Skip to contentSkip to Content
DocsLegalPrivacy Policy
Legal

Privacy policy

Effective date: pending legal review

This policy explains how Advizr AI Inc. (“Advizr”, “we”, “us”) collects, uses, and protects personal information. We’re a Canadian company, and we handle personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal privacy law.

What this policy covers

This policy applies to:

  • This documentation site (docs.advizr.ca) and our public website
  • The Advizr client platform (advizrclients.com), if you’re a client or a member of a client’s team

If you’re a client, the Data processing terms also apply to the business data we process on your behalf.

Information we collect

Information you provide. If you’re a platform user, this includes your name, email address, and password (stored as a secure hash, never in plain text), plus the business content your organization puts into the platform: documents, chat conversations, goals, and activity. If you book a call or contact us, we collect the contact details you share.

Billing information. Payments are processed by Stripe. Card details go directly to Stripe and are never stored on Advizr systems. We keep billing records — invoices, amounts, payment status — for the Client Admin on record.

Information collected automatically. When you visit this site, we collect usage and performance data through the analytics services described below. On the platform, we log account activity such as logins and actions taken, which supports security and support.

Cookies and analytics

This site uses two analytics services:

  • Google Analytics 4 (GA4) — used only with your consent. When you first visit, a cookie banner asks you to accept or decline analytics cookies. The GA4 script does not load, and no analytics cookies are set, unless you click Accept. If you decline, the site works identically with GA4 off.
  • Vercel Analytics and Speed Insights — aggregate page-view and performance measurement that does not use cookies or track you across sites.

Your consent choice is stored in your browser (under the key advizr-cookie-consent) so the banner doesn’t reappear on every visit.

To opt out or withdraw consent: decline the banner when it appears. If you previously accepted and want to withdraw, clear this site’s data in your browser settings — the banner will reappear on your next visit and you can decline. You can also install Google’s official Analytics opt-out browser add-on, which blocks GA4 everywhere.

How we use your information

We use personal information to:

  • Provide and operate the platform and our services
  • Communicate with you about your engagement, billing, and support
  • Secure accounts and investigate suspected misuse
  • Understand how this site is used so we can improve it (analytics, with consent)
  • Meet legal and accounting obligations

We never use your business data to train, fine-tune, or improve AI models. Content you submit to AI features is used only to generate responses within your own workspace. We don’t sell personal information, and we don’t share it with third parties for their own marketing.

Who we share information with

We share personal information only with service providers who process it on our instructions to run the services:

ProviderPurpose
VercelHosting for our websites and web applications
SupabaseDatabase and authentication infrastructure
StripePayment processing
GoogleAnalytics on this site (only with your consent)
Anthropic and OpenAIAI model processing for AI features

The full subprocessor list and our obligations around it are in Data processing. Beyond service providers, we disclose personal information only where the law requires it — for example, in response to a valid legal demand — and we’ll notify you of such a demand where we’re legally permitted to.

Where your data is stored

Each client organization gets its own isolated database — your data is never pooled with other clients’. Some of our service providers operate infrastructure outside Canada, which means personal information may be stored or processed in other jurisdictions and be subject to the laws there.

How long we keep your information

  • Platform data — retained while your subscription is active. If you cancel, data is retained for 30 days after the end of your billing period to allow for reactivation, then scheduled for permanent deletion.
  • Deletion requests — complete deletion requests are processed within 14 business days.
  • Billing records — retained as required by Canadian tax and accounting law, even after your engagement ends.
  • Analytics data — retained per the configured retention period in GA4.

How we protect your information

Data is encrypted in transit (HTTPS/TLS) and at rest. Login credentials live in a separate authentication database from business data, and access is restricted by role — only your team and the Advizr staff assigned to your engagement can see your workspace. Full details are on the Security and compliance page.

Your rights

Under PIPEDA, you can:

  • Access the personal information we hold about you and ask how it’s been used and disclosed
  • Correct information that’s inaccurate or incomplete
  • Withdraw consent to optional processing, such as analytics, at any time
  • Request deletion of your information, subject to legal retention obligations
  • Export your data — platform users can download documents directly and request a full export; see data and privacy

To exercise any of these rights, email legal@advizr.ca or, if you’re an active client, contact your assigned engineer through Chat. We respond to access requests within the timelines PIPEDA requires. If you’re not satisfied with our response, you can complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca).

Visitors from the EU and other jurisdictions

We apply GDPR-aligned practices for visitors from the European Union — consent before analytics cookies, data minimization, and honouring access and deletion requests — but PIPEDA is our governing framework and we do not represent that our services are certified or assessed for GDPR compliance. If your organization has specific cross-border compliance requirements, raise them with us before your engagement starts.

Children

Our services are built for businesses and are not directed at children. We don’t knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we’ll delete it.

Changes to this policy

If we make material changes to this policy, we’ll update the effective date and notify active clients by email. The current version is always published at this address.

Governing law

This policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable in Ontario, including PIPEDA.

Contact

Privacy questions, access requests, or complaints: email legal@advizr.ca.

Last updated on