Legal

Privacy Policy

Draft — pending legal review

This is a starting-point draft, not legal advice and not a final policy. Bracketed […] values are placeholders to be completed, and the whole document is pending sign-off by counsel familiar with Québec Law 25 and our US-client obligations before launch.

Effective date: [date]
Entity: Resoluble is a service operated by [Elevatek's full legal entity name] ("we," "us," "Resoluble"), located at [Elevatek registered address], Québec, Canada. Business / registration number: [NEQ / business number].

1. Scope

This policy explains how we collect, use, disclose, and protect personal information when you visit our website or engage our services. It is intended to comply with Québec's Act respecting the protection of personal information in the private sector (as amended by Law 25) and applicable Canadian and US privacy requirements.

2. Our Privacy Officer (required under Law 25)

[Name / title] is responsible for the protection of personal information at [Elevatek entity]. Contact: [privacy@ or designated email], [phone if applicable]. Law 25 requires a designated person accountable for privacy — name a real one.

3. What we collect

  • From website visitors: contact details you submit (name, email, company), and standard analytics / technical data (IP address, browser, pages viewed) when analytics are enabled with your consent — see section 10.
  • From clients during an engagement: access to your Salesforce org on a read-only basis for assessments; for cleanup or migration engagements, access as scoped in the engagement contract. This may incidentally include personal information contained in your Salesforce data (your customers' names, emails, and so on). We process this strictly to deliver the contracted service and do not use it for any other purpose.

4. How we use it

To respond to inquiries, schedule and deliver assessments and services, produce reports, process payments, and meet legal and accounting obligations. We do not sell personal information.

5. Disclosure & third parties

We share information with service providers strictly as needed to operate the site and deliver our services. Current providers include Calendly (call scheduling), Formspree (quote-form submissions), Stripe (payment processing), Google Analytics (website analytics, consent-gated — see section 10), Google Fonts (web fonts), and Netlify (website hosting). [Confirm the full processor list and any data-processing agreements with counsel.] Where personal information is transferred or stored outside Québec, we disclose that and apply appropriate safeguards. Law 25 has specific cross-border transfer obligations — counsel should confirm the wording.

6. Client Salesforce data — special handling

  • Assessments are read-only; we do not modify your data.
  • We access only what is necessary to perform the contracted work.
  • We retain client data only as long as needed to deliver and document the engagement, then delete or return it per the engagement contract.
  • Specific data-handling, confidentiality, and security obligations are governed by the engagement contract / terms of service. This is the high-risk area — counsel should align it with the terms and any liability caps.

7. Security

We apply reasonable technical and organizational safeguards (access controls, encryption in transit, and backups taken before any cleanup work). No system is perfectly secure; we describe our measures honestly rather than guaranteeing absolute security.

8. Your rights

Under Law 25 (and applicable law), you may request access to, correction of, or deletion of your personal information, and you may withdraw consent. To exercise these, contact our Privacy Officer (section 2). [US clients: note any applicable state-law rights once counsel advises.]

9. Breach notification

In the event of a confidentiality incident presenting a risk of serious injury, we will notify affected individuals and the Commission d'accès à l'information as required by Law 25. Counsel should confirm the trigger and process.

10. Cookies & analytics

We use a small number of cookies and similar technologies:

  • Analytics (Google Analytics 4). With your consent, we use Google Analytics 4 (GA4), a service provided by Google, to understand how visitors use the site — for example, which pages are viewed and general usage patterns. GA4 collects usage data and information derived from your IP address, and sets cookies in your browser.
  • Off by default (consent-gated). Analytics are off until you accept. We use Google Consent Mode, which defaults analytics consent to "denied," so GA4 does not run and sets no analytics cookies until you click Accept on our cookie banner. If you decline, GA4 does not track you.
  • Withdrawing consent / opting out. You can decline at the banner, or withdraw a previous acceptance by clearing this site's cookies and site data in your browser (which resets the banner so you can choose again). You can also install Google's official opt-out browser add-on, or use your browser's cookie controls. For how Google processes data, see Google's privacy policy.
  • No advertising cookies. We do not use advertising or cross-site tracking cookies. [Confirm the full cookie list with counsel before launch.]

11. Changes

We may update this policy; the effective date reflects the latest version.

12. Contact

Questions: [privacy@resoluble.com or designated]. Privacy Officer: [name], [contact].

Drafted as a starting point only. Bring to counsel familiar with Law 25 and your US-client obligations before publishing.