Privacy Policy

Delphia is an ethical user of personal data. The security of your personal data is important to us.

We've tried to make this Privacy Policy as easy to read as possible. If anything below is unclear, please contact us at privacy@delphia.com, and we'll be happy to clear it up.

What this notice covers

As an organization that uses personal data, Delphia is responsible for collecting and using your data in a responsible, safe, and ethical way. That starts with clearly telling you how we collect, use, and protect your personal data.

This Privacy Policy sets out:

• What kind of personal data we may collect from you when you visit our website or use our mobile application (collectively, the “Platform”);
• How and why we collect and use your personal data;
• Why we may share personal data within Delphia and with other organizations; and
• The rights and choices you have when it comes to your personal data.

Delphia is a company which controls the data provided to it by our users and those who otherwise participate in surveys or browse our website ("user").

Personal data we collect

In this section, we explain what personal data we may collect when you visit our website, use our web app, or otherwise use the Platform.

Data that we collect from you

When you visit Delphia's website, we collect:

• Demographic information such as your age, gender, and general economic information;
• Your account login details, which will be your email;
• Device and browser "metadata" (this is basically an audit trail of your device and browser use) including:
• IP address
• The make, model, and operating system of the device you have used
• Browser type
• We track location for the purpose of performance analytics.

Why does Delphia collect your personal data?

We use personal data to:

• Register, authenticate, and administer your account;
• Develop and improve our services;
• Respond to you if you make a user access request;
• Detect and prevent fraudulent activity.
• Execute your payment for Platform services;
• Pay you directly for services provided by you through the Platform

We will never use one of these data categories for another purpose without asking for your consent first.

Our service providers

We work with trusted service providers that carry our certain functions on our behalf so we can provide our services to you.

These organizations process data on our behalf. They only have access to the personal data that they absolutely need to provide a specific service to us, and in all cases we have contractual safeguards in place to ensure that they do not disclose or use it for any other purposes. In some cases, these organizations (for example, our payment processors) may need to process your personal data for their own specific purposes, for example to ensure that they are compliant with regulations or laws governing their own sectors.

When you visit our website(s), we use the following third party services which may either collect personal data or be a vendor that we share data with:

• the Google Cloud Platform
• PostHog
• Google Analytics
• Facebook Pixel
• Twitter Universal Website tag
• Sendgrid
• Sentry

Our service providers fall within the following categories (and process your data in the following locations):

• Data collection technology providers (EEA, USA)
• Cloud data storage (EEA, CAN)
• Data center storage (EEA, CAN)
• Communications platforms and technologies (EEA, USA)

These circumstances are unusual, but we may share personal data with other organizations if:

• We have to share your information to comply with legal or regulatory requirements (or we reasonably believe that we need to disclose your information for such purposes);
• We need to share personal data in order to establish, exercise or defend our legal rights, including with our legal and other professional advisers;
• We restructure our business or if we buy or sell any business or assets we may share your data with the prospective buyer or seller on a strictly confidential basis;
• All or substantially all of our company assets are acquired by another party, your data will be one of the transferred assets.

If you don’t want us to make use of your personal data in any of the ways described above, sharing your data with Delphia and using our services is not for you – you can ask us to remove your data.

Depending on the service(s), if any, you use, we may have to retain some of your personal information for legal or regulatory compliance reasons. Please speak to us directly at privacy@delphia.com for details on our document retention policy.

Legal grounds for processing your personal data

Delphia is committed to the lawful, fair, and transparent use of personal data. For every use of your personal data we have described so far, we process your personal data on the grounds that our processing is necessary for legitimate interests we pursue as a business.

If you have any questions about the grounds under which we process your personal data, or would like to find out more about the approach we take to determine that these grounds apply, please contact privacy@delphia.com.

How we store and protect your personal data

We know how important it is to protect your personal data while we have it. This section describes some of the measures we take to ensure that it is kept secure.

We do everything we can to protect your personal data from loss or misuse, and from unauthorized access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that your personal data is secure:

• We use data centers that have a high level of physical security measures to host and protect your data and our systems.
• We conduct independent penetration tests and are continuously scanning our systems and applications for vulnerabilities. If you ever think that you have found a security issue or vulnerability in one of our systems please let us know at security@delphia.com. If you would like to encrypt your email with GPG, please use this key.
• We use encryption to secure your personal data both in transit on the network and at rest in storage.
• We allow access to attributable data (by which we mean data that directly identifies you) only to those Delphia employees who need it to carry out their job responsibilities. For example, our support team need to access some attributable data so they can respond to you when you contact us.

We make security the responsibility of all our employees and we train our staff to identify security risks and protect your data.

Our website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those websites ought to have their own privacy notices and that we do not accept any responsibility or liability for those websites. Please check those privacy notices before you submit your information to those websites..

How to contact us

If you have questions about this notice, or about how we collect, store and use personal data, you can contact our Data Protection Officer.

Email: privacy@delphia.com Mail: The Data Protection Officer Delphia Technologies Inc., 200 Bay Street, North Tower, Suite 1200, Toronto ON M5J 2J2, Canada.

Updates to this notice

This notice was last updated on the date that appears at the end of the notice. We reserve the right to change this notice at any time.

Effective: July 2023