Privacy

Privacy Policy

Working draft for legal review · Last updated July 15, 2026

1. Scope and accountability

This Privacy Policy explains how the website operated under the CaliberUp brand may collect, use, disclose, retain, and protect personal information. CaliberUp is based in Montreal, Quebec, Canada, and this policy is intended to address website-related activities and inquiries submitted through caliberup.ai.

Confirmation required: confirm the legal entity that operates CaliberUp, the person or role responsible for the protection of personal information, and the official privacy contact details.

2. Information the website may collect

  • Contact and inquiry information: name, work email address, company name when provided, area of interest, and the message submitted through the contact form.
  • Technical and security information: IP address, browser and device information, date and time, requested pages, referring page, security events, and similar server or diagnostic records that may be generated when the site is used.
  • Cookie and consent information: consent choices, cookie-category preferences, a consent record or identifier, and information needed to remember those choices.
  • Analytics and performance information: aggregated or pseudonymous information about visits, page views, referral sources, approximate location, device type, and site performance when an analytics service is enabled and permitted by the visitor’s choice.
  • Newsletter information, if newsletter subscriptions are offered: email address, consent record, preferences, subscription status, and engagement information such as opens or clicks if the configured provider supports that functionality.
  • Information provided through direct communications, including email correspondence and information voluntarily supplied during a business inquiry.

The website should not request sensitive personal information through the general contact form. Visitors should avoid submitting information that is not necessary for their inquiry.

3. Why information may be used

  • To receive, assess, and respond to inquiries and requests.
  • To discuss or provide requested services and maintain related business records.
  • To operate, secure, troubleshoot, and improve the website.
  • To remember cookie choices and demonstrate how consent preferences were handled.
  • To measure website performance and understand aggregate usage where analytics consent is required and has been provided.
  • To send newsletters or commercial electronic messages only where there is a valid basis to do so, including any consent required by applicable law.
  • To comply with legal obligations, protect legal rights, and prevent misuse or security incidents.

4. Cookies and consent choices

The site uses CookieAdmin to present cookie choices. Necessary technologies may operate without optional consent when they are required for core site functions, security, or remembering a visitor’s privacy choice. Functional, analytics, or advertising technologies should remain disabled unless the visitor enables the relevant category.

The current consent configuration is set to remember a choice for up to 365 days across the CaliberUp domain. Visitors can use the re-consent control to review or change their preferences. A new choice may be requested sooner if the policy or the categories of technologies materially change.

Declining optional cookies must not be treated as agreement. Withdrawing consent does not invalidate processing that was lawful before withdrawal.

5. Website tools and service providers

The technical review identified the following WordPress tools or integrations. Their precise role, configuration, data location, and contractual status must be confirmed before this section is finalized:

  • WordPress and Jetpack by Automattic: website functionality, contact forms, newsletter components, security, performance, or statistics depending on enabled settings.
  • CookieAdmin by Softaculous: cookie notice, consent preferences, and consent records.
  • Cloudflare Insights or related Cloudflare services: website performance, security, and traffic measurement components detected on the site.
  • GoSMTP and the configured email-delivery provider: delivery of contact-form notifications or other transactional email.
  • Backuply and the website hosting provider: website hosting, backups, restoration, security, and operational logs.
  • SiteSEO, SpeedyCache, Loginizer, FormLayer, and Pagelayer: site operation, optimization, security, forms, or administration depending on configuration.
  • A newsletter delivery provider, if newsletters are activated. Confirmation required: identify the provider and document subscription and unsubscribe handling.

Google Analytics was not enabled in the SiteSEO configuration during this review. Confirmation required: verify that no other analytics, advertising, session-recording, or customer-relationship tools are added outside the reviewed WordPress configuration.

6. Disclosure and processing by others

Personal information may be made available to service providers only to the extent reasonably necessary for hosting, security, form delivery, email delivery, backups, analytics, or other documented website operations. Providers should be required to protect the information and use it only for the services they provide.

Information may also be disclosed where required or permitted by law, to investigate misuse or a security incident, or in connection with a legitimate business transaction subject to appropriate safeguards.

Confirmation required: identify every processor that receives personal information, the categories disclosed, the processing location, and the applicable contractual safeguards.

7. Processing outside Quebec

Some website, cloud, email, security, analytics, or backup providers may process information outside Quebec or Canada. Information processed in another jurisdiction may be subject to that jurisdiction’s laws.

Confirmation required: document provider locations and complete any assessment and contractual review required before communicating personal information outside Quebec.

8. Retention and disposal

Personal information should be retained only for as long as reasonably necessary for the purpose for which it was collected, to satisfy legal or contractual requirements, or to resolve a request or dispute. It should then be securely deleted, destroyed, or anonymized where permitted.

  • Cookie consent records: the current cleanup period is configured for 365 days.
  • Contact inquiries and related email: confirmation required for the business retention schedule.
  • Newsletter consent and suppression records: confirmation required; some records may need to be retained to honour unsubscribe choices and demonstrate consent.
  • Analytics, security logs, email logs, and backups: confirmation required for each provider and system.

9. Safeguards and privacy incidents

CaliberUp should use administrative, technical, and physical safeguards appropriate to the sensitivity, quantity, purpose, and format of the information. These may include access controls, secure hosting, updates, backups, authentication controls, logging, and service-provider oversight. No method of storage or transmission can be guaranteed to be completely secure.

Confirmation required: document the safeguards actually in use and the process for assessing, recording, notifying, and reporting privacy incidents where required by applicable law.

10. Your privacy rights

Subject to applicable law, an individual may ask whether CaliberUp holds personal information about them, request access to that information, request correction of inaccurate or incomplete information, withdraw consent where processing depends on consent, and raise a concern about privacy practices.

A request may require reasonable identity verification. Legal exceptions may limit access or deletion in some circumstances. Individuals may also have the right to contact the Commission d’accès à l’information du Québec or the Office of the Privacy Commissioner of Canada, as applicable.

11. Newsletter and commercial messages

If CaliberUp offers a newsletter or sends commercial electronic messages, the subscription process should use an appropriate opt-in, record the basis for consent, identify the sender, and provide a working unsubscribe mechanism. A contact-form inquiry should not automatically be treated as consent to receive unrelated marketing messages.

Confirmation required: confirm whether a newsletter is active, the provider used, the consent language, the unsubscribe process, and the records retained to demonstrate consent.

12. Children

The website is intended for business audiences and is not designed to knowingly collect personal information from children. Confirmation required: confirm the intended audience and whether any service could reasonably involve minors.

13. Changes to this policy

The effective date and material changes should be displayed clearly. Where a change introduces a new purpose, new disclosure, or another material effect on privacy, additional notice or renewed consent may be required. The cookie banner should request a new decision when its consent policy version changes.

14. Privacy contact

Privacy Officer or responsible role: [confirmation required]

Legal entity name: [confirmation required]

Email: [confirm whether [email protected] is the privacy contact]

Mailing address: [confirm the Montreal, Quebec mailing address]

Legal review checklist

  • Confirm the legal entity, Privacy Officer or responsible role, email address, and mailing address.
  • Confirm all active analytics, advertising, newsletter, CRM, form, email, hosting, security, and backup providers.
  • Confirm where each provider processes information and complete any required assessment for transfers outside Quebec.
  • Approve documented retention periods for inquiries, email logs, analytics, security logs, consent records, and backups.
  • Confirm the contact-form notice, newsletter consent language, unsubscribe process, incident-response process, and access/correction request procedure.
  • Have Quebec/Canadian privacy counsel review the policy and determine whether a French version or other language requirements apply.