Legal
Privacy Policy
Effective date: 10 July 2026 · Last reviewed: 10 July 2026
1. Who we are and scope
This Privacy Policy describes how EduSpark Inc. ("EduSpark," "we," "us," "our") collects, uses, discloses, retains and protects personal information in connection with edusparkco.pro (the "Site") and our professional learning-design, instructional design, content production, assessment design, teacher enablement and advisory services (collectively, "Services").
EduSpark Inc. is a corporation registered in Ontario, Canada. Our principal place of business is 180 John Street, Suite 200, Toronto, ON M5T 1X5, Canada. Business Number (BN): 517824639 RC0001.
We are accountable for personal information under our control. This policy is designed to meet the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Where we process personal information on behalf of a client under a written services agreement, that agreement may contain additional or superseding data-processing terms; this policy still governs information we collect directly from you through the Site or direct communications.
2. Privacy contact and access requests
Our privacy lead can be reached at [email protected] or by mail at the address above, Attention: Privacy Office. For general enquiries unrelated to privacy rights, use [email protected].
You may request access to personal information we hold about you, ask us to correct inaccuracies, withdraw consent where applicable, or challenge our compliance with PIPEDA. We will respond within a reasonable time and no later than 30 days in most cases, subject to permitted extensions where complexity requires. We may need to verify your identity before releasing information.
3. Categories of personal information we collect
3.1 Information you provide directly
When you use our contact form, email us, call our studio or engage us for Services, we may collect: full name; email address; telephone number; organization name and role; message content and subject selection; PIPEDA consent records; billing and contracting details for clients; and any other information you choose to include in correspondence.
3.2 Project and client-service information
During engagements we may process programme descriptions, curriculum materials, assessment data structures, LMS configuration details, stakeholder names and roles, review comments, meeting notes and governance documentation. Some of this information may identify individuals (for example, named instructors or reviewers). We treat client-provided data according to contractual terms and the purpose of the engagement.
3.3 Information collected automatically on the Site
When you visit edusparkco.pro, our servers and optional analytics tools may collect: IP address; browser type and version; device type; operating system; referring URL; pages viewed and approximate time on page; and cookie identifiers as described in our Cookie Policy. We do not intentionally collect sensitive categories of personal information through the Site without explicit context and consent.
4. Purposes for collection and use
We collect and use personal information only for purposes a reasonable person would consider appropriate. Primary purposes include:
- Responding to enquiries submitted through the Site or email
- Scoping, contracting and delivering learning-design Services
- Managing client relationships, invoicing and accounts receivable
- Communicating about project milestones, review gates and deliverables
- Meeting legal, regulatory and professional obligations
- Improving Site security, performance and content relevance
- Recording cookie consent choices for up to six months
- Protecting against fraud, abuse and automated spam submissions
We do not sell personal information. We do not use contact form data for unrelated marketing without separate consent. We will identify any new purpose before using personal information for that purpose and will obtain consent where PIPEDA requires.
5. Consent
Consent is a cornerstone of our practice. When you submit our contact form, you must actively check a box consenting to our collection and use of your information to respond under PIPEDA. That checkbox is not pre-selected.
For client Services, consent may be obtained through signed agreements, written statements of work or recorded verbal confirmation documented in project files. You may withdraw consent for optional activities (such as analytics cookies or non-essential communications) without affecting strictly necessary processing needed to complete an active contract or respond to a prior enquiry, though withdrawal may limit our ability to provide certain features.
6. Safeguards for minors
EduSpark provides services to educational organizations; some projects involve programmes for learners under 18. We apply heightened care when personal information about minors may be present in client materials or indirectly in project metadata.
Our safeguards include: collecting only information necessary for the stated purpose; restricting internal access on a need-to-know basis; prohibiting use of minors' data for unrelated marketing; requiring client authorization before processing identifiable student information where feasible; documenting retention and deletion schedules in project agreements; and advising clients on privacy-by-design when assessments or LX builds touch student data flows.
The Site contact form is directed at adult representatives of organizations — programme directors, L&D managers, faculty leads and similar roles. We do not knowingly solicit personal information directly from children through the Site. If you believe a minor has submitted personal information to us without appropriate authority, contact [email protected] and we will take appropriate steps to delete or restrict that information.
7. AI tools and personal information
We use AI-assisted tools in our design workflow. Personal information from contact forms is not fed into public AI training pipelines. For client projects, we configure tools to minimize exposure of identifiable data, use enterprise or privacy-respecting configurations where available, and do not train third-party models on client content without explicit written consent.
AI outputs are reviewed by humans before client delivery. When AI tools process text that may contain personal information (for example, anonymized case examples in curriculum drafts), we apply client-approved data-handling rules and redact identifiers where possible.
8. Disclosure to third parties
We may disclose personal information to:
- Service providers who assist with hosting, email delivery, analytics (with consent), accounting and contract management — bound by confidentiality and processing instructions
- Subject-matter experts and contractors engaged for specific projects, under non-disclosure terms
- Professional advisors (legal, accounting) when necessary
- Law enforcement or regulators when required by valid legal process
- Successors in the event of a merger or asset sale, with continued protection commitments
Our Site is hosted in Canada. Where a service provider processes data outside Canada, we assess risks and apply contractual protections consistent with PIPEDA's cross-border accountability requirements. Details of key providers appear in our Cookie Policy and Legal Notice.
9. Retention
We retain personal information only as long as necessary to fulfil the purposes described or as required by law. Indicative retention periods:
- Contact form submissions: up to 24 months after last meaningful correspondence, unless a client relationship continues
- Client project files: duration of contract plus up to seven years for business records, unless a shorter period is agreed
- Cookie consent records: six months, then refreshed or deleted per your choice
- Server logs: up to 90 days for security monitoring
When retention ends, we delete or anonymize information using commercially reasonable methods.
10. Security measures
We implement administrative, technical and physical safeguards appropriate to the sensitivity of information we hold. Measures include access controls for staff and contractors, encrypted transport (HTTPS) on the Site, password-protected systems where applicable, honeypot spam protection on forms and periodic review of vendor security practices. No method of transmission or storage is perfectly secure; we commit to notifying affected individuals and regulators of significant breaches where required by law.
11. Your rights under Canadian privacy law
Subject to limited exceptions, you have the right to:
- Know whether we hold personal information about you
- Access that information and receive an account of its use and disclosure
- Challenge accuracy and request correction of incomplete or inaccurate records
- Withdraw consent for optional processing, understanding that legal or contractual limits may apply
- File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not addressed your concern adequately
12. Links to other websites
The Site may link to external resources (for example, partner institutions or tool vendors). We are not responsible for the privacy practices of third-party sites. Review their policies before providing personal information.
13. Changes to this policy
We may update this Privacy Policy to reflect changes in law, technology or our Services. The effective date at the top will change when we publish a revision. Material changes will be noted on the Site. Continued use after posting constitutes notice of the update; where PIPEDA requires fresh consent for a new purpose, we will obtain it.
14. Accountability summary
EduSpark Inc. is responsible for personal information in our possession. We designate accountability for privacy compliance, train staff who handle personal information, document complaints and inquiries, and review this policy at least annually. Questions and requests: [email protected].