Auxlo Privacy Policy

1. Who is responsible for your information

Auxlo is responsible for the personal information in our custody and control. We have designated a person responsible for the protection of personal information (our privacy officer). You can reach the privacy officer using the contact details in section 14.

2. What we collect

Through the website and our intake process, we may collect:

• Information you provide directly: your name, work email, company name, the service you are interested in, and anything you include in a message or an intro-call request.
• Free assessment responses: the frameworks you select and the answers you give to the assessment questions, which we use to generate your readiness snapshot.
• Communications: emails, call notes, and other correspondence between you and Auxlo.
• Technical information: basic analytics such as pages visited and general device and browser information, collected to operate and improve the site.

We do not ask you to submit sensitive client data, regulated personal information, or confidential evidence through the website. Please do not send such material through the contact form or the assessment.

3. How we use your information

We use the information above to:

• Respond to your inquiry and reply within our stated timeframe.
• Generate your free readiness snapshot and the indicative roadmap that accompanies it.
• Scope, propose, and deliver services you request.
• Operate, secure, and improve the website.
• Send you information you have asked for, and meet our legal and professional obligations.

We do not sell your personal information. We do not use it for advertising.

4. Consent

We collect, use, and disclose personal information with your consent, or as otherwise permitted by applicable law. By submitting the contact form or the assessment, you consent to the handling described in this policy. You may withdraw your consent at any time, subject to legal and contractual limits, by contacting our privacy officer. Withdrawing consent may mean we can no longer provide a requested service.

5. Use of artificial intelligence

Our free assessment uses automated processing to generate your readiness snapshot from the answers you provide. The result is indicative and is not a professional audit, a certification, or legal advice.

In paid engagements, we may use AI tools to help draft compliance artifacts. Every AI-assisted artifact is reviewed and signed off by a credentialed practitioner before a client relies on it. Where AI tools process information during an engagement, we identify the tools involved and how information is handled, and we configure those tools to meet the data-handling commitments agreed for that engagement.

6. Service providers and disclosure

We use a small number of service providers to operate our business, which may include website hosting, email, scheduling, analytics, and AI tooling. These providers process information only on our instructions and only to provide their service to us. We share personal information with them only as needed for those purposes.

We may also disclose personal information where required by law, to protect our rights, or with your direction. If a service provider processes information outside your province or outside Canada, that information may be subject to the laws of the jurisdiction where it is processed. Where a client requires Canadian data residency, we arrange and confirm it in writing for that engagement (see section 7).

7. Where your information is stored

Our website and intake tools may process information on infrastructure located in Canada or elsewhere, depending on the provider. For paid engagements that require it, Canadian data residency is available: client data can be configured to be stored at rest in Canada, and we confirm that arrangement in writing before any client data is stored. If you need a specific hosting jurisdiction, tell us during scoping.

8. How long we keep it

We keep personal information only as long as needed for the purpose it was collected, to maintain our business records, and to meet legal and professional obligations. When it is no longer needed, we securely delete or anonymize it. Engagement records are retained according to the engagement agreement and applicable professional standards.

9. How we protect it

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls, encryption in transit, and limiting access to those who need it. No method of transmission or storage is perfectly secure, but we work to protect your information and to respond promptly if an incident occurs.

10. Your rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw consent to our use of your information.
• Request deletion of your information, where we are not required to keep it.
• Request a copy of certain information in a structured, commonly used format, where the law provides for it.

To exercise any of these rights, contact our privacy officer. We will respond within the timeframe required by law. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada, or, for matters under Quebec law, with the Commission d'acces a l'information du Quebec.

11. Cookies and analytics

The website may use cookies and similar technologies to operate the site and understand general usage. You can control cookies through your browser settings. Disabling some cookies may affect how the site works.

12. Children

The website is intended for businesses and is not directed to children. We do not knowingly collect personal information from children.

13. Changes to this policy

We may update this policy as our practices or the law change. We will post the updated version here with a new effective date. Material changes will be made clear.

14. Contact us

For any privacy question, or to exercise your rights, contact our privacy officer: