PRIVACY
Privacy Policy
Last updated: 10 July 2026. This policy describes how SecureWith Inc. collects, uses, discloses and protects personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
1. Introduction and accountability
SecureWith Inc. ("SecureWith," "we," "us" or "our") is a cybersecurity advisory practice headquartered at 116 Albert Street, Suite 200, Ottawa, ON K1P 5G3, Canada. We are accountable for personal information under our control and have designated privacy-related enquiries to be directed to [email protected].
This Privacy Policy applies to personal information collected through the website securewithai.life (the "Website"), through email and telephone communications with us, and in the course of providing professional cybersecurity advisory services to clients. It does not apply to third-party websites linked from our Website, which maintain their own privacy practices.
We are committed to the ten fair information principles set out in Schedule 1 of PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access and challenging compliance.
2. Personal information we collect
2.1 Website contact enquiries
When you submit our contact form, we collect the information you provide: your name, email address, selected subject category, message content and confirmation of consent to processing under PIPEDA. We also collect a timestamp of submission through our server-side processing. We use a hidden honeypot field ("website") for spam prevention; legitimate users should leave this field empty.
2.2 General communications
If you email us at [email protected], call us at +1 (613) 236-8471 or correspond by mail, we collect the personal information contained in those communications — typically your name, contact details, organization and the substance of your message.
2.3 Client engagements
When you engage SecureWith for professional advisory services, we may collect additional personal information necessary to perform the engagement: authorized signatory names, billing contacts, technical points of contact, credentials for authorized system access (handled under strict security protocols), and configuration or log data that may incidentally contain personal information about your employees or customers. The scope of such collection is defined in each client's services agreement and confidentiality provisions.
2.4 Website technical data
Our web server may automatically log technical information such as IP address, browser type, referring URL, pages visited and timestamps. If you consent to analytics cookies, additional usage data may be collected as described in our Cookie Policy. Strictly necessary cookies operate regardless of analytics consent to maintain basic site functionality and record your cookie preference.
2.5 Information we do not collect
We do not knowingly collect personal information from children under 13. Our services are directed at business professionals and organizations. We do not purchase personal information lists for marketing purposes. We do not collect payment card data through the Website contact form.
3. Purposes of collection and use
We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Primary purposes include:
- Responding to enquiries submitted through the Website or other channels;
- Assessing whether SecureWith's advisory services may fit a prospective client's needs;
- Performing contracted cybersecurity advisory services, including perimeter assessments, identity programmes, cloud hardening, policy development and retainer support;
- Invoicing, payment processing and account management;
- Complying with legal obligations, including responding to lawful requests from authorities;
- Improving our Website through aggregated, de-identified analytics (with consent where required);
- Protecting the security and integrity of our systems and the Website.
We will identify purposes at or before the time of collection. If we need to use your personal information for a new purpose not contemplated in this policy, we will obtain your consent unless permitted or required by law.
4. Consent
Consent is required for the collection, use and disclosure of personal information, subject to legal exceptions. For Website contact form submissions, we require you to actively confirm consent via the consent_pipeda checkbox before submission. This checkbox is not pre-checked.
For client engagements, consent for processing personal information within client systems and data is obtained through executed services agreements. Clients represent that they have authority to grant SecureWith access to systems and data described in the scope document.
You may withdraw consent for non-essential processing by contacting [email protected]. Withdrawal may limit our ability to provide services or respond to enquiries. We will inform you of the consequences of withdrawal where applicable.
5. Limiting collection, use, disclosure and retention
5.1 Collection limits
We collect only personal information that is necessary for the identified purposes. We do not collect extraneous data through the contact form beyond the fields displayed.
5.2 Use and disclosure limits
We do not sell, rent or trade your personal information to third parties for their marketing purposes. We may disclose personal information to:
- Service providers who assist with hosting, email delivery or analytics, bound by confidentiality and data protection obligations;
- Professional advisors (legal, accounting) where necessary;
- Law enforcement or regulatory bodies when required by law or to protect rights and safety;
- Successors in the event of a merger, acquisition or asset sale, subject to equivalent privacy protections.
Client engagement data is disclosed only as authorized in the applicable contract or as required by law. We do not disclose client assessment findings or internal security posture information to unauthorized third parties.
5.3 Retention
Contact form submissions are retained for up to twenty-four months unless a business relationship develops, in which case records are retained according to the client file retention schedule. Client engagement records, including reports and correspondence, are typically retained for seven years after engagement end for legal, accounting and professional liability purposes, unless a shorter period is agreed in writing or longer retention is required by law.
Cookie consent preferences are stored for six months, after which the cookie banner will reappear. Server logs are retained on a rolling basis, typically no longer than ninety days unless required for security investigation.
6. Accuracy
We rely on you to provide accurate and current personal information. You may request correction of inaccurate information by contacting [email protected]. We will amend records where appropriate and notify third parties who received incorrect data if doing so is reasonable and authorized.
7. Safeguards
As a cybersecurity advisory practice, we apply administrative, technical and physical safeguards appropriate to the sensitivity of the information we hold. Measures include access controls limited to personnel with a need to know, encryption in transit for web communications (HTTPS), secure handling of client credentials, and confidentiality obligations for all staff and contractors.
No method of transmission or storage is completely secure. While we work to protect personal information, we cannot guarantee absolute security. In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA breach notification provisions.
8. Cross-border processing
Our Website is hosted in Canada. Some service providers may process data in other jurisdictions. Where personal information is transferred outside Canada, we assess the recipient's privacy practices and use contractual protections to require comparable safeguards. Details of sub-processors relevant to your engagement are available upon request.
9. Individual access and rights
Upon written request to [email protected], you may request access to personal information we hold about you, subject to limited exceptions permitted by law (for example, where disclosure would reveal confidential commercial information or affect another individual's privacy). We will respond within thirty days or inform you if an extension is required.
You may also request information about our privacy practices, challenge our compliance and lodge a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
Toll-free: 1-800-282-1376
www.priv.gc.ca
10. Client data and assessment materials
During cybersecurity advisory engagements, SecureWith advisors may access configuration exports, identity directories, log samples and related materials that could contain personal information (for example, employee usernames, IP addresses or email metadata). Such access occurs only under written authorization with defined scope. We process this data solely to deliver contracted services — assessments, hardening guidance, policy development, awareness programmes — and not for unrelated purposes.
AI-assisted tools may analyse patterns within client data to accelerate review. AI outputs are reviewed by human advisors before conclusions are communicated to clients. We do not use client data to train public machine-learning models unless explicitly agreed in writing.
11. Marketing communications
We do not send unsolicited marketing email to individuals who have not opted in. Enquiry follow-ups related to your specific request are not considered marketing. If we ever introduce optional newsletters, we will provide a clear unsubscribe mechanism and obtain appropriate consent.
12. Provincial privacy laws
While PIPEDA applies to our interprovincial and commercial activities, organizations in Alberta, British Columbia and Quebec may also be subject to provincial private-sector privacy legislation. We align our practices with PIPEDA fair information principles and, where applicable, consider provincial requirements when serving clients in those jurisdictions. Clients with specific provincial obligations should discuss them during engagement scoping.
13. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top will be revised accordingly. Material changes will be posted on this page. We encourage you to review this policy periodically.
14. Contact
For privacy questions, access requests or complaints:
Privacy contact: [email protected]
Mail: SecureWith Inc., 116 Albert Street, Suite 200, Ottawa, ON K1P 5G3, Canada
Telephone: +1 (613) 236-8471
Related documents: Cookie Policy · Terms of Service · Legal Information