COMPLIANCE & OPERATIONS · PIPEDA

Privacy Policy

Jurisdiction: Ontario, Canada Effective: January 1, 2026 Version: 1.0
Governing Document. This Privacy Policy governs ClearGlass Inc.'s collection, use, and disclosure of personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and applicable Ontario privacy law. By engaging our services or visiting our website, you acknowledge this policy.

1. About ClearGlass Inc.

ClearGlass Inc. ("ClearGlass," "we," "us," or "our") is an Ontario corporation headquartered in Burlington, Ontario, Canada. We provide cybersecurity, AI governance, threat intelligence, and digital infrastructure services to business clients.

Our designated Privacy Officer is responsible for overseeing compliance with this policy and PIPEDA. Contact details are provided in Section 12.

2. Information We Collect

Business Contact Information

When you engage with us — through our website, email, or service agreements — we may collect:

  • Name, job title, and employer organization
  • Business email address and telephone number
  • Correspondence and communication records
  • Contract and engagement details

Technical and Usage Information

Our website and platforms may automatically collect:

  • IP address and approximate geographic location
  • Browser type, operating system, and device identifiers
  • Pages visited, time spent, and navigation paths
  • Referring URLs and search terms

Service Delivery Information

In the course of delivering cybersecurity or AI services, we may process client-supplied data, which may include network logs, endpoint telemetry, access records, or other operational data as specified in the applicable service agreement. We process such data as a data processor on behalf of the client organization.

3. How We Use Information

We use personal information only for the purposes for which it was collected or for consistent purposes, including:

  • Providing, operating, and improving our services
  • Communicating with clients and prospective clients
  • Fulfilling contractual obligations and service agreements
  • Processing invoices and payments
  • Complying with legal obligations
  • Improving platform functionality and security posture
  • Sending relevant service updates (with opt-out options)
PIPEDA PRINCIPLE

We collect only the minimum personal information necessary for the identified purpose (principle of data minimization) and do not use or disclose it for secondary purposes without consent.

4. Disclosure of Information

ClearGlass Inc. does not sell, rent, or trade personal information. We may disclose information in the following limited circumstances:

Service Providers

We engage trusted third-party service providers (cloud infrastructure, accounting, legal counsel) who are contractually required to protect personal information and use it only for services rendered to us.

Legal Requirements

We may disclose information if required by law, court order, or lawful request from a government authority, or where necessary to protect the rights, property, or safety of ClearGlass Inc., our clients, or the public.

Business Transfers

In the event of a merger, acquisition, or asset sale, personal information may be transferred to the successor entity, subject to equivalent privacy protections.

Consent

With your express consent, we may share information for purposes you have specifically authorized.

5. AI and Machine Learning Data

ClearGlass Inc. develops and deploys AI-assisted platforms including ARTEMIS, GUARDIAN, and NEXUS. The following principles govern data used in AI and machine learning contexts:

AI DATA PRINCIPLE
  • No training on client data without consent. We do not use client operational data to train our AI models without explicit, written authorization.
  • Anonymization. Where AI model improvement uses operational data, we apply anonymization and aggregation techniques prior to use.
  • Purpose limitation. AI-processed data is used solely for the service delivery purpose specified in the applicable engagement.
  • Human oversight. All AI-generated outputs that affect individuals are subject to human review. See our AI Liability Framework.

6. Retention and Deletion

We retain personal information only as long as necessary for the purposes for which it was collected or as required by law:

  • Financial and contractual records: 7 years from the end of the fiscal year (CRA requirement)
  • Client engagement records: 5 years following end of engagement
  • Website analytics: 26 months rolling, then aggregated or deleted
  • Marketing communications: Until opt-out or 3 years from last interaction
  • Security incident records: 5 years

Upon expiry of the applicable retention period, personal information is securely destroyed or anonymized using industry-standard methods.

7. Your Rights Under PIPEDA

As a Canadian resident, you have rights regarding your personal information under PIPEDA, including:

  • Access: Request a copy of personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Withdrawal of consent: Withdraw consent to collection, use, or disclosure subject to legal and contractual restrictions
  • Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC)

To exercise these rights, contact our Privacy Officer (Section 12). We will respond within 30 days of receiving a complete request. We may verify your identity before processing access requests.

COMPLAINT PROCESS

If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.

8. Cross-Border Transfers

ClearGlass Inc. operates in Canada and may use cloud infrastructure hosted in the United States or other jurisdictions. When personal information is transferred outside Canada, it may be subject to the laws of the destination country, including lawful access by foreign governments.

We take contractual measures (data processing agreements, standard contractual clauses) to ensure transferred information receives protection comparable to Canadian standards. We do not transfer data outside Canada and the United States without a documented lawful basis.

9. Security

As a cybersecurity company, we apply rigorous technical and organizational safeguards to protect personal information, including:

  • Encryption in transit (TLS 1.3+) and at rest (AES-256)
  • Zero-trust access controls and least-privilege principles
  • Multi-factor authentication for all internal systems
  • Regular penetration testing and vulnerability assessments
  • Incident response and breach notification procedures

No security system is impenetrable. In the event of a breach involving your personal information, we will notify affected individuals and the OPC in accordance with PIPEDA's breach notification obligations.

10. Cookies and Analytics

Our website uses minimal, privacy-respecting analytics. We do not deploy advertising cookies or third-party tracking pixels. Technical cookies necessary for website function are session-scoped and do not persist beyond the browser session.

Analytics data is collected in aggregate form and does not identify individual visitors. You may disable cookies in your browser settings without affecting access to our core website content.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. For significant changes affecting how we process client personal information, we will provide direct notice where required by law.

Continued engagement with our services following notice of changes constitutes acceptance of the revised policy.

12. Contact — Privacy Officer

For privacy inquiries, access requests, or complaints:

PRIVACY OFFICER CONTACT

Desmond Otieno Odhiambo, Privacy Officer
ClearGlass Inc.
Burlington, Ontario, Canada
Email: desmondotieno@icloud.com
Response time: within 30 days of receipt of complete written request

For complaints that remain unresolved after engaging our Privacy Officer, contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.