Privacy Notice

We collect only the necessary personal information from you, such as:

• Information needed for product purchases
• Your name, email address, company, and contact information
• Information about your business when completing assessments
• Feedback you have provided from any services offered
• Correspondence you have with us
• Your social media accounts if you interact with us on our profiles
• Technical information such as your IP address and browser when using our site
• Your local computer information when you engage us for remote support services
• Information related to or required by a professional service we are providing you

We collect data when you (or your employer):

• Book a meeting with us through our scheduler
• Complete an assessment with us
• Contact us via email, ticket tracking, phone, or website
• Connect, contact, or follow us on social media
• Sign up for our newsletter
• Engage us for services or log a ticket
• Attend our events
• Browse our website or log tickets
• Purchase products through our reseller partnerships
• Enroll in our online courses

We only process your data:

• Where we are required to do so by law
• Where you have provided consent for us to do so (such as for marketing and updates)
• Where we are pursuing a contractual agreement for tickets, services, courses, or products
• Where there is a legitimate interest to do so, such as improving our offerings or securing your data

Depending on the circumstance, we process your data to:

• Comply with legal obligations
• Communicate with you
• Manage our relationship
• Keep you up to date with services and offerings
• Provide services you requested
• Improve our service offerings
• Manage product purchases and affiliate agreements
• Refer you to partners and associates if requested
• Use AI-assisted tools to support drafting of advisory deliverables and technical outputs

Some of our services may require sharing with another partner. As such, we may share your data with:

• Technology vendors whose products you purchase as part of our professional services
• Additional subject matter experts that we need to engage (with your consent) for the services you have hired us for
• Legal or regulatory authorities when required

To run our business, we make use of several reputable technology and professional service providers who may be sub-processors of your information. We will always ensure that these service providers are bound by contractual agreements that ensure implementing security safeguards. These service providers include:

In some circumstances, you may be engaging directly with a partner of ours. In these cases, you will need to review the affiliate partner or technology vendor's privacy notice for more information.

We are resellers or partners for: 1Password, AltitudeSync (Acronis), and Sendmarc.

We keep your data only for as long as necessary — typically for the duration of service and any applicable legal retention periods that apply to the information.

If your service agreement with us reaches its natural conclusion or is terminated for any reason, we will retain your information for one year after termination unless otherwise instructed, in order for you to re-engage us for additional services without hassle or rework.

We may retain information for longer should you provide consent for us to do so or where the information has been anonymised and you are no longer able to be identified.

Depending on your location and jurisdiction, you have rights under data protection laws that may include:

• Accessing the data we hold about you
• Requesting corrections or deletions
• Restricting or objecting to certain data processing
• Portability (transferring your data elsewhere)

If you'd like to exercise any of these rights and put in a request to do so, please use the form on this page or our contact form to do so.

Data security is of paramount importance to us. We make sure that supplementary security measures are in place for all of our systems, and follow good practice in terms of password management, using reputable providers, and keeping access limited to those who are authorised. Should you wish to find out more about our security practices, please reach out using the form on this page.

Your information may be stored and processed outside of the country or region where it was originally collected. Some of these countries may offer fewer rights regarding your personal information than you have in your country of residence. We ensure that we enter into agreements with all service providers to ensure that appropriate safeguards are in place at all times. Wherever possible, we try to host your information with service providers in Canada, the UK, or the EU.

Our website, ticket tracking system, and landing pages make use of cookies and other forms of tracking. In all cases, we provide notice and choices for managing them. Please click on the appropriate cookie banner to manage your consent preferences.

You'll only receive marketing communications if you've opted in. You can change your preferences anytime by selecting the opt-out link at the bottom of communications. You are also welcome to use the contact form on this page to exercise your right to opt out of marketing communications.

In some instances, communications are not commercial in nature and may be a required part of our engagement. In these cases, you are not able to opt out automatically. Please contact us directly if you have a concern about service-related messages.

We may update this notice from time to time. Any changes will be posted here. This notice was last updated on the 6th of March, 2026.