Boreal.ai

Privacy Policy

We are committed to protecting your personal data and respecting your privacy.

Last updated: February 21, 2025

1. Introduction

Boréal Tech Solutions, Inc., operating under the trade name Boreal.AI (“we,” “our,” or “the Company”), is the data controller responsible for your personal data. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access our website (borealtech.solutions), applications, and artificial-intelligence-related services (collectively, the “Services”).

By using our Services, you acknowledge that you have read and understood this policy. If you do not agree with these practices, please do not use our Services.

2. Information We Collect

2.1 Personal Information

When you create an account, subscribe to a plan, or contact us, we may collect:

  • Full name and contact details (email address, phone number)
  • Billing and payment information
  • Company name and job title
  • Account credentials and passwords (encrypted)
  • Any other information you voluntarily provide

2.2 Usage Data

We automatically collect certain information when you use our Services:

  • IP address and approximate geolocation data
  • Browser type and operating system
  • Pages visited, visit duration, and navigation path
  • Device identifiers and log data

2.3 Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience, analyze traffic, and personalize content. You can manage your cookie preferences via our consent banner or your browser settings. For more details, please see our Cookie Policy.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery — Create and manage your account, process payments, and provide access to our AI platform.
  • Analytics and Improvement — Analyze usage trends, diagnose technical issues, and improve our Services.
  • Communication — Send you updates, security notifications, and account-related information.
  • Security and Compliance — Detect and prevent fraud, unauthorized activities, and violations of our terms.
  • Legal Obligations — Comply with applicable laws, regulations, and legal proceedings.

We process your personal data on the following legal grounds:

4.1 General Data Protection Regulation (GDPR)

  • Consent — Where you have given explicit consent for a specific processing purpose (e.g., marketing communications, non-essential cookies).
  • Contract Performance — Where processing is necessary for the performance of the contract between you and us (e.g., providing the Services, account management).
  • Legitimate Interest — Where processing is necessary for our legitimate interests (e.g., security, analytics, Service improvement), provided those interests do not override your rights.

4.2 Quebec’s Law 25

In accordance with Quebec’s Act to modernize legislative provisions as regards the protection of personal information (Law 25), we ensure that consent is obtained for the collection, use, and disclosure of your personal information, except where otherwise permitted by law. We have also designated a person responsible for the protection of personal information, reachable at [email protected].

5. Data Sharing

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers — We engage trusted third-party providers who process data on our behalf (hosting, payment, analytics). These providers are contractually bound and only have access to data necessary to perform their services.
  • Legal Obligations — We may disclose your data when required by law, in response to a court order, subpoena, or legitimate government request.
  • Business Transfers — In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you in advance.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When your data is no longer needed, we securely delete or anonymize it.

As a general rule: account data is retained for the duration of your relationship with us and up to three (3) years after account closure; billing data is retained in accordance with applicable tax requirements; usage logs are retained for a maximum of twelve (12) months.

7. Your Rights

Depending on your location and applicable laws (GDPR, Quebec’s Law 25), you may have the following rights:

  • Right of Access — Obtain confirmation that we process your data and receive a copy of it.
  • Right to Rectification — Request correction of inaccurate or incomplete data.
  • Right to Erasure — Request deletion of your personal data, subject to legal retention obligations.
  • Right to Data Portability — Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object — Object to the processing of your data based on legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent — Withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to De-indexation — Under Law 25, request de-indexation or cessation of the dissemination of your personal information.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the applicable legal timeframes.

8. International Transfers

Your data may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers and service providers are located. When we transfer data outside the European Economic Area (EEA), we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

In accordance with Law 25, before disclosing personal information outside Quebec, we conduct a privacy impact assessment to ensure the data will receive adequate protection.

9. Data Security

We implement reasonable technical and organizational security measures to protect your personal data against loss, unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Strict access controls and multi-factor authentication
  • Regular security audits and penetration testing
  • Continuous infrastructure monitoring and intrusion detection

Despite our efforts, no method of transmission or storage is perfectly secure. If you discover a vulnerability, please notify us immediately at [email protected].

10. Children’s Privacy

Our Services are not directed at individuals under the age of sixteen (16). We do not knowingly collect personal data from minors. If we learn that we have collected data from a child under 16 without verifiable parental consent, we will take steps to delete that information as promptly as possible.

11. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. In the event of material changes, we will notify you by email or through a prominent notice on our Services. The “last updated” date at the top of this page indicates the most recent revision date.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

Bor\u00e9al Tech Solutions, Inc.
Email: [email protected]
Website: borealtech.solutions

If you reside in the European Union and are not satisfied with our response, you have the right to lodge a complaint with your country’s data protection authority. In Quebec, you may contact the Commission d’accès à l’information du Québec (CAI).