Privacy Policy

We're not in the business of hoarding data. Here's what we typically gather:

Contact & Identity Stuff

• Your name, email, phone number (the basics for getting in touch)
• Business name and position if you're reaching out on behalf of a company
• Mailing address when we need to send physical documents

Legal Matter Details

• Information about your legal inquiry or case specifics
• Documents you share with us for review or drafting
• Communication history (emails, notes from calls, that sort of thing)

Technical Data

• IP addresses and browser info when you visit our site
• Cookies for keeping the site functional (more on that below)
• Usage data to help us understand what pages people actually look at

Payment Information

• Billing details for invoicing (though we don't store full credit card numbers ourselves)
• Transaction records as required by our professional obligations

We're not doing anything sneaky with your info. Here's the real deal on how we use what we collect:

We might also use aggregated, anonymized data (where you can't be identified) to improve our services or write blog posts about tech law trends. But that's stripped of anything that could identify you personally.

Alright, this is where our cybersecurity expertise actually shows up. We don't mess around with security:

Where Your Data Lives

Your information is stored on Canadian servers with enterprise-grade security. We use encrypted cloud storage services that meet SOC 2 Type II compliance standards. Physical files (when we absolutely need them) are kept in locked cabinets in our secured office.

How We Protect It

• Encryption: Data in transit uses TLS 1.3, data at rest is encrypted using AES-256
• Access Controls: Multi-factor authentication, role-based permissions, the works
• Regular Audits: We conduct security assessments and penetration testing annually
• Staff Training: Our team gets regular training on data protection best practices
• Incident Response: We've got a documented breach response plan (hope we never need it)

How Long We Keep Stuff

We're required by Law Society rules to keep client files for at least 10 years after a matter closes. After that retention period, we securely destroy records unless there's a good reason to keep them longer (like ongoing litigation).

Marketing info and website analytics? We typically purge that after 3 years unless you're an active client.

Under PIPEDA and other privacy laws, you've got real rights when it comes to your personal info. Here's what you can do:

How to Exercise These Rights

Just shoot us an email at counsel@ciphernovae.info with the subject line "Privacy Rights Request" and tell us what you're looking for. We'll respond within 30 days (usually faster).

We might need to verify your identity before processing certain requests - nothing personal, just making sure we don't accidentally hand someone's data to the wrong person.

Not happy with our response? You can file a complaint with the Office of the Privacy Commissioner of Canada. We'd prefer to work it out directly, but that's your right.

Yeah, we use cookies. Not the chocolate chip kind (though there's usually some of those in our office kitchen).

What We Use

Managing Cookies

Most browsers let you refuse cookies or delete them. Just know that blocking essential ones might break some site functionality. Your browser's help section will show you how to manage cookie settings.

We don't use advertising cookies or sell your browsing data to third parties. That's not our business model.

Do Not Track Signals

We respect DNT browser settings where technically feasible. Though honestly, the DNT standard is kind of a mess industry-wide.

We're picky about who we work with, but yeah, some info gets shared with trusted third parties. Here's the honest rundown:

Service Providers We Use

• Cloud Storage: Canadian-hosted encrypted storage for documents
• Email Services: Secure email platform with end-to-end encryption options
• Payment Processing: Stripe/other PCI-compliant processors for billing
• Practice Management Software: Law firm-specific tools that meet Canadian privacy standards
• Website Hosting: Canadian data centers for this website

All these providers are bound by contracts that require them to protect your data and only use it for the specific services they provide to us.

When We're Required to Share

Sometimes the law makes us share info:

• Court orders or subpoenas (we'll fight these if they're overbroad, but we can't ignore valid ones)
• Law society audits or investigations
• Tax authorities for financial records
• Law enforcement in specific circumstances required by law

When We Need Your Permission

For anything else - like sharing case details with opposing counsel, bringing in expert witnesses, or sending documents to other professionals involved in your matter - we'll get your explicit consent first.

This deserves its own section because it's kinda the cornerstone of what we do.

When you're our client, solicitor-client privilege protects our communications. This is a legal principle that's been around for centuries and it's taken seriously by courts. It means:

• What you tell us in confidence stays confidential (with very narrow exceptions)
• We can't be forced to disclose privileged communications without your consent
• This protection survives even after our engagement ends

The (Rare) Exceptions

Privilege isn't absolute. We may be required to disclose if:

• You're planning to commit a crime or fraud (we're your lawyer, not your accomplice)
• You waive privilege yourself
• There's an imminent threat of serious harm to someone
• It's required to defend ourselves against allegations you make about our services

These situations are extremely rare in practice, but we'd be remiss not to mention them.

Privacy law keeps evolving (trust us, we track these changes for our clients), so we might need to update this policy from time to time.

How We'll Handle Updates

• Minor tweaks (like fixing typos or clarifying language): We'll just update the "Last Modified" date at the top
• Material changes (stuff that actually affects your rights): We'll email active clients and post a notice on our homepage for at least 30 days
• Major overhauls: We'll seek your renewed consent if required by law

The current version is always available at this URL, and we keep archived versions available on request if you want to see what changed.

We'd recommend checking back occasionally if you're a regular client, but we promise not to make changes just for the sake of it.

Got questions about this policy or how we handle your data? Don't hesitate to reach out. Seriously - we'd rather answer questions upfront than deal with concerns later.

Privacy Officer

For formal privacy inquiries or complaints, you can contact our designated Privacy Officer at the above address/email with "ATTN: Privacy Officer" in the subject line.