Connexion
Langue
Latest Update: 2025.01.06
This Privacy Policy is intended to provide you with information on how we collect, use, and disclose personal data as part of our commercial services. The Privacy Policy also contains information on your rights regarding your personal data, and how you can exercise them. If you have any questions on this Privacy Policy, or otherwise to exercise your rights, you can reach out to our Privacy Officer at any time at privacy@optionality.ai. You can also send us a letter by mail at:
LA COMPAGNIE OPTIONALITY INC.
230 Hyppolite-Denaut La Prairie (Quebec), J5R6P2, Canada
1. POLICY SCOPE
This policy applies to our digital activities, including digital marketing, and your use of our public website. When we refer to “Public Activities” in this policy, we mean the Site and our other digital activities.
Additionally, this policy covers our commercial services, including our web application at https://app.optionality.ai, our APIs, and related services (collectively, the “Services”). When providing these Services, we process personal data on behalf of our clients, in accordance with their instructions. For further information on how our clients handle personal data, please refer to their respective privacy notices.
By “personal data,” we refer to any information that can directly or indirectly identify an individual, such as a user of the Flare Platform. However, some types of personal data mentioned in this policy may not be legally protected, and you may not have the same rights over such data as outlined in this policy.
2. OUR COLLECTION OF PERSONAL DATA IN OUR PUBLIC ACTIVITIES
When you contact us via email, social media, or other means—such as booking a demo or submitting your resume for a potential job opportunity—we process the personal data you provide for these purposes. Certain job opportunities may require a criminal background check as a condition of employment. If applicable, this requirement will be clearly stated in the job listing.
Our website uses cookies, including targeting cookies. For more information about our use of cookies, please click here. Additionally, we collect technical information about your devices, such as IP addresses, and gather usage data through cookies. This includes logs and details about your operating system. We use this information to enhance our website’s functionality and performance, including optimizing how advertising is displayed to you.
3. OUR COLLECTION OF PERSONAL DATA IN OUR SERVICES
Our services are designed exclusively for financial advisors and are intended for professional use. As part of our operations, our training data may include publicly available business contact information, such as details about directors and officers, to generate profiles for potential investors. Additionally, the personal data we process through our services includes credentials, logs, and user-generated content, such as notes.
We primarily collect this information directly from you when you use our services. In some cases, we may also supplement our databases with business contact information obtained from third-party sources. If we process personal data based on your consent, you always have the right to withdraw that consent at any time.
4. OUR USE OF COOKIES
We use cookies as part of our Public Activities, and as part of our Services. We only use targeting cookies in our Public Activities, such as on our website. We do not use your customer data to perform real-time advertising.
5. MANAGING COOKIE PREFERENCES
You can manage your cookie preferences through your browser, by uninstalling and blocking certain cookies. Click on your browser below to obtain instructions. You can withdraw your consent on the use of cookies at any time by managing your preferences. Certain features may require cookies for security purposes.
● Firefox
● Safari
● Opera
● Brave
6. SHARING PERSONAL DATA WITH THIRD PARTIES
We share your personal data with service providers and third parties. For service providers, we ensure proper safeguards by entering into contracts that restrict the use of your data to the agreed purposes. While we do not share your personal data with third parties as part of our Services, we may engage third parties, such as marketing partners, as part of our Public Activities.
Below is an overview of the categories of service providers we work with:
In certain situations, we may share your personal data with third parties who are not our service providers, such as for Public Activities or at the request of our clients. Below is a summary of the types of third parties we share data with.
There are a few other cases when we can share your personal data, if we reasonably believe we have to, or if we believe it is necessary for security purposes.
As part of a commercial transaction, e.g., to a potential acquirer
Upon request from the authorities, e.g., a court order
To prevent harm to individuals, e.g., to the authorities
We may proactively share personal data with the authorities or law enforcement if we believe that it can help reduce cyber criminality and prevent further harm to individuals.
7. OUR SECURITY MEASURES
At Optionality, safeguarding your data is a top priority. Our services are hosted on a secure, SOC 2 and ISO 27001-certified infrastructure, with encryption in transit and robust access controls. We continuously monitor our systems, apply automated updates, and conduct regular security audits and penetration testing to ensure your data remains protected. While no system is entirely risk-free, our proactive measures are designed to minimize vulnerabilities and maintain the integrity of our platform.
Our services are hosted on Google Cloud Platform (GCP), a SOC 2 and ISO 27001-certified data center. We use encryption to protect data in transit, including communication between the backend and Cloud SQL, external services like Auth0 and Cohere (for language model integration), and internal interactions between in-house components. Network segmentation ensures cloud resources remain isolated from public exposure unless explicitly allowed.
To enhance security, we rely on GCP features like Cloud Run, Cloud SQL, and GKE, which provide automated updates and security patches by default. Managed database services include encrypted storage and secure backups to further protect your data.
For authentication, we use Auth0, a third-party identity provider, to enable secure, token-based authentication, simplified user management, and multi-factor authentication (MFA). Deployments can also leverage GCP IAM (Identity and Access Management) for granular access control to resources like GCP buckets. Additionally, GKE (Google Kubernetes Engine) enforces strict access controls at the container level.
We continuously monitor our systems to identify and address potential vulnerabilities. Regular security audits and penetration testing ensure the ongoing integrity of our infrastructure.
Optionality partners with trusted third-party providers who meet stringent security standards, such as SOC 2 and ISO 27001 certifications, to safeguard your data.
While no system can guarantee absolute security, our proactive measures aim to minimize risks. For any security-related questions or concerns, please reach out to us at security@optionality.ai.
8. OUR CROSS-BORDER DATA TRANSFER
Our Public Activities and Services involve transfers of personal data from the United States to Canada, and vice versa. Many of our service providers are in the United States. Our Services are currently hosted in Canada, by Google Cloud Platform. None of these transfers involve sensitive personal data, and we enter into contracts with all service providers.
We collect training data in all relevant locations, such as the United States, and Canada. We make this information available for our users through our Services. Our main market is in Canada and the United States. If personal data are collected through this process, it involves publicly available business contact information associated with target companies.
9. OUR DATA RETENTION PRACTICES
We retain personal data for as long as necessary to fulfill the purpose for which it was collected and as directed by our clients. In certain cases, we may retain personal data longer if required by applicable laws. If you request the deletion of your account or terminate your agreement with us, we will delete your personal data within 30 days, unless you request a copy beforehand.
Cookies used on our website can be either persistent or session-based. For example, we use persistent advertising cookies, but you have full control over their use. Click here to learn how to manage your cookie preferences.
10. YOUR RIGHTS
Under various privacy laws, you may be granted rights over your personal data. These rights may include withdrawing your consents, requesting a copy of your personal data, or modifying them. Our Privacy Officer is there to help you exercise your rights. You can reach out at privacy@optionality.ai.
If you decide to exercise your rights, we may need to ask for additional personal data about you so that we can identify you prior to responding to your request. If we can’t comply with your request, we will explain why. We’ll try our best to get back to you in 30 days, or we will let you know if we need more time.
Please let us know if you have any concerns or complaints about how we process personal data by reaching out directly with our Privacy Officer. We will handle your complaint seriously and take the required actions.
If you are still not satisfied, you can also contact your local regulator to understand how to make a complaint. If you are in Canada, you can reach out to the Office of the Privacy Commissioner on their website at www.priv.gc.ca.
11. UPDATES & MODIFICATIONS
You can expect that we will update this policy from time to time! We’re building our services, and deploying new functionalities on an ongoing basis. If you are a user of our Services, we’ll provide you an update whenever we change this policy.
