Privacy Policy
This Privacy Policy explains how Indinuity Inc. ("Indinuity", "we", "us", "our") collects, uses, shares, and protects personal information when you visit indinuity.com (the "Site"), and the rights you have over that information. We are a software studio based in Cambridge, Ontario, Canada.
We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. If you are located in the European Economic Area (EEA) or the United Kingdom, we also handle your information in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR, and the additional rights described in Section 8 apply to you.
1. Who we are (data controller)
Indinuity Inc. is the controller responsible for the personal information processed through the Site. For any privacy question or request, contact us at hello@indinuity.com.
2. Information we collect
We collect only what we need to operate the Site and respond to you:
- Contact form. When you message us, we collect the name, email address, and message you provide.
- Booking a discovery call. Scheduling is handled by Google Calendar Appointment Scheduling; any details you enter there are processed by Google under its own terms and privacy policy.
- Live chat. If you start a chat, the messages you send and basic technical information needed to run the chat are collected and processed by our live-chat provider, Tawk.to, on our behalf.
- Analytics. If you consent, we use privacy-respecting analytics to understand aggregate Site usage (such as pages viewed and approximate region). This is not used to identify you personally.
- Technical & log data. Our servers automatically record standard request information (such as IP address, browser type, and timestamps) for security, reliability, and abuse prevention.
We do not knowingly collect special categories of personal data (such as health, biometric, or political data) through the Site, and we ask that you not send such information via the contact form.
3. How we use your information, and our legal bases
We use your information to: respond to your enquiries; arrange and conduct discovery calls; operate, secure, and maintain the Site; protect against fraud and abuse; and, where you have consented, measure aggregate Site usage. We do not sell your personal information, and we do not use it for advertising profiling.
If you are in the EEA or UK, our legal bases for processing are:
- Consent — for analytics cookies and any optional processing; you may withdraw consent at any time (see Section 4 and Section 8).
- Legitimate interests — to respond to enquiries you send us, to keep the Site secure, and to prevent abuse, balanced against your rights and freedoms.
- Legal obligation — where we must process information to comply with the law.
4. Cookies & consent
We use a small number of essential cookies required for the Site to function. Analytics are loaded only if you choose "Accept" on the cookie notice shown on your first visit — if you "Decline", no analytics are loaded or run. Your choice is stored in your browser's local storage, and you can change it at any time using the Cookies link in the footer, or by clearing your browser storage. Essential cookies cannot be turned off, as the Site cannot function without them.
5. Sharing your information
We do not sell or trade your personal information. We share limited information with trusted service providers only as needed to operate the Site, and only under contracts that require them to protect it:
- Email delivery — to send and receive contact-form messages.
- Google reCAPTCHA — to protect the contact form from abuse; subject to Google's Privacy Policy and Terms of Service.
- Google Calendar — to schedule discovery calls.
- Tawk.to — to provide the live-chat widget; chat messages are processed under Tawk.to's own privacy policy.
- Analytics provider — if you consent, to measure aggregate Site usage.
- Hosting & infrastructure — DigitalOcean (servers and database) and Amazon S3 / CloudFront (static asset distribution only).
We may also disclose information if required by law, or to protect our rights, safety, or property and those of others.
6. Where your information is processed (international transfers)
Our application servers and database are hosted on DigitalOcean infrastructure located in Canada, so your information is stored and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection under PIPEDA for transfers of personal data from the EEA. We use Amazon S3 and Amazon CloudFront only to store and distribute the Site's static assets (images, stylesheets, and scripts); these assets do not contain personal information. Some third-party services we rely on (see Section 5) — such as email delivery and Google reCAPTCHA — may process limited data on servers outside Canada, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) as required by applicable law.
7. Data retention
We keep personal information only as long as necessary for the purposes described in this Policy — for example, we retain contact-form messages for as long as needed to address your enquiry and for reasonable follow-up — after which it is deleted or anonymized, unless a longer period is required by law.
8. Your rights
Subject to applicable law, you have the right to request access to, and correction of, the personal information we hold about you, and to withdraw consent where processing is based on consent. To exercise any right, contact us at hello@indinuity.com; we may need to verify your identity before responding.
If you are in the EEA or the UK, you also have the right to: rectification of inaccurate data; erasure ("right to be forgotten"); restriction of processing; data portability; and to object to processing carried out on the basis of our legitimate interests. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
You also have the right to lodge a complaint with a supervisory authority. In Canada, that is the Office of the Privacy Commissioner of Canada (priv.gc.ca); in the UK, the Information Commissioner's Office (ico.org.uk); in the EEA, your local data protection authority.
9. Data security & breach notification
We use reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, use, or disclosure. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a data breach that creates a real risk of significant harm, we will notify affected individuals and the relevant authorities as required by applicable law.
10. Children's privacy
The Site is not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Automated decision-making
We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you, or for profiling.
12. Third-party websites
The Site may link to, or embed, third-party websites and services. We are not responsible for the content or privacy practices of those third parties, and we encourage you to review their privacy policies.
13. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date above reflects the most recent revision, and we will provide prominent notice of material changes. Your continued use of the Site after changes are posted constitutes acceptance of the revised Policy.
14. Contact
For privacy questions or to exercise your rights, email us at hello@indinuity.com.