Privacy
Privacy Policy
Last updated: 3 July 2026
Data Nexus AI Inc. ("Data Nexus AI," "we," "us," or "our") respects your privacy and is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial privacy legislation. This Privacy Policy explains what we collect, why we collect it, how we use and disclose it, and the choices available to you when you visit datanexusai.pro, contact us, or engage our consulting services.
1. Who is responsible for your information?
The organisation responsible for personal information described in this policy is:
Data Nexus AI Inc.
18 York Street, Suite 1400
Toronto, Ontario M5J 2T8, Canada
Email: [email protected]
Phone: +1 (416) 546-8129
For privacy-specific enquiries, contact us using the details above with the subject line "Privacy request."
2. Scope of this policy
This policy applies to personal information we collect through our website, contact forms, email and telephone communications, events, and the delivery of professional services. It does not apply to third-party websites linked from our pages, or to personal information we process solely on behalf of clients under a separate written agreement—in those cases we act as a service provider and the client's privacy documentation governs.
3. What personal information we collect
3.1 Information you provide directly
When you submit our contact form or correspond with us, we may collect your name, business email address, telephone number, company name, job title, message content, and subject selection. We also record whether you provided PIPEDA consent via the consent_pipeda checkbox, which is required before we use your enquiry data to respond.
3.2 Information collected automatically
When you browse our website, our servers and—if you consent—analytics tools may collect technical data such as IP address, browser type, device identifiers, referring URL, pages viewed, and timestamps. Cookie details are described in our Cookie Policy.
3.3 Client project data
During consulting engagements we may access personal information contained in client datasets (for example customer records, employee identifiers, or patient operational data). That processing is scoped in statements of work and data processing terms. Clients remain accountable for lawful collection of such data; we process it only as instructed and apply appropriate safeguards.
3.4 Sensitive information
We do not ask you to submit government identity numbers, full payment card numbers, or detailed health records through the public website contact form. If project work requires handling sensitive categories, we define restrictions, minimisation, and retention in contract schedules.
4. Purposes and legal bases for processing
Under PIPEDA, we identify purposes before or at the time of collection and limit use to those purposes or compatible extensions. Our primary purposes include:
- Responding to enquiries: to read, evaluate, and reply to messages you send via contact.php or email.
- Delivering services: to perform applied machine learning, data engineering, MLOps, and related consulting under contract.
- Operating the website: to maintain security, debug errors, and remember cookie preferences.
- Analytics (with consent): to understand aggregate traffic patterns and improve content—not to build individual marketing profiles without permission.
- Legal and compliance: to meet tax, accounting, anti-fraud, and regulatory obligations, and to establish or defend legal claims.
- Business operations: for scheduling, invoicing, and relationship management with prospects and clients.
We rely on your consent where required—for example marketing messages or non-essential cookies—and on implied consent or legitimate business purposes where PIPEDA permits for reasonable expectations (such as responding to a message you initiate).
5. How we use personal information
We use personal information only for the purposes described above or for compatible purposes you would reasonably expect. Examples include translating an assessment request into a proposal, assigning the appropriate engineer to a discovery call, storing correspondence in our CRM, and generating anonymised case study narratives that remove identifying details. We do not sell personal information. We do not use website enquiry data to train public machine learning models.
6. Disclosure to third parties
We may share personal information with:
- Service providers who host infrastructure, email delivery, analytics (when consented), or CRM functions, bound by confidentiality and processing terms.
- Professional advisers such as lawyers or accountants under duty of confidentiality.
- Clients or partners when you ask us to make an introduction or jointly deliver a project.
- Authorities when required by law, court order, or to protect rights, safety, and security.
- Successors in connection with a merger, acquisition, or asset sale, subject to continued protection consistent with this policy.
Some providers may store or process data outside Canada. When information crosses borders, we assess safeguards and notify clients or website users as required, using contractual clauses and vendor diligence to maintain a comparable level of protection.
7. Retention
We retain personal information only as long as necessary for the purposes collected or as required by law. Typical retention periods:
- Contact form submissions and sales correspondence: up to twenty-four months after last meaningful contact unless a client relationship continues.
- Client project records: duration of contract plus seven years for audit and limitation periods unless a shorter period is agreed.
- Cookie consent records: stored locally in your browser for up to six months, as described in the Cookie Policy.
- Server logs: rotated on a short-term schedule unless needed for security investigation.
When retention ends, we delete or anonymise information where feasible.
8. Security safeguards
We implement administrative, technical, and physical measures appropriate to the sensitivity of information, including access controls, encryption in transit for web forms served over HTTPS, least-privilege accounts for production systems, and staff confidentiality obligations. No method of transmission or storage is completely secure; we encourage you to use business email addresses and avoid sending secrets through unsecured channels.
9. Your rights under PIPEDA
Subject to legal exceptions, you have the right to:
- Access personal information we hold about you and receive an account of its use and disclosure.
- Request correction of inaccurate or incomplete information.
- Withdraw consent where processing is consent-based, understanding that withdrawal may limit our ability to provide services.
- Challenge our compliance with PIPEDA by contacting us first, then the Office of the Privacy Commissioner of Canada if unresolved.
We will respond to verified requests within a reasonable time, generally within thirty days, and may require information to confirm identity. There is no fee for reasonable access requests; we may charge a minimal fee for excessive or repetitive requests as permitted by law.
10. Children's privacy
Our website and services are directed to business professionals. We do not knowingly collect personal information from individuals under sixteen without appropriate authority. If you believe a minor submitted data, contact us for deletion.
11. Automated decision-making and AI
Our public website does not make solely automated decisions with legal or similarly significant effects about visitors. In client projects, models or LLM/RAG systems may support human decision-makers; those deployments are governed by project documentation, not this general policy. We advise clients on transparency and review workflows but do not guarantee model outcomes.
12. Marketing communications
We send commercial electronic messages only with consent or as otherwise permitted under Canada's Anti-Spam Legislation (CASL). You may unsubscribe using the link in any message or by emailing [email protected].
13. Changes to this policy
We may update this Privacy Policy to reflect legal, technical, or business changes. The "Last updated" date at the top will change accordingly. Material changes may be highlighted on our website. Continued use after posting constitutes notice of the updated policy where permitted by law.
14. Contact and complaints
Questions, access requests, or complaints should be sent to:
Data Nexus AI Inc. — Privacy
18 York Street, Suite 1400, Toronto, ON M5J 2T8, Canada
[email protected]
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
15. Related documents
16. Language
This Privacy Policy is written in English. If we provide a French translation for Quebec audiences, the English version governs to the extent permitted when inconsistencies arise, unless provincial law requires otherwise for consumers in that province.