// Legal

Privacy Policy

This Privacy Policy explains how Indinuity Inc. ("Indinuity", "we", "us", "our") collects, uses, shares, and protects personal information when you visit indinuity.com (the "Site"), and the rights you have over that information. We are a software studio based in Cambridge, Ontario, Canada.

We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. If you are located in the European Economic Area (EEA) or the United Kingdom, we also handle your information in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR, and the additional rights described in Section 8 apply to you.

1. Who we are (data controller)

Indinuity Inc. is the controller responsible for the personal information processed through the Site. For any privacy question or request, contact us at hello@indinuity.com.

2. Information we collect

We collect only what we need to operate the Site and respond to you:

We do not knowingly collect special categories of personal data (such as health, biometric, or political data) through the Site, and we ask that you not send such information via the contact form.

3. How we use your information, and our legal bases

We use your information to: respond to your enquiries; arrange and conduct discovery calls; operate, secure, and maintain the Site; protect against fraud and abuse; and, where you have consented, measure aggregate Site usage. We do not sell your personal information, and we do not use it for advertising profiling.

If you are in the EEA or UK, our legal bases for processing are:

4. Cookies & consent

We use a small number of essential cookies required for the Site to function. Analytics are loaded only if you choose "Accept" on the cookie notice shown on your first visit — if you "Decline", no analytics are loaded or run. Your choice is stored in your browser's local storage, and you can change it at any time using the Cookies link in the footer, or by clearing your browser storage. Essential cookies cannot be turned off, as the Site cannot function without them.

5. Sharing your information

We do not sell or trade your personal information. We share limited information with trusted service providers only as needed to operate the Site, and only under contracts that require them to protect it:

We may also disclose information if required by law, or to protect our rights, safety, or property and those of others.

6. Where your information is processed (international transfers)

Our application servers and database are hosted on DigitalOcean infrastructure located in Canada, so your information is stored and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection under PIPEDA for transfers of personal data from the EEA. We use Amazon S3 and Amazon CloudFront only to store and distribute the Site's static assets (images, stylesheets, and scripts); these assets do not contain personal information. Some third-party services we rely on (see Section 5) — such as email delivery and Google reCAPTCHA — may process limited data on servers outside Canada, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) as required by applicable law.

7. Data retention

We keep personal information only as long as necessary for the purposes described in this Policy — for example, we retain contact-form messages for as long as needed to address your enquiry and for reasonable follow-up — after which it is deleted or anonymized, unless a longer period is required by law.

8. Your rights

Subject to applicable law, you have the right to request access to, and correction of, the personal information we hold about you, and to withdraw consent where processing is based on consent. To exercise any right, contact us at hello@indinuity.com; we may need to verify your identity before responding.

If you are in the EEA or the UK, you also have the right to: rectification of inaccurate data; erasure ("right to be forgotten"); restriction of processing; data portability; and to object to processing carried out on the basis of our legitimate interests. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

You also have the right to lodge a complaint with a supervisory authority. In Canada, that is the Office of the Privacy Commissioner of Canada (priv.gc.ca); in the UK, the Information Commissioner's Office (ico.org.uk); in the EEA, your local data protection authority.

9. Data security & breach notification

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, use, or disclosure. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a data breach that creates a real risk of significant harm, we will notify affected individuals and the relevant authorities as required by applicable law.

10. Children's privacy

The Site is not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Automated decision-making

We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you, or for profiling.

12. Third-party websites

The Site may link to, or embed, third-party websites and services. We are not responsible for the content or privacy practices of those third parties, and we encourage you to review their privacy policies.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date above reflects the most recent revision, and we will provide prominent notice of material changes. Your continued use of the Site after changes are posted constitutes acceptance of the revised Policy.

14. Contact

For privacy questions or to exercise your rights, email us at hello@indinuity.com.