use the Service, your personal information is processed and stored in the United States.

We have entered into a Data Processing Agreement with Supabase that contractually requires comparable protection to Canadian privacy law standards. Information stored in the United States may, however, be subject to United States law, including legal processes that may compel disclosure to United States authorities.

By using the Service, you acknowledge and consent to this cross-border transfer. If you have questions about this transfer, contact our Privacy Officer using the details in section 14.

7. Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular review of our security practices.

No system is perfectly secure. If we become aware of a personal information breach that creates a real risk of significant harm, we will notify affected users and the relevant authorities as required by applicable law.

8. Data retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account or request deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law (for example, tax records) or necessary for the establishment, exercise, or defence of legal claims.

Backups containing your information may persist for up to 90 days after deletion as part of our standard backup rotation; these backups are not used for any other purpose.

9. Your rights

Under PIPEDA and applicable provincial laws, you have the right to:

— Access the personal information we hold about you; — Request correction of inaccurate personal information; — Request deletion of your personal information (subject to legal retention obligations); — Receive a copy of your personal information in a structured, machine-readable format (data portability); — Withdraw consent at any time; — Make a complaint to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial regulator (in Quebec, the Commission d'accès à l'information).

To exercise any of these rights, contact our Privacy Officer at privacy@p3analytica.com. We will respond within 30 days.

10. Children's privacy

The Service is not directed at children under the age of 14. We do not knowingly collect personal information from children under 14 without verifiable parental consent. If you believe we have collected information from a child without consent, contact us and we will delete it.

11. Automated decisions and AI features

Some Service features use artificial intelligence (AI), including AI models operated by third-party providers such as Anthropic. These features assist you with tasks; they do not make decisions that produce legal or similarly significant effects on you without your explicit involvement.

We do not use your content to train AI or machine learning models without your explicit consent. Our AI providers have committed contractually not to use customer data for training their models.

12. Third-party service providers

We rely on the following service providers, each bound by data processing agreements:

— Supabase (data hosting, authentication, database) — supabase.com/privacy — Vercel (web hosting, content delivery) — vercel.com/legal/privacy-policy — Anthropic (AI features) — anthropic.com/legal/privacy — Vercel Analytics + Speed Insights (only with your analytics consent) — vercel.com/legal/privacy-policy

This list may evolve as we add or change providers. Material changes will be communicated under section 13.

13. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email (if you have an account) or by prominent notice on the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact us

Questions, requests, or concerns about your privacy? Contact our Privacy Officer:

Pooria Sedigh Privacy Officer, P3Analytica privacy@p3analytica.com

We respond within 30 days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy regulator.