Privacy Policy

1 Introduction

Opcelerate Neural Inc. ("Company") is committed to protecting the personal information of our clients, users, employees, and partners. This Privacy Policy describes how we collect, use, disclose, and protect personal information in compliance with the Personal Information Protection Act (PIPA), S.A. 2003, c. P-6.5 and, where applicable, the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5.

This Policy applies to: (a) our website at [URL]; (b) all Opcelerate Neural software products and SaaS platforms; (c) our business operations, including client, employee, and contractor relationships.

2 Definitions

• "Personal Information" means information about an identifiable individual, as defined in Section 1(1)(k) of PIPA, excluding business contact information used for business purposes (Section 1(1)(a) of PIPA).
• "Consent" means voluntary agreement to the collection, use, or disclosure of personal information for a stated purpose.
• "Client Data" means data uploaded to or processed through our Services by clients, which may include personal information.
• "Services" means all software products, platforms, and related services provided by the Company.

3 Information We Collect

3.1 Information You Provide

• Contact information (name, email address, phone number, business address)
• Account registration details (username, password hash)
• Billing information (company name, billing address, payment method details)
• Communications (support tickets, emails, meeting notes)
• Employment/contractor application information (resume, qualifications, references)

3.2 Information Collected Automatically

• Device information (browser type, operating system, IP address)
• Usage data (pages visited, features used, time spent, click patterns)
• Log data (access times, error logs, API call records)
• Cookies and similar tracking technologies (see Section 8)

3.3 Information from Third Parties

• Business information from publicly available sources
• Reference information from designated referees during recruitment
• Integration data from connected third-party platforms (with client authorization)

3.4 Client Data

Our clients may upload data to our Services that contains personal information of third parties (e.g., employee safety records, procurement contacts). We process this data as a service provider on behalf of the client. The client remains the data controller and is responsible for ensuring lawful collection and consent.

4 How We Use Personal Information

We use personal information for the following purposes, as permitted under PIPA Section 16:

1. Service delivery — to provide, maintain, and improve our software products and platforms
2. Account management — to create and manage your account, authenticate users, and process subscriptions
3. Billing — to process payments, issue invoices, and manage accounts receivable
4. Communications — to respond to inquiries, provide technical support, and send service-related notifications
5. AI/ML training — to improve our artificial intelligence models and algorithms using aggregated and de-identified data only (never Client Data without explicit consent)
6. Security — to detect, prevent, and address fraud, abuse, and security threats
7. Compliance — to comply with legal obligations, enforce our terms of service, and protect our legal rights
8. Business operations — to manage employment and contractor relationships, including payroll, benefits, and tax reporting
9. Analytics — to understand usage patterns and improve user experience using aggregated, non-identifiable data

5 Consent

5.1 Obtaining Consent

We obtain consent before or at the time of collecting personal information. Consent may be express (written, oral, or electronic) or implied (from your conduct), depending on the sensitivity of the information and the reasonable expectations of the individual (PIPA, Section 8).

5.2 Deemed Consent

Consent is deemed given for: (a) personal information collected as part of an employment or contractor relationship; (b) business contact information used for business purposes; and (c) information necessary for the completion of a transaction you initiated.

5.3 Withdrawal of Consent

You may withdraw consent at any time by contacting our Privacy Officer (Section 13), subject to legal or contractual obligations. Withdrawal of consent may limit our ability to provide certain Services. We will inform you of the consequences of withdrawal.

6 Disclosure of Personal Information

6.1 Authorized Disclosures

We may disclose personal information to:

1. Service providers — third-party vendors who assist in service delivery (cloud hosting, payment processing, email services), subject to contractual confidentiality and data protection obligations
2. Professional advisors — lawyers, accountants, and auditors, as necessary
3. Business transfers — in connection with a merger, acquisition, or sale of assets, with prior notice to affected individuals
4. Legal requirements — when required by law, court order, or regulatory authority (PIPA, Section 20)

6.2 No Sale of Personal Information

We do not sell, rent, or trade personal information to third parties for marketing or advertising purposes.

6.3 International Transfers

Personal information may be transferred to service providers located outside Alberta or Canada. We ensure comparable levels of protection through contractual safeguards. Currently, our primary service providers are located in Canada.

7 Data Retention

7.1 Retention Periods

• Client account data: duration of the business relationship + 3 years
• Client Data: 30 days after account termination (data export available)
• Billing records: 7 years (per Income Tax Act requirements)
• Employment records: duration of employment + 3 years
• Website analytics: 26 months (aggregated/anonymized)
• Support communications: 2 years from resolution

7.2 Destruction

When personal information is no longer required, we securely destroy or de-identify it using industry-standard methods (secure deletion, cryptographic erasure, or physical destruction as appropriate).

8 Cookies & Tracking Technologies

8.1 Types of Cookies

• Essential cookies: Required for platform functionality (session management, authentication, security). Cannot be disabled.
• Analytics cookies: Help us understand usage patterns (page views, feature adoption). Can be disabled.
• Preference cookies: Remember your settings (theme, language, dashboard layout). Can be disabled.

8.2 Managing Cookies

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.

9 Security Safeguards

We implement appropriate technical and organizational safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction (PIPA, Section 34). These include:

• Encryption at rest (AES-256) and in transit (TLS 1.2+)
• Role-based access controls with principle of least privilege
• Multi-factor authentication for administrative access
• Regular security assessments and vulnerability scanning
• Secure development practices and code review
• Employee security awareness training
• Incident response procedures
• Regular data backups with encryption

10 Your Rights

Under PIPA, you have the right to:

1. Access — request access to your personal information held by us (PIPA, Section 24)
2. Correction — request correction of inaccurate or incomplete personal information (PIPA, Section 25)
3. Withdrawal — withdraw your consent, subject to legal or contractual restrictions
4. Complaint — file a complaint with our Privacy Officer or the Office of the Information and Privacy Commissioner of Alberta (OIPC)

Access requests must be submitted in writing and will be responded to within 45 days (PIPA, Section 28). We may charge a reasonable fee for access requests that are manifestly unfounded or excessive.

11 AI & Automated Decision-Making

11.1 Use of AI

Our Services incorporate artificial intelligence and machine learning for: procurement analysis, safety prediction, data integration, and document processing. AI systems process Client Data solely to generate outputs requested by the client.

11.2 Human Oversight

AI-generated outputs are provided as recommendations, not autonomous decisions. All significant business decisions remain under human control. We do not use fully automated decision-making that produces legal or similarly significant effects on individuals without human review.

11.3 Model Training

We do not use individual Client Data to train our AI models without explicit written consent. Model improvements are derived from aggregated, anonymized, and de-identified data sets.

12 Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will promptly delete it.

13 Contact & Complaints

13.1 Privacy Officer

For questions, access requests, or complaints regarding this Privacy Policy, contact:

Privacy Officer
Opcelerate Neural Inc.
[ADDRESS], Alberta, Canada
Email: [privacy@opcelerate.com]
Phone: [PHONE]

13.2 OIPC Complaints

If you are unsatisfied with our response, you may file a complaint with the:

Office of the Information and Privacy Commissioner of Alberta
#410, 9925 – 109 Street NW
Edmonton, Alberta T5K 2J8
Phone: 780-422-6860
Toll-free: 1-888-878-4044
Website: www.oipc.ab.ca

14 Changes to This Policy

We may update this Privacy Policy from time to time. The revised policy will be posted on our website with an updated "Effective Date." Material changes will be communicated via email to registered users and clients not less than 30 days before taking effect. Continued use of the Services constitutes acceptance of the revised policy.