Privacy Policy
Data governance โ architecture review framework
SynthFlux ("we," "us," or "our") operates the website synthflux.pro and provides generative AI synthesis platform services from our headquarters at 141 Adelaide Street West, Suite 1201, Toronto, ON M5H 3L5, Canada. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
1. Accountability
SynthFlux is accountable for all personal information under our control. We have designated a privacy officer responsible for compliance with this policy. You may contact our privacy officer at [email protected] or by mail at the address above. Our business number is BN 891472635ON0001.
We ensure that third parties processing personal information on our behalf maintain comparable privacy protections through contractual agreements and regular audits.
2. Identifying Purposes
We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. The primary purposes for which we collect personal information include:
- Responding to enquiries submitted through our contact form or email
- Processing programme registrations and services engagement requests
- Delivering training programmes and professional services to clients
- Maintaining client and participant records for the duration of engagements
- Improving our website and services through aggregated analytics
- Complying with legal and regulatory obligations
- Communicating updates about our services where consent has been provided
We will identify the purposes for collection at or before the time personal information is collected. If we intend to use personal information for a new purpose not previously identified, we will obtain your consent before such use unless otherwise permitted by law.
3. Consent
Knowledge and consent are required for the collection, use, and disclosure of personal information, except where inappropriate or permitted by law. Consent may be express or implied depending on the sensitivity of the information and the reasonable expectations of the individual.
When you submit our contact form, you provide express consent by checking the PIPEDA consent checkbox. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide services to you.
For programme participants, consent is obtained during registration. For services clients, consent is addressed in engagement contracts and data processing agreements.
4. Limiting Collection
We collect only personal information that is necessary for the identified purposes. The types of personal information we may collect include:
- Contact information: name, email address, phone number, organisation name
- Communication content: messages submitted through contact forms or email
- Technical information: IP address, browser type, device information, pages visited
- Programme records: attendance, assessment results, certification status
- Billing information: invoicing details for programme and services clients
We do not collect sensitive personal information such as health data, financial account numbers, or government-issued identification numbers through our website contact form.
5. Limiting Use, Disclosure, and Retention
Personal information is used and disclosed only for the purposes for which it was collected, unless you provide additional consent or the use or disclosure is required or authorised by law.
We may disclose personal information to:
- Service providers who assist with website hosting, email delivery, and analytics, bound by confidentiality obligations
- Professional advisors including lawyers and accountants, under privilege where applicable
- Government authorities when required by law, court order, or regulatory request
- Successors in the event of a merger, acquisition, or sale of assets, with continued protection of your information
We do not sell personal information to third parties. We do not share personal information with model providers or AI platforms except as necessary to deliver contracted services, and only under data processing agreements.
Retention periods vary by information type. Contact form submissions are retained for twenty-four months unless an engagement relationship is established. Client and programme records are retained for seven years following the end of the engagement to meet legal and professional obligations. Technical logs are retained for twelve months.
6. Accuracy
We make reasonable efforts to ensure that personal information is accurate, complete, and up to date for the purposes for which it is used. You may request correction of inaccurate personal information by contacting [email protected]. We will amend records as appropriate and notify third parties to whom incorrect information was disclosed, where feasible.
7. Safeguards
We protect personal information with security safeguards appropriate to the sensitivity of the information. Measures include:
- Transport Layer Security (TLS) encryption for all website communications
- Access controls limiting personal information to authorised personnel on a need-to-know basis
- Encrypted storage for client engagement data and programme records
- Regular security assessments of our infrastructure and third-party providers
- Employee privacy training and confidentiality agreements
- Incident response procedures for suspected data breaches
Despite our safeguards, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and the Privacy Commissioner of Canada of breaches posing a real risk of significant harm, as required by PIPEDA.
8. Openness
We make information about our privacy policies and practices readily available on this page. Our privacy officer is available to answer questions about our information handling practices. This policy is reviewed annually and updated as needed to reflect changes in our practices or applicable law.
9. Individual Access
You have the right to request access to personal information we hold about you. Upon written request to [email protected], we will provide access within thirty days, subject to limited exceptions permitted by law such as information protected by solicitor-client privilege or information about another individual.
Access requests should include sufficient detail to identify the information sought. We may request verification of identity before processing requests. If we deny access, we will provide written reasons and information about your right to challenge the decision.
10. Challenging Compliance
If you believe we have not complied with this Privacy Policy or PIPEDA, you may contact our privacy officer at [email protected]. We will investigate all complaints and respond within thirty days. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
11. Cookies and Tracking
Our website uses cookies and similar technologies as described in our Cookie Policy. You may manage cookie preferences through our cookie banner or browser settings.
12. International Transfers
Our website may be hosted on servers located outside Canada. When personal information is transferred internationally, we ensure comparable protection through contractual safeguards and by selecting providers with robust privacy programmes. Primary client data for services engagements is processed within Canada unless otherwise agreed in writing.
13. Children's Privacy
Our services are directed at business professionals and organisations. We do not knowingly collect personal information from individuals under eighteen years of age. If we become aware that we have collected information from a minor, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.
15. Automated Decision-Making
SynthFlux does not use personal information collected through our website to make automated decisions that produce legal or similarly significant effects on individuals. Generative AI systems deployed during client services engagements operate on client-provided data under separate contractual terms and are not used to profile website visitors.
If we introduce automated decision-making processes in the future that affect individuals, we will update this policy, provide meaningful information about the logic involved, and offer an opportunity to contest decisions where required by law.
16. Data Processing for Services Clients
When SynthFlux delivers professional services or training programmes, we may process personal information on behalf of clients acting as a service provider. In such cases, the client remains the data controller and SynthFlux acts as a data processor under the terms of a data processing agreement.
Processor obligations include processing data only on documented instructions, ensuring personnel confidentiality, implementing appropriate security measures, assisting with data subject access requests, and deleting or returning data upon engagement completion. Sub-processors are engaged only with client consent or general authorisation and remain bound by equivalent protections.
Client data used in synthesis pipeline development is isolated in dedicated environments, never commingled across clients, and deleted according to contractual retention schedules unless archival is required for compliance purposes.
17. Contact
For privacy-related enquiries, contact:
SynthFlux Privacy Officer
141 Adelaide Street West, Suite 1201
Toronto, ON M5H 3L5
Email: [email protected]
Phone: +1 (343) 555-1947