Privacy Policy

1. Introduction

AdvisorShield Inc. ("AdvisorShield", "we", "our", or "us") provides a secure, subscription-based compliance documentation and workflow platform for Canadian financial professionals.

We are committed to safeguarding personal information in accordance with:

• The Personal Information Protection and Electronic Documents Act (PIPEDA)
• Applicable provincial privacy legislation, including Ontario requirements
• Evolving Canadian cybersecurity, data governance, and digital trust standards

This Privacy Policy explains how information is collected, used, stored, retained, and destroyed when you use the AdvisorShield platform.

By accessing or using AdvisorShield, you acknowledge and consent to the practices described below.

---

2. Scope & Definitions

This Policy applies to:

• Advisors, firms, agencies, and authorized users ("Users")
• Data uploaded, generated, or processed through the AdvisorShield platform
• System metadata, logs, and security records required for audit and compliance

"Personal Information" means information about an identifiable individual as defined under PIPEDA.

---

3. Information We Collect

3.1 Information You Provide Directly

• Account details (name, email address, company, credentials)
• Authentication and identity-verification information
• Compliance documentation, notes, summaries, uploaded files, and metadata
• Communications with AdvisorShield support

3.2 Information Generated by the Platform

• Audit logs, timestamps, workflow events, and activity history
• Document status, versioning, and lifecycle metadata
• Security and access records (IP address, user agent, session data)

3.3 Payment & Subscription Information

• Subscription status, billing cycle, and transaction identifiers
• Payment card data is never stored on AdvisorShield systems and is processed solely by third-party payment processors under PCI-DSS standards

---

4. Purpose of Collection & Use

We collect and process information strictly for the following purposes:

• Providing, maintaining, and securing the AdvisorShield platform
• Generating, organizing, and storing compliance documentation
• Creating verifiable audit trails and evidence of due diligence
• Managing subscriptions, access control, and system entitlements
• Detecting fraud, misuse, or security threats
• Meeting legal, regulatory, and contractual obligations
• Improving platform reliability, performance, and security

We do not use personal information for advertising, resale, or data brokerage.

---

5. Data Residency & Infrastructure

AdvisorShield is architected with Canadian data protection expectations in mind.

• Core application services are hosted on private virtual servers
• Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
• Logical and role-based access controls restrict internal access
• Administrative access is limited to authorized personnel only

While some subprocessors (e.g., AI analysis or email delivery) may operate outside Canada, no permanent client data is transferred without appropriate safeguards.

---

6. Artificial Intelligence & Automated Processing

AdvisorShield may use automated systems, including AI-assisted tools, to:

• Analyze uploaded documents
• Generate compliance-related summaries or drafts
• Assist in document organization and classification

AI systems do not make regulatory decisions, provide legal advice, or replace professional judgment. Users remain fully responsible for review, validation, and final use of all outputs.

No client data is used to train public or third-party AI models.

---

7. Data Retention & Destruction

7.1 Active Subscription

Data is retained for the duration of an active subscription and in accordance with applicable regulatory retention requirements (which may extend beyond subscription status).

7.2 Subscription Cancellation or Expiry

Upon cancellation or expiration:

• Data remains accessible for 90 days to allow retrieval
• Users will receive three (3) reminder notifications sent to:
  • The registered account email address, or
  • The email address used for identity verification

7.3 Permanent Deletion

After the 90-day grace period:

• All user data is permanently deleted
• Deletion is irreversible
• Residual backups are purged in accordance with secure destruction protocols

AdvisorShield assumes no liability for data loss after this period.

---

8. Legal & Regulatory Retention Overrides

Certain data may be retained beyond deletion requests where required by:

• Insurance or securities regulatory obligations
• Anti-money laundering (AML) laws
• Court orders, legal proceedings, or regulator inquiries

Such data is retained only for the minimum period required by law.

---

9. Disclosure of Information

We do not sell, rent, or trade personal information.

Disclosure occurs only:

• With your explicit authorization
• To comply with legal or regulatory obligations
• To vetted service providers operating under confidentiality and security agreements
• To protect AdvisorShield's legal rights, platform integrity, or user safety

---

10. Security Measures

We employ administrative, technical, and physical safeguards including:

• Encrypted storage and secure key management
• Role-based access controls and least-privilege enforcement
• Immutable audit logging
• Continuous monitoring and intrusion detection
• Secure deployment and change-management practices

No system is immune to risk; however, AdvisorShield applies commercially reasonable and industry-appropriate safeguards.

---

11. User Responsibilities

Users are responsible for:

• Maintaining secure credentials
• Controlling access within their organization
• Ensuring lawful collection and use of client information
• Complying with professional and regulatory obligations

AdvisorShield is a compliance support platform, not a guarantor of regulatory outcomes.

---

12. Your Rights Under Canadian Law

Subject to legal limitations, you may:

• Request access to your personal information
• Request correction of inaccurate data
• Withdraw consent where applicable
• File a complaint with the Office of the Privacy Commissioner of Canada

Requests may be limited where compliance or legal retention applies.

---

13. Limitation of Liability

To the maximum extent permitted by law:

• AdvisorShield disclaims liability for indirect, incidental, or consequential damages
• AdvisorShield is not responsible for regulatory penalties arising from user misuse
• Users acknowledge responsibility for final compliance decisions

---

14. Policy Updates

This Policy may be updated periodically to reflect:

• Legal or regulatory changes
• Platform enhancements
• Emerging cybersecurity standards

Updates take effect upon posting. Continued use constitutes acceptance.

---

15. Contact Information

Privacy Officer
AdvisorShield Inc.
Email: privacy@advisorshield.ca
Ontario, Canada