How a250 handles your data.

1. Scope

This Privacy Policy explains what personal information a250 ("we", "us", "our") collects. It also explains how we use it, when we share it, how long we keep it, and the rights you have. "Personal information" means details about an identifiable individual. After this definition, this page usually calls those details "data" or "records."

Our website may contain links to third-party sites and services. Those sites and services have their own privacy practices. This Privacy Policy does not apply to your activities after you leave our site.

2. Information we collect

2.1 Information you voluntarily provide

When you submit our qualification or onboarding form, request access, contact us, or subscribe to our services, we may collect:

• Name
• Company name
• Phone number
• Email address
• Business nature / industry
• Description of your ideal customer profile
• Target localities for your business
• Any other information you choose to send us in correspondence

2.2 Information collected automatically

When you visit our website, our servers and analytics tools may automatically log standard information sent by your browser, including:

• Internet Protocol (IP) address
• Browser type and version
• Device type, operating system, and screen resolution
• Pages you visit, referring URL, and timestamps
• Time spent on each page and basic interaction events
• Error reports and diagnostic data when something on the site fails

While these details may not identify you on their own, in some cases they may be combined with other records to identify you.

2.3 Cookies and similar technologies

We use cookies and similar storage mechanisms (including localStorage) to remember preferences, measure traffic, and improve our services. You can disable cookies in your browser settings, though some parts of the site may not function as intended.

3. Why we collect it (purposes)

We collect, use, and disclose data for the following purposes:

• To respond to your inquiries and provide the services or answers you request
• To assess fit for our products and prioritize follow-up
• To provide, operate, maintain, and improve our website, applications, and services
• To send you administrative messages (e.g., service updates, security notices, billing)
• To send marketing communications, where you have consented or where permitted by law
• To analyze traffic, measure performance, and improve user experience
• To detect, prevent, and respond to fraud, abuse, security risks, or technical issues
• To comply with legal, accounting, regulatory, or reporting obligations

We will not use or disclose your data for materially different purposes without obtaining your consent.

4. Legal basis and consent

Under PIPEDA, your knowledge and consent are required for the collection, use, or disclosure of data about you, except where required or permitted by law. Consent may be express (e.g., agreeing to a checkbox when you submit a form) or implied (e.g., voluntarily providing details for an obvious purpose). When you access a product or service offered by us, consent is deemed to be granted for the purposes reasonably necessary to provide that service.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us using the details in the "Contact us" section. Withdrawal of consent may impact our ability to continue to provide services to you.

5. Disclosure to third parties

We may disclose data to:

• Service providers and processors that help us operate our business (hosting, analytics, error monitoring, email delivery, billing/payments)
• Our employees, contractors, and related entities, on a need-to-know basis
• Existing or potential agents or business partners, where you have agreed
• Law enforcement, regulators, courts, or other public authorities, where required by law or to protect our rights
• An acquirer or successor in the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets

Third-party tools we currently use

• Notomo (self-hosted on infrastructure operated by Nixcus at metrics.nixc.us) — privacy-respecting web analytics
• PostHog (EU region, eu.i.posthog.com) — product analytics
• Sentry / Bugsink (self-hosted at bugsink.nixc.us) — error and crash reporting
• GitHub Pages — static website hosting
• Any payment processor used by app.a250.ca for subscription billing (disclosed at the point of checkout)

6. International transfers

Data we collect is primarily stored and processed in Canada. Some of our third-party providers (notably PostHog in the European Union, and infrastructure providers used by GitHub) may store, process, or transfer records outside of Canada. By using our services, you acknowledge that your data may be transferred to and processed in jurisdictions whose privacy laws differ from those of Canada, and that while it is in another jurisdiction it may be accessible to courts, law enforcement, and regulatory authorities in that jurisdiction. We will protect those records in accordance with this Privacy Policy and applicable law.

7. How long we keep it

We keep data only for as long as is necessary to fulfill the purposes for which it was collected, to provide our services, or as required to comply with legal, accounting, regulatory, or reporting obligations. When records are no longer required, we will delete it or render it anonymous.

8. Security

We protect data using security safeguards appropriate to its sensitivity. This includes administrative, technical, and physical measures intended to protect against loss, theft, unauthorized access, disclosure, copying, use, or modification.

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for selecting strong, unique passwords.

9. Your rights under PIPEDA

You have the following rights with respect to your data:

• Access. You may request the records we hold about you, how they have been used, and to whom they have been disclosed.
• Correction. If you believe records we hold about you are inaccurate, incomplete, or out of date, you may ask us to correct them. We will amend records where you can demonstrate they are incomplete or inaccurate, or annotate the file where we cannot agree.
• Withdraw consent. You may withdraw consent to specific uses of your data, subject to legal or contractual restrictions and reasonable notice.
• Unsubscribe. You can opt out of marketing emails using the unsubscribe link in any message, or by contacting us.
• Complain. You may file a complaint about our handling of your data using the contact details below.

We will respond to a written access request within 30 days of receipt. If we are unable to respond within 30 days, we will notify you of the delay, the reason, and the new expected response date, in accordance with PIPEDA. We may charge a minimal cost-recovery fee for access requests, and will inform you of any fee in advance.

10. Data breach notification

In the event of a breach of security safeguards involving data under our control where it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual, we will report the breach to the Privacy Commissioner of Canada and notify affected individuals, as required by PIPEDA's Breach of Security Safeguards Regulations. We maintain records of breaches as required by law.

11. Children

Our services are intended for businesses and individuals 18 years of age or older. We do not knowingly collect data from children. If you believe a child has provided us with details about themselves, please contact us so we can take appropriate action.

12. Compliance with PIPEDA's ten fair information principles

1. Accountability. a250 is responsible for records under its control and has designated a Privacy Officer to oversee compliance with PIPEDA.
2. Identifying purposes. We identify the purposes for collection at or before the time it happens.
3. Consent. We obtain your knowledge and consent for collection, use, or disclosure, except where required or permitted by law.
4. Limiting collection. We limit what we collect to what is necessary for the identified purposes.
5. Limiting use, disclosure, and retention. We use and disclose records only for the purposes for which they were collected, and retain them only as long as necessary.
6. Accuracy. We make reasonable efforts to keep records accurate, complete, and up-to-date as needed for the purposes for which they were collected.
7. Safeguards. We protect records with security safeguards appropriate to their sensitivity.
8. Openness. We make our privacy policies and practices readily available, including this Privacy Policy.
9. Individual access. Upon request, we inform individuals of the existence, use, and disclosure of their records and grant access subject to legal restrictions.
10. Challenging compliance. Individuals may direct any challenge concerning compliance to the Privacy Officer using the details below.

13. Anti-spam (CASL)

We comply with Canada's Anti-Spam Legislation (CASL). Where required, we will obtain your express or implied consent before sending you commercial electronic messages. Every commercial electronic message we send will identify the sender and provide a working unsubscribe mechanism that takes effect within 10 business days.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of this page indicates when it was most recently revised. Material changes will be communicated through our website or, where appropriate, by direct notice.

15. Contact us

If you have any questions about this Privacy Policy, want to exercise a privacy right, or wish to make a complaint, please contact our Privacy Officer:

If we are unable to resolve your concern to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada: