Privacy Policy

MarketBlueprint Strategy Inc. ("MarketBlueprint", "we", "us") operates marketblueprint.pro. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and guidance from the Office of the Privacy Commissioner of Canada (OPC).

1. Accountability and data controller

MarketBlueprint Strategy Inc. is accountable for personal information under our control. Business Number 856789012 RC0001. Registered address: 1250 René-Lévesque Blvd W, Suite 900, Montreal, QC H3B 4W8. Privacy inquiries: [email protected]. Director of Publication: Renée Dubois.

2. Identifying purposes

We collect personal information for identifiable purposes including: responding to contact form submissions; scheduling discovery calls; delivering contracted marketing services; maintaining client records; improving website security and performance; complying with legal obligations; and managing cookie consent preferences.

3. Consent

We obtain meaningful consent before collecting personal information except where permitted by law. Contact form submission requires explicit consent via checkbox for PIPEDA and CASL-aligned processing. Cookie analytics load only after consent through our cookie banner. You may withdraw consent subject to legal or contractual restrictions by contacting [email protected].

4. Limiting collection

We collect only information reasonably necessary for stated purposes: typically name, email, phone, company, subject selection, message content, consent records, and technical metadata such as IP address and browser type in server logs.

5. Limiting use, disclosure, and retention

We do not sell personal information. Disclosure is limited to service providers who assist hosting, email delivery, or analytics (when consented), bound by contractual safeguards. Enquiry records retained 12–24 months unless a client relationship continues. Analytics data retained up to 14 months. Server logs retained up to 90 days. Client project records retained 24–36 months after completion unless otherwise agreed.

6. Accuracy

We rely on you to provide accurate information. You may request correction of inaccurate personal information by contacting [email protected].

7. Safeguards

We implement administrative, technical, and physical safeguards appropriate to sensitivity, including HTTPS transport, access controls, and staff training. No internet transmission is completely secure; we encourage strong passwords on your systems.

8. Openness

This policy is publicly available. Questions about our privacy practices may be directed to [email protected].

9. Individual access

You may request access to personal information we hold about you. We respond within 30 days where PIPEDA requires, subject to permitted exceptions. Access requests should include sufficient detail to locate records.

10. Challenging compliance

Contact [email protected] to challenge our compliance with this policy. You may lodge a complaint with the Office of the Privacy Commissioner of Canada: 30 Victoria Street, Gatineau, QC K1A 1H3 — priv.gc.ca.

11. Cookies and similar technologies

See our Cookie Policy for categories, purposes, and management options. Essential cookies operate the site; analytics cookies require consent.

12. Cross-border processing

Hosting and email infrastructure may process data in Canada or other jurisdictions with contractual protections. We assess transfers for PIPEDA compliance.

13. Marketing communications

We send commercial electronic messages only with consent under Canada's Anti-Spam Legislation (CASL). You may unsubscribe using links in messages or by contacting [email protected].

14. Minors

Our services target business clients. We do not knowingly collect personal information from individuals under 16 without appropriate consent.

15. Breach notification

We maintain procedures to assess and report significant breaches as required by PIPEDA breach notification rules, including notification to affected individuals and the OPC when applicable.

16. Changes

We may update this policy with a revised date posted on this page. Material changes will be communicated where appropriate.

17. Service-specific processing

During marketing engagements, clients may share customer insights or research materials. We process such data only per contract instructions, apply need-to-know access, and return or delete materials per agreement schedules.

18. Automated decision-making

We do not make solely automated decisions producing legal or similarly significant effects about individuals without human review.

19. Contact

[email protected] | +1 (514) 555-0128 | 1250 René-Lévesque Blvd W, Suite 900, Montreal, QC H3B 4W8

20. Strategic document classification

GTM blueprints may contain sensitive competitive assumptions. We classify documents as client-confidential by default and restrict distribution to named stakeholders you approve.

21. Financial data boundaries

Marketing strategy plans may reference revenue targets you provide. We do not request brokerage statements or trading history — such data is outside our scope as a marketing planning agency.

22. Channel partner information

When mapping distributor or reseller channels, partner contact details you supply are used only for workshop preparation and deleted from working notes after blueprint delivery unless ongoing retainer applies.

23. Bilingual materials

Quebec market entries may involve francophone copy review. Personal data in bilingual stakeholder lists is handled with the same PIPEDA safeguards as English-only projects.

24. Specification versioning

Blueprint revisions are numbered and timestamped. Superseded versions are archived for 18 months then purged from active systems.

25. Procurement and RFP data

Information submitted during RFP processes is used solely for evaluation and contracting. Unsuccessful bids: data deleted within twelve months unless you request earlier removal.

26. Security incident contacts

Suspected breaches involving MarketBlueprint systems should be reported immediately to [email protected]. We document incidents and notify affected parties per PIPEDA requirements.

27. De-identification

Where analytics permits, IP addresses are truncated and user agents hashed before storage. We periodically review analytics configurations for alignment with this policy.

28. Physical records

Printed workshop materials, if any, are shredded after digitisation unless clients request return. Locked storage applies during active projects only.

29. Privacy impact reviews

New tools undergo lightweight privacy impact review before deployment on client programmes involving personal information.

30. Contact for data breaches

Report suspected incidents to [email protected] immediately. We maintain an incident log and cooperate with OPC guidance on notification timelines.

31. Website log files

Server logs may capture IP address, request timestamp, requested URL, HTTP status, and browser user agent. Logs support security monitoring and troubleshooting. They are not used to build marketing profiles of individual visitors and are deleted on a rolling schedule not exceeding ninety days unless investigation requires temporary extension.

32. Form submission security

Contact forms use honeypot fields and referer validation to reduce automated spam. Spam submissions are deleted without response. Legitimate submissions are stored in secure mailboxes accessible only to authorised MarketBlueprint staff in Montreal and remote team members under confidentiality obligations.

33. Direct marketing from MarketBlueprint

If you enquire about services, we may send follow-up messages related to your request under CASL implied consent rules for existing inquiries. Ongoing newsletters or promotional messages require express consent. Every commercial email includes an unsubscribe mechanism.

34. Aggregated statistics

We may publish aggregated, non-identifying statistics about industries served or project types completed. These statistics never include personal information or client-identifiable performance metrics without written permission.

35. Due diligence requests

Enterprise clients may submit security questionnaires during procurement. We respond with accurate summaries of practices described in this policy. Custom data processing agreements are available for large engagements involving systematic personal information processing on your behalf.

36. Policy review cycle

MarketBlueprint reviews this Privacy Policy at least annually and after material changes to tools or regulations. The last updated date appears at the top of this page. Previous versions may be archived internally for compliance records.

37. Accessibility of privacy notices

We aim to present privacy information in plain language. If you require this policy in an alternative format, contact [email protected] with your request and we will endeavour to accommodate reasonable accessibility needs.

38. Linking to third-party sites

Our site may link to regulator resources, mapping tools, or font providers. Those sites have independent privacy practices. We encourage you to read their policies before submitting personal information externally.

39. Children's privacy

Our business services are not directed at children. If we learn that personal information from a child was submitted without appropriate parental consent, we will delete it promptly upon notification to [email protected].