Privacy Policy

1. Introduction

iTmethods Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website and use our services. This policy applies to visitors and users in the United States, Canada, the European Union, the United Kingdom, and other jurisdictions where we operate.

2. Information We Collect

We collect the following categories of personal information:

• Contact Information: Name, work email address, phone number, and company name when you submit an inquiry or request a briefing.
• Professional Information: Job title, organization, and professional background relevant to our AI governance, managed runtime, and life sciences AI services (the Fortress Family — Reign, Forge, BioCompute).
• Technical Data: IP address, browser type, device information, and usage data collected automatically through cookies and similar technologies.
• Communications: Records of your correspondence with us, including inquiry submissions, chat conversations, and support requests.

3. How We Use Your Information

We use your personal information for the following purposes:

• To respond to your inquiries and communicate with you about our services
• To process and evaluate partnership and briefing requests
• To facilitate partnership discussions and business development activities
• To improve our website, services, and user experience
• To comply with legal obligations and protect our rights
• To send you relevant updates about our platform (with your consent, in accordance with CAN-SPAM, CASL, and GDPR consent rules)

4. Legal Basis for Processing (GDPR / UK GDPR)

For individuals in the European Economic Area (EEA) and the United Kingdom, we process your data based on:

• Consent: When you voluntarily submit your information through our forms or accept marketing cookies via our cookie banner
• Legitimate Interests: For business development, platform improvement, and fraud prevention
• Legal Obligation: When required to comply with applicable laws
• Contract Performance: To fulfill our agreements with you or your organization

5. Information Sharing and Sub-Processors

We do not sell your personal information to third parties.

We share information with the following categories of recipients:

Sub-Processors

We rely on the following sub-processors to deliver our website and services:

A current list of sub-processors is maintained on this page. Material changes to sub-processors will be reflected here.

Other Recipients

• Professional Advisors: Legal, accounting, and business consultants as needed
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with mergers, acquisitions, or asset sales

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. For inquiry and application data, we typically retain information for three (3) years from the date of submission unless a longer period is required by law or for an ongoing business relationship.

7. Your Privacy Rights

United States (California — CCPA / CPRA)

California residents have the right to:

• Know what personal information is collected about you
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information
• Limit the use of sensitive personal information
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information

We honor Global Privacy Control (GPC) signals as a valid opt-out of sale and sharing where applicable.

European Union and United Kingdom (GDPR / UK GDPR)

EU/EEA and UK residents have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority (in the EU) or the UK Information Commissioner's Office (ICO)

Canada (PIPEDA and Quebec Law 25)

Canadian residents have the right to:

• Access your personal information held by us
• Challenge the accuracy and completeness of your information
• Withdraw consent (subject to legal restrictions)
• Receive a portable copy of your personal information (Quebec Law 25)
• Be informed of automated decision-making affecting you (Quebec Law 25)
• File a complaint with the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information (CAI)

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Union. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) for transfers from the EEA and UK International Data Transfer Agreements (IDTAs) for transfers from the UK, as required by applicable law.

9. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS) and at rest, access controls, security headers (HSTS, X-Frame-Options, CSP-Report-Only), and secure data storage practices consistent with industry standards for enterprise technology companies.

10. Cookies and Tracking Technologies

Site analytics are cookieless. We use Plausible Analytics (EU-hosted, no cookies, no personal data, no cross-site tracking — see plausible.io/data-policy) and Vercel Analytics and Vercel Speed Insights (also cookieless) to understand aggregate site usage and performance.

We use HubSpot for marketing automation, live chat, and form submissions. HubSpot may set the following cookies when you interact with those features:

You can opt out of HubSpot cookies at any time via our cookie banner or through your browser settings. Essential cookies required for website functionality cannot be disabled.

11. Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, as contemplated by Article 22 of the GDPR.

12. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

13. Data Protection Officer and EU Representative

Data Protection Officer. iTmethods has not designated a Data Protection Officer because our processing activities do not meet the thresholds in Article 37 of the GDPR. Privacy inquiries are handled by our Privacy team at the contact details below.

EU Representative. iTmethods does not maintain an establishment in the European Union. We rely on the exemption in Article 27(2) of the GDPR because our processing of EU residents' data is occasional, does not include large-scale processing of special categories of data, and is unlikely to result in a risk to the rights and freedoms of natural persons. EU residents may contact us directly at the address below to exercise their rights.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date. Your continued use of our website after such changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us at:

Technology Hubs: Toronto, ON, Canada · Austin, TX, USA

We will respond to your request within 30 days, or sooner as required by applicable law.