PRIVACY POLICY

Credit River AI Last Updated: September 28, 2025

Effective Date: October 1, 2025

This Privacy Policy describes how Credit River AI (the "Site," "we," "us," or "our") collects, uses, and discloses your personal information when you visit, use our consulting services, or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a prospective client, website visitor, or another individual whose information we have collected.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date, and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information," we are referring to information that identifies, relates to, describes, or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You (Via Contact Form)

Information that you directly submit to us through our Services includes:

  • Basic Contact Details: Your name, email address, and telephone number.

  • Inquiry Details: The information you choose to include in communications with us, detailing your business needs or consultation request.

Information We Collect Automatically (Usage Data)

We automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we use cookies and similar technologies ("Cookies"). Usage Data may include:

  • Technical Information: Device information, browser information, information about your network connection, and your IP address.

  • Activity Information: Information regarding your interaction with the Services, including web pages you view and the time spent on the Site.

Information We Obtain from Third Parties

We may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Service Providers: Companies who support our Site and Services, such as Squarespace (our hosting and core analytics provider).

  • Communication Processors: Providers who process payment information for seminars (if applicable) or manage communication, in order to perform our contract with you.

How We Use Your Personal Information

Category of Information - Personal Identifiers (PII)

  • Responding to Inquiries: To follow up on your consultation request and schedule services.

  • Lead Assessment: To assess the potential fit of your inquiry with our services and regional focus (Ontario).

Legal Basis - Legitimate Interest (Responding to inquiries) and Consent (Submission of the form).

Category of Information - Usage Data

  • Site Improvement: To monitor and analyze website traffic, optimize site performance, and ensure site security.

Legal Basis - Legitimate Interest (Maintaining site function) and Consent (Via cookie banner).

Cookies

Like many websites, we use Cookies on our Site. We use Cookies to power and improve our Site and our Services, to run analytics, and better understand user interaction with the Services (in our legitimate interests to administer, improve, and optimize the Services).

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services to work incorrectly.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances include:

  • Service Providers: With vendors or other third parties who perform services on our behalf (e.g., IT management, customer support, cloud storage, and data analytics providers).

  • Affiliates: With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.

  • Legal Compliance: In connection with a business transaction (such as a merger or bankruptcy), to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

Categories Disclosed in the Past 12 Months (CCPA/CPRA Disclosure)

We have, in the past 12 months disclosed the following categories of personal information for the purposes set out above:

Category of Personal Information

  1. Identifiers (Name, Email, Phone Number, IP address)

  2. Internet or other similar network activity (Usage Data)

Categories of Recipients

  1. Identifiers - Vendors and third parties who perform services on our behalf (Squarespace, email providers, data analytics providers).

  2. Internet or other similar network activity - Vendors and third parties who perform services on our behalf (Squarespace, data analytics providers).

We do not use or disclose sensitive personal information for the purposes of inferring characteristics about you. We do not sell personal information in exchange for monetary compensation.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable. Any information you send to us may not be secure while in transit.

Data Retention

We adhere to the principle of Storage Limitation by retaining data only for as long as necessary to fulfill the purpose for which it was collected:

  • Internet Activity Data: We retain raw Internet Activity data (including IP addresses and visit paths) for a period of up to 26 months. This duration is for annual trend analysis, after which the data is anonymized or securely deleted.

  • Non-Client Inquiries (Leads): We retain the personal identifiers (Name, Email, Phone) for a period of up to three (3) years from the last date of contact for lead nurturing and business development purposes.

  • Client Records: We retain the personal identifiers and communication data of active and former clients for seven (7) years following the conclusion of the contract, as required for tax, accounting, and legal compliance.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

Contact Information and Your Rights

To exercise any of your privacy rights or if you have questions about this policy, please contact:

Credit River AI Attention: Data Privacy Officer

Email: info@creditriverai.ca

Phone: 365-384-3601