
Privacy Policy
Last updated: 3 July 2026
DataBlueprintAI Inc. ("DataBlueprintAI," "we," "us," or "our") is committed to protecting the privacy and security of personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard personal information when you visit our website at datablueprintai.pro, use our platform, enrol in our programs, or engage our professional services.
1. Accountability
DataBlueprintAI is responsible for personal information under our control. We have designated a Privacy Officer who oversees compliance with this policy and PIPEDA. You may contact our Privacy Officer at [email protected] or by mail at 18 York Street, Suite 1400, Toronto, ON M5J 0B4, Canada. Our Privacy Officer is accountable for ensuring that all employees, contractors, and service providers who handle personal information on our behalf understand and comply with this policy.
2. Identifying Purposes
We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. The primary purposes for which we collect personal information include:
- Responding to enquiries submitted through our contact form or email
- Processing program enrolments and service engagement agreements
- Delivering architecture programs, design lab sessions, and professional services
- Managing client accounts and maintaining engagement records
- Issuing invoices, processing payments, and fulfilling contractual obligations
- Sending service-related communications including schedule updates and deliverable notifications
- Improving our website, platform, and service offerings through aggregated analytics
- Complying with legal and regulatory requirements under Canadian law
- Protecting against fraud, unauthorised access, and security threats
We will identify the purposes for collection at or before the time personal information is collected. If we intend to use personal information for a new purpose not previously identified, we will obtain your consent before doing so, unless otherwise permitted by law.
3. Consent
We obtain your knowledge and consent for the collection, use, and disclosure of personal information, except where inappropriate or permitted by law. Consent may be express — such as checking the PIPEDA consent box on our contact form — or implied — such as when you provide your business card during a discovery workshop with the reasonable expectation that we will use your contact information to follow up on the engagement.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to continue providing services to you. To withdraw consent, contact our Privacy Officer at [email protected].
For program participants and service clients, consent for the collection and use of personal information is typically obtained through engagement agreements and enrolment forms that specify the purposes and scope of data processing.
4. Limiting Collection
We limit the collection of personal information to what is necessary for the identified purposes. We collect information by fair and lawful means. The types of personal information we may collect include:
- Contact information: name, email address, phone number, job title, and organisation name
- Account information: username, password (stored in hashed form), and account preferences
- Engagement information: program enrolment details, service scope documents, and communication records
- Technical information: IP address, browser type, device information, and pages visited on our website
- Payment information: billing address and transaction records (payment card details are processed by our payment processor and not stored on our servers)
- Workshop participation data: attendance records, design lab contributions, and capstone project materials
During architecture engagements, we do not require access to your production data. Design lab sessions use synthetic or anonymised datasets. If client-provided data is necessary for a specific engagement, we establish data handling agreements that specify classification, access controls, and retention schedules before any data is transferred.
5. Limiting Use, Disclosure, and Retention
We use and disclose personal information only for the purposes for which it was collected, unless you provide additional consent or the use or disclosure is required or authorised by law. We do not sell personal information to third parties.
We may disclose personal information to:
- Service providers who assist with website hosting, email delivery, payment processing, and analytics, under contractual obligations to protect personal information
- Professional advisors including lawyers and accountants, bound by confidentiality obligations
- Government authorities when required by law, court order, or regulatory inquiry
- Successors in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections
Personal information is retained only as long as necessary to fulfil the identified purposes or as required by law. We review retention schedules annually to ensure data is not kept longer than needed. Contact form submissions are retained for twenty-four months. Client engagement records are retained for seven years following the conclusion of the engagement. Program participation records are retained for three years. Website analytics data is retained in aggregated, anonymised form for up to twenty-six months.
6. Accuracy
We make reasonable efforts to ensure that personal information is accurate, complete, and up to date for the purposes for which it is used. You may request correction of inaccurate or incomplete personal information by contacting our Privacy Officer. We will amend the information as required and, where appropriate, notify third parties to whom the information has been disclosed.
7. Safeguards
We protect personal information with security safeguards appropriate to the sensitivity of the information. These safeguards include:
- Encryption of data in transit using TLS 1.2 or higher for all website and platform communications
- Encryption of sensitive data at rest on our servers and cloud infrastructure
- Role-based access controls limiting employee access to personal information on a need-to-know basis
- Multi-factor authentication for administrative and platform access
- Regular security assessments and vulnerability scanning of our systems
- Employee privacy and security training conducted annually
- Incident response procedures for detecting, reporting, and responding to privacy breaches
Despite our safeguards, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly notifying affected individuals and the Office of the Privacy Commissioner of Canada in the event of a breach creating a real risk of significant harm, as required by PIPEDA.
8. Openness
We make information about our privacy policies and practices readily available. This Privacy Policy is published on our website and is available upon request. Our Privacy Officer can provide additional information about our personal information management practices upon written request.
9. Individual Access
Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide access to that information, subject to limited exceptions permitted by law. We will respond to access requests within thirty days. If we deny an access request, we will provide written reasons and information about how to challenge the decision.
To submit an access request, contact our Privacy Officer at [email protected] with sufficient detail to identify the information sought. We may require verification of your identity before processing the request.
10. Challenging Compliance
You may challenge our compliance with this Privacy Policy by contacting our Privacy Officer. We will investigate all complaints and respond within thirty days. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
11. Cross-Border Data Transfers
Some of our service providers may process personal information in jurisdictions outside Canada, including the United States. When personal information is transferred outside Canada, it may be subject to the laws of the receiving jurisdiction, including lawful access by government authorities. We ensure that cross-border transfers are governed by contractual protections that require equivalent privacy safeguards.
12. Children's Privacy
Our platform, programs, and services are designed for business and professional audiences. We do not knowingly collect personal information from individuals under the age of eighteen. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated through a notice on our website or by email to registered users. Continued use of our website or services after changes constitutes acceptance of the updated policy.
14. Contact Information
For questions, concerns, or requests related to this Privacy Policy or our privacy practices, contact:
Privacy Officer
DataBlueprintAI Inc.
18 York Street, Suite 1400
Toronto, ON M5J 0B4, Canada
Email: [email protected]
Phone: +1 (416) 555-5748
Business Number: BN 847291635ON0001