Privacy Policy

1. Introduction

The Safe North (“we,” “us,” or “our”) is an independent cybersecurity consulting firm based in Toronto, Ontario, Canada. This Privacy Policy explains what personal information we collect when you visit thesafenorth.com or thesafenorth.ca (both of which serve this website), how we use it, who we share it with, and the rights you have over your data.

We are committed to handling your information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. If you are located in the European Economic Area (EEA) or the United Kingdom, additional rights under the GDPR and UK GDPR may apply to you.

By using this website or submitting information through any form, you acknowledge the practices described in this policy. If you do not agree, please do not submit personal information through this site.

2. Who We Are

Data controller: The Safe North
Address: Toronto, Ontario, Canada
Contact: info@thesafenorth.com

All inquiries regarding this policy or your personal data should be directed to the contact above.

3. Information We Collect

We collect only the minimum information necessary to provide our services and communicate with you.

3.1 Information you provide directly

• Contact form — When you submit the contact form on this website we collect your name, email address, and the message content you provide. This information is used solely to respond to your enquiry.
• Newsletter subscription — When you subscribe to our newsletter we collect your email address. You may unsubscribe at any time using the link in any email we send or via our unsubscribe page.

3.2 Information collected automatically

This website does not use Google Analytics, Facebook Pixel, or any other behavioural tracking or advertising technology. We do not set persistent tracking cookies.

Your browser and internet service provider may retain standard server logs (IP address, request timestamps, browser type) as part of normal internet operations. We do not have access to, control over, or use of those logs for marketing or profiling purposes. GitHub Pages (our hosting provider) may collect standard access logs in accordance with GitHub’s Privacy Statement.

3.3 Sensitive information

We do not knowingly collect sensitive personal information (e.g., health data, financial account numbers, government identification numbers). Please do not submit such information through our contact form or newsletter.

4. How We Use Your Information

We use the information we collect for the following purposes only:

• To respond to your enquiries — Contact form submissions are used to reply to your questions or arrange consultations.
• To send our newsletter — Email addresses collected via subscription forms are used to send periodic security insights, free resources, and relevant updates. We do not send marketing emails to people who have not subscribed.
• To improve this website — Aggregate, non-personal feedback and observations may be used to improve site content and usability.

We do not use personal information for automated profiling, targeted advertising, or any decision-making that produces legal or similarly significant effects.

5. Third-Party Services

We use a small number of third-party services to operate this website. Each provider processes data under their own privacy policy.

We do not sell, rent, or trade your personal information to any third party for commercial purposes.

6. Disclosure of Your Information

We will not share your personal information with any party outside of those listed in Section 5, except in the following circumstances:

• Legal obligation — We may disclose information where required to do so by law, court order, or at the request of a government authority.
• Protection of rights — We may disclose information when we believe disclosure is necessary to protect the rights, property, or safety of The Safe North, our clients, or the public.
• Business transfer — If the practice is transferred or merged with another entity, personal information may be transferred as part of that transaction. We will notify affected individuals before any such transfer takes effect.

7. Data Security

We implement reasonable technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

• HTTPS encryption for all data in transit (enforced via HSTS)
• Strict Content Security Policy (CSP) headers to mitigate injection attacks
• Minimal data collection to reduce attack surface
• No storage of form submissions on our own servers — submissions are processed and forwarded by Web3Forms directly to our inbox

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

• Contact form submissions — Retained in our email inbox for as long as needed to resolve your enquiry, then deleted in accordance with our standard email retention practices.
• Newsletter subscriptions — Your email address is retained until you unsubscribe. Upon unsubscription, your address will be removed from our sending list within 10 business days, as required by CASL. To unsubscribe, visit our unsubscribe page or use the link in any newsletter we send.

You may request deletion of your personal information at any time by contacting us (see Section 11).

9. Cookies and Tracking

This website does not use cookies for analytics, advertising, or tracking purposes. The only client-side storage used is localStorage to remember your theme preference (light or dark mode), which contains no personal information and never leaves your browser.

Third-party services listed in Section 5 (particularly Google Fonts and Netlify) may set their own cookies or log request data as described in their respective privacy policies.

10. Your Privacy Rights

10.1 Canada (PIPEDA)

Under PIPEDA, you have the right to:

• Know what personal information we hold about you
• Request access to your personal information
• Request correction of inaccurate information
• Withdraw consent to our use of your information (subject to legal or contractual restrictions)
• File a complaint with the Office of the Privacy Commissioner of Canada

10.2 European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you also have the right to:

• Erasure (“right to be forgotten”)
• Restriction of processing
• Data portability
• Object to processing based on legitimate interests
• Lodge a complaint with your local supervisory authority

Our lawful basis for processing contact form and newsletter data is consent (Article 6(1)(a) GDPR). You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

10.3 California (CCPA / CPRA)

California residents have the right to know what personal information is collected, to opt out of the sale of personal information (we do not sell personal information), and to request deletion. To exercise these rights, contact us directly.

11. Contact & Complaints

To exercise any of your privacy rights, ask a question about this policy, or raise a concern, please contact:

The Safe North
Toronto, ON, Canada
info@thesafenorth.com

We will acknowledge your request within 5 business days and aim to resolve it within 30 days. If you are unsatisfied with our response, you have the right to contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of this website after any changes constitutes acceptance of the revised policy.