Privacy Policy

Glacio is committed to protecting the privacy of individuals who interact with our website, portal, and services. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the General Data Protection Regulation (GDPR).

By using our website, creating an account, accessing the portal, or engaging our services, you consent to the practices described in this policy, except where applicable law requires separate or additional consent.

Glacio is a web design and development studio based in Toronto, Ontario, Canada. For privacy-related inquiries, you may contact us at: [email protected].

We may collect the following categories of personal information:

• Contact information, such as full name, email address, phone number, and business details if provided
• Account and portal information, such as login credentials, account status, invite acceptance, and related authentication records
• Inquiry and project details submitted through our contact forms, onboarding flows, project briefs, or portal workspace
• Communication records, including emails, portal messages, support requests, approvals, and related correspondence
• Files and materials uploaded through the portal, including briefs, assets, deliverables, signed agreements, and related project documents
• Billing and transaction information, such as invoicing details and payment status metadata, though we do not store full payment card details
• Technical data, such as IP address, browser type, device type, operating system, pages viewed, access times, and session-level usage data
• Cookie, analytics, and diagnostic information collected through website and portal usage

We collect information in the following ways:

• Directly from you when you complete a contact form, project brief, create an account, upload files, send messages, or otherwise use our services
• Through project communications and ongoing client interactions
• Automatically through cookies, logs, analytics tools, and security monitoring when you browse our website or use the portal
• From service providers or integrations that support delivery of our services, where applicable and lawful

We collect and use personal information for the following purposes:

• To respond to inquiries and assess prospective engagements
• To create and manage client accounts and secure portal access
• To deliver contracted services and manage project operations
• To send service-related communications, including onboarding messages, project updates, approvals, invoices, and legal/compliance documents
• To store and manage project records, uploaded files, and client communications
• To improve our website, portal, security posture, and service delivery
• To detect, prevent, and address fraud, abuse, unauthorized access, and technical issues
• To comply with legal, regulatory, tax, accounting, and contractual obligations
• With your consent where required, to send future marketing or promotional communications

For individuals in the European Economic Area, we process personal data on the following legal bases:

• Contractual necessity, including project delivery and account administration
• Legitimate interests, including service improvement, security, fraud prevention, and operational management
• Legal obligation, including compliance with applicable legal and tax requirements
• Consent, where you have expressly provided it, including where required for optional communications or certain cookies

If you use the Glacio portal, we may process information necessary to operate the workspace, including account details, portal activity, project status information, uploaded files, messages, approvals, legal/compliance records, and payment-related workflow data.

Portal records may be used to manage the engagement, maintain an operational history, support compliance, resolve disputes, and improve service delivery and security.

We do not sell, rent, or trade personal information. We may share information in limited circumstances:

• With service providers and subprocessors who help us host, secure, analyze, communicate, store files, or operate our services, under appropriate confidentiality and data protection obligations
• With payment, hosting, storage, analytics, authentication, and communications providers as reasonably necessary to operate our business
• If required by law, legal process, court order, or government authority
• To protect the rights, property, safety, or security of Glacio, our clients, users, or others
• In connection with a business reorganization, merger, acquisition, or asset sale, subject to appropriate confidentiality measures where applicable

Some service providers may process or store information outside your province, territory, or country of residence, including in jurisdictions that may have different privacy laws. Where applicable, we take reasonable steps to ensure appropriate safeguards are in place for such transfers.

We retain personal information only for as long as reasonably necessary to fulfil the purposes described in this policy, enforce our agreements, maintain project records, resolve disputes, and comply with legal obligations.

• Client project and portal records may be retained for up to five (5) years after project completion, or longer where reasonably necessary for legal, accounting, security, or record-keeping purposes
• Inquiry data from non-clients may be retained for up to twelve (12) months
• We may retain limited information longer where required by law or for legitimate business purposes such as dispute resolution, fraud prevention, or enforcement of agreements

Subject to applicable law, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of personal information, subject to legal, contractual, and retention obligations
• Withdraw consent where processing is based on consent
• Request information about how your data is used or disclosed
• Lodge a complaint with the Office of the Privacy Commissioner of Canada or another applicable supervisory authority

To exercise any of these rights, please contact us at [email protected].

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure. These measures may include authentication controls, access restrictions, secure hosting, and operational monitoring.

No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

We may use cookies and similar technologies to operate the website and portal, remember preferences, understand usage patterns, improve performance, and support security and diagnostics. Where required by applicable law, we will seek consent before using non-essential cookies.

Our website or portal may contain links to third-party websites or rely on third-party services. We are not responsible for the privacy practices of third-party sites or services and encourage you to review their policies directly.

We may update this Privacy Policy from time to time. Material changes will be posted on our website with a revised effective date. Continued use of our website, portal, or services after such changes constitutes your acceptance of the updated policy, subject to applicable law.

For privacy-related questions or requests: [email protected]