How a250 handles your personal information.

1. Scope

This Privacy Policy explains what personal information a250 ("we", "us", "our") collects, why we collect it, how we use and disclose it, how long we keep it, and the rights you have in relation to your personal information. "Personal information" means any information about an identifiable individual.

Our website may contain links to third-party sites and services. Those sites and services have their own privacy practices. This Privacy Policy does not apply to your activities after you leave our site.

2. Information we collect

2.1 Information you voluntarily provide

When you submit our qualification or onboarding form, request access, contact us, or subscribe to our services, we may collect:

• Name
• Company name
• Phone number
• Email address
• Business nature / industry
• Description of your ideal customer profile
• Target localities for your business
• Any other information you choose to send us in correspondence

2.2 Information collected automatically

When you visit our website, our servers and analytics tools may automatically log standard information sent by your browser, including:

• Internet Protocol (IP) address
• Browser type and version
• Device type, operating system, and screen resolution
• Pages you visit, referring URL, and timestamps
• Time spent on each page and basic interaction events
• Error reports and diagnostic data when something on the site fails

While this information may not be personally identifying on its own, in some cases it may be combined with other data to identify you.

2.3 Cookies and similar technologies

We use cookies and similar storage mechanisms (including localStorage) to remember preferences, measure traffic, and improve our services. You can disable cookies in your browser settings, though some parts of the site may not function as intended.

3. Why we collect it (purposes)

We collect, use, and disclose personal information for the following purposes:

• To respond to your inquiries and provide the services or information you request
• To assess fit for our products and prioritize follow-up
• To provide, operate, maintain, and improve our website, applications, and services
• To send you administrative messages (e.g., service updates, security notices, billing)
• To send marketing communications, where you have consented or where permitted by law
• To analyze traffic, measure performance, and improve user experience
• To detect, prevent, and respond to fraud, abuse, security risks, or technical issues
• To comply with legal, accounting, regulatory, or reporting obligations

We will not use or disclose personal information for materially different purposes without obtaining your consent.

4. Legal basis and consent

Under PIPEDA, your knowledge and consent are required for the collection, use, or disclosure of personal information, except where required or permitted by law. Consent may be express (e.g., agreeing to a checkbox when you submit a form) or implied (e.g., voluntarily providing information for an obvious purpose). When you access a product or service offered by us, consent is deemed to be granted for the purposes reasonably necessary to provide that service.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us using the details in the "Contact us" section. Withdrawal of consent may impact our ability to continue to provide services to you.

5. Disclosure to third parties

We may disclose personal information to:

• Service providers and processors that help us operate our business (hosting, analytics, error monitoring, email delivery, billing/payments)
• Our employees, contractors, and related entities, on a need-to-know basis
• Existing or potential agents or business partners, where you have agreed
• Law enforcement, regulators, courts, or other public authorities, where required by law or to protect our rights
• An acquirer or successor in the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets

Third-party tools we currently use

• Notomo (self-hosted on infrastructure operated by Nixcus at metrics.nixc.us) — privacy-respecting web analytics
• PostHog (EU region, eu.i.posthog.com) — product analytics and session insights
• Sentry / Bugsink (self-hosted at bugsink.nixc.us) — error and crash reporting
• GitHub Pages — static website hosting
• Any payment processor used by app.a250.ca for subscription billing (disclosed at the point of checkout)

6. International transfers

Personal information we collect is primarily stored and processed in Canada. Some of our third-party providers (notably PostHog in the European Union, and infrastructure providers used by GitHub) may store, process, or transfer information outside of Canada. By using our services, you acknowledge that your personal information may be transferred to and processed in jurisdictions whose privacy laws differ from those of Canada, and that while it is in another jurisdiction it may be accessible to courts, law enforcement, and regulatory authorities in that jurisdiction. We will protect any such information in accordance with this Privacy Policy and applicable law.

7. How long we keep it

We keep personal information only for as long as is necessary to fulfill the purposes for which it was collected, to provide our services, or as required to comply with legal, accounting, regulatory, or reporting obligations. When personal information is no longer required, we will delete it or render it anonymous.

8. Security

We protect personal information using security safeguards appropriate to the sensitivity of the information. This includes administrative, technical, and physical measures intended to protect against loss, theft, unauthorized access, disclosure, copying, use, or modification.

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for selecting strong, unique passwords.

9. Your rights under PIPEDA

You have the following rights with respect to your personal information:

• Access. You may request the personal information we hold about you, how it has been used, and to whom it has been disclosed.
• Correction. If you believe information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it. We will amend information where you can demonstrate it is incomplete or inaccurate, or annotate the record where we cannot agree.
• Withdraw consent. You may withdraw consent to specific uses of your information, subject to legal or contractual restrictions and reasonable notice.
• Unsubscribe. You can opt out of marketing emails using the unsubscribe link in any message, or by contacting us.
• Complain. You may file a complaint about our handling of your personal information using the contact details below.

We will respond to a written access request within 30 days of receipt. If we are unable to respond within 30 days, we will notify you of the delay, the reason, and the new expected response date, in accordance with PIPEDA. We may charge a minimal cost-recovery fee for access requests, and will inform you of any fee in advance.

10. Data breach notification

In the event of a breach of security safeguards involving personal information under our control where it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual, we will report the breach to the Privacy Commissioner of Canada and notify affected individuals, as required by PIPEDA's Breach of Security Safeguards Regulations. We maintain records of breaches as required by law.

11. Children

Our services are intended for businesses and individuals 18 years of age or older. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

12. Compliance with PIPEDA's ten fair information principles

1. Accountability. a250 is responsible for personal information under its control and has designated a Privacy Officer to oversee compliance with PIPEDA.
2. Identifying purposes. We identify the purposes for which personal information is collected at or before the time it is collected.
3. Consent. We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where required or permitted by law.
4. Limiting collection. We limit the personal information we collect to what is necessary for the identified purposes.
5. Limiting use, disclosure, and retention. We use and disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary.
6. Accuracy. We make reasonable efforts to keep personal information accurate, complete, and up-to-date as needed for the purposes for which it was collected.
7. Safeguards. We protect personal information with security safeguards appropriate to its sensitivity.
8. Openness. We make our privacy policies and practices readily available, including this Privacy Policy.
9. Individual access. Upon request, we inform individuals of the existence, use, and disclosure of their personal information and grant access subject to legal restrictions.
10. Challenging compliance. Individuals may direct any challenge concerning compliance to the Privacy Officer using the details below.

13. Anti-spam (CASL)

We comply with Canada's Anti-Spam Legislation (CASL). Where required, we will obtain your express or implied consent before sending you commercial electronic messages. Every commercial electronic message we send will identify the sender and provide a working unsubscribe mechanism that takes effect within 10 business days.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of this page indicates when it was most recently revised. Material changes will be communicated through our website or, where appropriate, by direct notice.

15. Contact us

If you have any questions about this Privacy Policy, want to exercise a privacy right, or wish to make a complaint, please contact our Privacy Officer:

If we are unable to resolve your concern to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada: