CANADA — PIPEDA & QUEBEC LAW 25

Privacy Policy

Effective June 30, 2026 · Maintained by North Peak Partners Inc.

This policy explains what personal information North Peak Partners Inc. (“North Peak,” “we,” “us”) collects through northpeakpartners.ca, how we use and protect it, and the rights you have under Canadian privacy law. It applies to applicants, partners, and visitors anywhere in Canada, with additional protections for residents of Quebec under the Act respecting the protection of personal information in the private sector (Law 25).

01 — CONTROLLER

Who we are

North Peak Partners Inc. is the organization responsible for the personal information collected through this site. The person accountable for our privacy practices, including the role of Privacy Officer under PIPEDA and Quebec Law 25, is:

Rodrigo Paez, Privacy Officer
North Peak Partners Inc.
info@northpeakpartners.ca

02 — INFORMATION

What we collect

We only collect what we need to evaluate a partnership and operate the site.

  • Application data. When you submit the Apply form, we collect the information you provide: name, business email, company, vertical or sector, and any free-text message or context you share.
  • Analytics data. We use Google Analytics to understand aggregate site usage (pages viewed, referrer, approximate region, device and browser type). Google processes IP addresses and sets cookies for this purpose.
  • CRM records. Once you apply, we add your contact details and our notes about the opportunity to our customer relationship management (CRM) system so we can follow up and track the conversation over time.
  • Technical logs. Our hosting provider records standard request logs (IP address, timestamp, user-agent, URL) for security and abuse prevention.

We do not knowingly collect personal information from anyone under 14 years of age. We do not collect sensitive categories of information (such as health, financial account, or government identifiers) through this site.

03 — PURPOSES

Why we collect it

We use personal information for these clearly identified purposes:

  • To review your application and assess whether a partnership fits.
  • To contact you about your application, schedule conversations, and respond to your questions.
  • To manage and document the partner relationship, including commitments, delivery, and invoicing.
  • To measure aggregate site performance and improve our content and offers.
  • To protect the site from abuse and to meet our legal and tax obligations.

We do not sell personal information. We do not use it for advertising, profiling for decisions with significant effects, or automated decision-making.

05 — SERVICE PROVIDERS

Who processes data on our behalf

We rely on a small number of vetted service providers. Each is bound by contract to use personal information only for the services we ask of them and to keep it confidential and secure.

  • Hosting & site delivery — Lovable (Cloudflare Workers infrastructure). Serves the website and receives Apply form submissions. May process data outside Canada, including in the United States and the European Union.
  • Email — Google Workspace. Delivers and stores the application notifications and any correspondence we exchange with you. Data may be stored in the United States.
  • CRM — Our customer relationship management provider, used to store application details and follow-up notes. Data may be stored outside Canada.
  • Analytics — Google Analytics (Google LLC / Google Ireland Ltd.), for aggregate site usage measurement.

For an up-to-date list of the specific providers we use, contact the Privacy Officer.

06 — CROSS-BORDER

Storage and transfers outside Canada

Some of the service providers listed above store and process personal information outside Canada, primarily in the United States and the European Union. While the information is in another jurisdiction, it is subject to that jurisdiction’s laws, which may permit access by foreign courts, law-enforcement agencies, or other authorities. We use contractual protections and require providers to maintain security safeguards comparable to those we apply ourselves.

07 — RETENTION

How long we keep it

We keep application and CRM records for 24 months from our last meaningful contact with you, after which they are deleted or anonymized. Records we are required to retain for tax, accounting, or legal reasons (for example, signed partner agreements and invoices) are kept for the period required by applicable law.

Aggregate analytics data is retained according to Google Analytics’ configured retention period and contains no directly identifying information once aggregated.

08 — SAFEGUARDS

How we protect it

We apply reasonable physical, organizational, and technological safeguards proportionate to the sensitivity of the information: encryption in transit (HTTPS) across the site, access controls on email and the CRM with strong authentication, limited internal access on a need-to-know basis, and provider-side encryption at rest. No system is perfectly secure; if a confidentiality incident affects your personal information and poses a risk of serious injury, we will notify you and the relevant regulator as required by PIPEDA and Quebec Law 25.

09 — YOUR RIGHTS

Your rights

Subject to legal exceptions, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of information that is inaccurate, incomplete, or out of date.
  • Withdraw your consent and request that we stop using your information.
  • Request deletion of your information (the right to be forgotten), and, if you are a Quebec resident, request that information about you stop being disseminated where applicable.
  • Receive a copy of the computerized personal information you provided to us in a structured, commonly used technological format (portability), available to Quebec residents.
  • Be informed of any automated decision-making that produces effects about you — we do not currently perform any.

To exercise any of these rights, email info@northpeakpartners.ca. We will respond within 30 days. If we cannot grant your request, we will explain why and how you can challenge the decision.

10 — COMPLAINTS

Complaints

If you believe we have not handled your personal information in line with this policy or Canadian privacy law, please contact the Privacy Officer first so we can try to resolve the issue. You also have the right to complain to:

  • The Office of the Privacy Commissioner of Canada — priv.gc.ca.
  • The Commission d’accès à l’information du Québec, if you are a Quebec resident — cai.gouv.qc.ca.
  • Your provincial or territorial privacy regulator, where one has jurisdiction over the matter.

11 — CHANGES

Updates to this policy

We may update this policy as our practices, services, or the law evolves. The effective date at the top reflects the current version. Material changes will be communicated on the site, and, where required, we will seek fresh consent.