PRIVACY POLICY
Privacy policy
Last updated: 10 July 2026
Legal Hub · Privacy Policy · Cookie Policy · Terms of Use
SmartLearnAI Co Inc. (“SmartLearnAI Co”, “we”, “us”) respects your privacy and is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (PIPA) where applicable, and other Canadian privacy legislation. This Privacy Policy describes how we collect, use, disclose and safeguard information when you visit smartlearnaico.life, participate in lab programmes, collaborate on pilot projects or communicate with our Nanaimo team.
Last updated: 10 July 2026
1. Accountability
Our Privacy Officer oversees compliance with this policy and PIPEDA's ten fair information principles. Contact: [email protected]. SmartLearnAI Co Inc., 3180 Uplands Drive, Suite 205, Nanaimo, BC V9T 5S5, Canada. BN 848529641BC0001.
We maintain internal policies governing employee access, vendor management and incident response. Privacy impact assessments are conducted for pilot projects involving learner data.
2. Identifying purposes
We identify and document purposes before or at the time of collection. Primary purposes include: responding to lab tour and partnership enquiries; administering programme agreements; facilitating partner school trials; maintaining website security; improving lab documentation; complying with legal obligations; and communicating service updates to contracted partners.
3. Information we collect
Contact and identity information: name, email address, phone number, organisation, role title and mailing address when you submit forms or correspond with us.
Programme and pilot data: scoping notes, facilitator observations, prototype usage logs and feedback surveys under written agreements with educational organisations.
Learner data: collected only when schools or districts engage us as a service provider. Learner records remain under institutional authority; SmartLearnAI Co processes data on documented instructions with data minimisation.
Technical data: IP address, browser type, device identifiers, referral URLs, session timestamps and cookie identifiers as described in our Cookie Policy.
Communications: email threads, meeting notes and support tickets related to lab services.
4. Consent
We obtain meaningful consent before collecting personal information except where permitted by law. Website contact forms require explicit PIPEDA consent via checkbox. Programme contracts and pilot agreements include additional consent frameworks appropriate to learner involvement. You may withdraw consent subject to legal and contractual limitations; withdrawal may limit our ability to deliver services.
5. Limiting collection
We collect only information reasonably necessary for identified purposes. Pilot prototypes are designed with data minimisation: synthetic environments avoid collecting extraneous behavioural profiles unless partners explicitly scope such collection with appropriate safeguards.
6. Limiting use, disclosure and retention
We do not sell personal information. We do not use student data for unrelated advertising or marketing profiling. Disclosure is limited to: cloud infrastructure providers; analytics vendors under contract; professional advisors bound by confidentiality; educational partners under pilot agreements; and authorities when required by law.
Contact form submissions are retained twenty-four months unless a business relationship continues. Programme records follow contract schedules. Aggregated analytics logs are retained up to eighteen months in de-identified form where feasible.
7. Accuracy
We take reasonable steps to keep personal information accurate and complete. Partners should notify us promptly of corrections needed for programme administration or billing records.
8. Safeguards
We employ encryption in transit, role-based access controls, multi-factor authentication for administrative systems, vulnerability monitoring and employee privacy training. Incident response procedures include assessment, containment, notification to affected partners and reporting to the Office of the Privacy Commissioner of Canada when required.
9. Openness
This policy is publicly available at smartlearnaico.life/privacy.php. We describe our practices in plain language and welcome questions from educators, privacy officers and researchers.
10. Individual access
You may request access to personal information we hold about you, subject to legal exceptions. We respond within thirty days unless an extension is permitted. Correction requests are processed promptly. Students and families should contact their educational institution as primary data controller for learner records.
11. Challenging compliance
Privacy concerns may be directed to our Privacy Officer. If unresolved, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia, as applicable.
12. Children's privacy
Our marketing website is not directed at children under thirteen. Pilot features involving minors are deployed only through schools and districts with appropriate consent frameworks. We do not knowingly collect personal information directly from children through marketing forms.
13. Cross-border transfers
Where data may be processed outside Canada, we implement contractual protections, conduct transfer impact assessments and notify institutional partners. Canadian hosting options are available for enterprise pilot agreements upon request.
14. Automated decision-making
Lab prototypes may include automated suggestions or simulations. We document when automated outputs influence learning pathways. Educator override remains a design requirement for classroom-facing tools. We do not make solely automated decisions producing legal or similarly significant effects about individuals without human review in pilot contexts.
15. Third-party links
Our website may link to partner institutions, open documentation repositories or research publications. Third-party sites have independent privacy practices; review their policies before submitting information.
16. Marketing and communications
We send service-related communications to partners with existing relationships. Marketing emails require consent and include unsubscribe mechanisms. We do not purchase contact lists or use learner data for unrelated promotional profiling.
17. Data breach notification
In the event of a breach posing real risk of significant harm, we notify affected individuals and regulators as required by PIPEDA. Partner institutions receive incident reports with recommended remediation steps and timelines for coordinated disclosure to families when applicable.
18. Vendor and subprocessor management
We maintain a register of subprocessors providing hosting, email delivery, analytics and security services. Vendors undergo privacy and security review before engagement. Contractual clauses require PIPEDA-aligned safeguards, breach notification obligations and deletion of data upon contract termination unless retention is legally required.
19. Employee and contractor access
Personnel access to personal information is limited by role and logged where systems support auditing. Employees and contractors receive privacy training at onboarding and annually thereafter. Confidentiality agreements apply to all staff with access to partner or learner data.
20. Retention schedules by data type
Contact enquiries: twenty-four months. Programme contracts: seven years from completion unless longer retention required by law. Security logs: twelve months. De-identified analytics: eighteen months. Learner data in pilots: per institutional agreement and provincial education record requirements.
21. Changes to this policy
We may update this policy when practices, vendors or legislation change. Material updates will be reflected in the Last updated date. Continued use after changes constitutes acceptance for website visitors; contracted partners receive direct notice when required.
22. Research and aggregated analytics
We may analyse de-identified programme feedback and prototype usage patterns to improve lab methodologies. Aggregated research outputs do not identify individual learners without separate ethics approval and partner consent. Published research notes follow institutional review expectations even when conducted outside formal academic settings.
23. Complaints and regulatory contact
If you believe we have handled your personal information contrary to PIPEDA, contact our Privacy Officer first. You may also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or the Office of the Information and Privacy Commissioner for British Columbia at oipc.bc.ca when provincial law applies. We cooperate with regulatory investigations and respond to information requests within statutory timelines.
24. Language
This policy is published in English for smartlearnaico.life. If translated versions are provided for partner convenience, the English version prevails in case of inconsistency unless otherwise required by law. French-language summaries may be provided to Quebec partners upon request.
25. Contact
Privacy Officer: [email protected]
SmartLearnAI Co Inc., 3180 Uplands Drive, Suite 205, Nanaimo, BC V9T 5S5, Canada
+1 (778) 555-6249
Business hours: Mon–Fri 09:00–17:00 Pacific Time. We respond to privacy requests within thirty days.