Privacy Policy
Effective date: October 28, 2025
Quick summary: We collect limited personal information to run our website(s), respond to enquiries, improve our services, and (if you opt in) send updates. For client projects (e.g., analytics/insights platforms, marketing sites, and property-management apps), Rigoris typically acts as a service provider/processor under a separate Data Processing Addendum (DPA) and processes data only on the client’s instructions.
1) Who we are
Rigoris Digital Inc. (“Rigoris”, “we”, “us”, “our”)
Website: https://rigoris.io
Contact: privacy@rigoris.io
Data Protection Contact / DPO (if appointed): We have not appointed a Data Protection Officer, but you can reach our privacy contact at privacy@rigoris.io.
This Policy explains how we collect, use, disclose, and protect personal information when you visit our websites (including any page that links to this Policy), contact us, apply for a job, or otherwise interact with us directly. It also explains our role when we provide services to clients (e.g., analytics and insight products like ClearLake Insights, agency projects like CTC Agency, and property-management solutions like Unity PM).
2) Scope & Roles
Controller (our websites & direct relationships): For personal information we collect on our own websites and in our direct dealings with you (sales, support, recruiting, billing), Rigoris is the controller (Canada/EU/UK) or business (US state laws).
Processor/Service Provider (client projects): For client platforms we build/host or operate, Rigoris usually acts as a processor/service provider, handling data only on the client’s documented instructions under a DPA (see Section 12).
This Policy does not replace or override a client’s own privacy policy for their products.
3) What we collect
The personal information we collect depends on how you interact with us. We may collect:
a) You provide it:
Contact & identifiers (name, email, phone, company, role)
Account & support info (messages you send us; tickets)
Recruiting info (CV/resume, portfolio links, cover letters)
Billing info (business address, tax details; we use third-party processors for payments)
b) Collected automatically:
Usage data & device info (IP address, approximate location, device/browser type, pages viewed, timestamps, referrer/UTM)
Cookies & similar (see Section 10)
c) From third parties (where permitted):
Lead enrichment/CRM tools, analytics partners, public/professional profiles, and our clients (when we provide services to them)
We do not seek to collect sensitive personal information (e.g., government IDs, SIN numbers, precise geolocation, health data) on our marketing websites. If a client platform requires such data, we process it only under the client’s instructions and DPA (see Section 12).
Children’s data: Our websites and services are not intended for children under 13 (or the age defined by local law, e.g., 16 in parts of the EU/UK). We don’t knowingly collect data from children.
4) How we use personal information
Provide and operate websites and respond to enquiries
Communicate with you about features, updates, opportunities, and events (with consent where required; you can opt out anytime)
Improve our websites, content, and user experience
Marketing & advertising (on our own sites and, where allowed, via third-party platforms; see Section 10)
Recruiting (evaluate candidates and manage applications)
Security & fraud prevention (detect, investigate, and prevent abusive or illegal activity)
Legal & compliance (fulfil contracts, meet legal obligations, enforce terms)
Legal bases (EU/UK/EEA, where applicable): consent, contract necessity, legitimate interests (e.g., site security, UX measurement, B2B marketing), and legal obligations.
5) How we share information
We may share personal information with:
Service providers / processors (e.g., hosting, analytics, email delivery, CRM, payment processors, security tools). They must use it only to provide services to us.
Clients (when we deliver services to them) as per contract and DPA.
Affiliates and professional advisors (accounting, legal, compliance) under confidentiality.
Business transfers (merger, financing, acquisition, or dissolution) where data may be transferred as an asset.
Legal & safety (to comply with law or protect rights, safety, and property).
We do not sell personal information. Where relevant US state laws apply, we also share limited data (such as cookies or pixel IDs) with advertising partners like Meta and LinkedIn for cross-context behavioral advertising, and provide opt-out mechanisms as required by law.
6) International transfers
We may process data globally, including in Canada, the United States, the EU/UK, and other countries. Where required, we rely on recognized transfer mechanisms (e.g., Standard Contractual Clauses, UK IDTA/appendix) and implement appropriate safeguards.
7) Retention
We keep personal information only as long as necessary for the purposes described above (or as required by law). Criteria include: the nature of the data, the purpose for collection, security needs, and legal/contractual requirements. Typical examples (subject to change):
Marketing enquiries & newsletter subscriptions: up to 24 months after last interaction
Support communications: up to 24 months after resolution
Recruiting records: up to 24 months after a decision unless you consent to longer retention
Contract/financial records: as required by tax and corporate laws
8) Security
We employ technical and organizational measures designed to protect personal information (e.g., encryption in transit, access controls, logging/monitoring, least-privilege). No method of transmission or storage is 100% secure.
9) Your privacy rights
Depending on your location, you may have rights to:
Access personal information we hold about you
Correct inaccurate information
Delete/erase your information (subject to legal exceptions)
Object or restrict certain processing (e.g., direct marketing)
Portability (receive a copy in a usable format)
Withdraw consent where processing is based on consent
How to exercise these rights: Email privacy@rigoris.io with “Privacy Request” in the subject. We may need to verify your identity and, for certain requests, confirm your relationship to us. You won’t be discriminated against for exercising your rights.
Canada (PIPEDA): You have rights of access and correction and can lodge complaints with the Office of the Privacy Commissioner of Canada (OPC).
EU/UK: You may lodge complaints with your local supervisory authority.
US states (e.g., CA/CO/CT/VA): Depending on your state, you may have additional rights (know, correct, delete, opt-out of sale/sharing/targeted ads). We honor these rights where the law applies to us.
10) Cookies, analytics & advertising
We and our partners use cookies, SDKs, and similar technologies to:
Remember your preferences and improve site performance
Measure site traffic and usage (analytics)
Promote our services on our sites and third-party platforms
We use analytics and advertising tools including Google Analytics, PostHog, and Meta / LinkedIn pixels to understand how visitors use our websites and to measure campaign performance. These partners may use cookies or similar technologies in accordance with their own privacy policies.
Your choices:
Use your browser settings to block/clear cookies
Use site-level cookie consent tools (if displayed)
Use platform-specific ad settings (Google, Meta, LinkedIn, etc.)
We honor Do Not Track/Global Privacy Control signals where legally required and technically feasible.
11) Third-party links
Our websites may link to third-party sites or services. Their privacy practices are governed by their own policies. Please review those policies before providing personal information.
12) When we act as a processor/service provider (client projects)
For analytics/insight platforms (e.g., ClearLake Insights), agency websites/marketing stacks (e.g., CTC Agency), property-management platforms (e.g., Unity PM), and similar client projects, Rigoris generally acts as a processor/service provider. We process personal information only on the client’s instructions, under a contract/DPA that covers confidentiality, security, sub-processing, international transfers, and deletion/return at end of engagement. The client’s privacy policy governs their platform’s data practices and end-user rights.
If you engage with one of our clients’ products, please refer to the client’s privacy policy and direct any data-subject requests to them. We will support our clients in fulfilling such requests as required by law and contract.
13) Job applicants
If you apply for a role at Rigoris, we process the information you provide (e.g., CV/resume, contact details, work history) to evaluate your application, communicate with you, and comply with legal obligations. We may retain applications for a reasonable period to consider you for future roles, unless you request deletion where applicable.
14) Changes to this Policy
We may update this Policy from time to time. The “Effective date” at the top reflects the latest version. Material changes will be highlighted on this page and/or communicated where appropriate.
15) Contact us
If you have questions or concerns, or wish to exercise your rights:
Email: privacy@rigoris.io
Mail: Rigoris Digital Inc.
16) CA “Notice at Collection” (summary for California residents)
Categories collected: identifiers (e.g., email, IP), commercial information (interactions with our site/services), internet/network activity, professional information, inferences; we do not seek to collect sensitive personal information on our websites.
Sources: you; your devices (cookies/SDKs); service providers; public/professional sources.
Purposes: provide/improve websites; communications; security; analytics; marketing (with required notices/opt-outs).
Disclosure: to service providers/processors, affiliates, professional advisors, legal authorities (as required), and in business transfers.
Sale/Sharing: we share limited data (such as cookies or pixel IDs) with advertising partners like Meta and LinkedIn for cross-context behavioral advertising, and provide opt-out mechanisms as required by law.
Retention: see Section 7.
Your rights: see Section 9.
17) Region-specific information (high-level)
Canada (PIPEDA & provincial laws including Québec Law 25): We manage personal information with appropriate governance, safeguards, and breach-notification practices. Where required, we maintain a privacy program and record of processing activities, perform DPIAs, and manage vendor/sub-processor risk.
EU/UK GDPR: Where applicable, we rely on lawful bases, conduct transfer risk assessments and use SCCs/IDTA for international transfers, and honor data-subject rights. If required, we will appoint an EU/UK representative and DPO.
US State Laws (e.g., CA/CO/CT/VA, etc.): We provide the necessary disclosures and mechanisms (e.g., opt-out links, GPC support) where those laws apply.
Last updated: October 28, 2025