GNOSISGNOSIS

Privacy Policy

Last Updated: April 15, 2026

1. Introduction

GNOSIS Ethical Intelligence ("GNOSIS," "we," "us," or "our"), operated by GNOSIS Ethical Intelligence, with its principal place of business in Newfoundland, Canada, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you visit our website at www.gnosisethical.com (the "Website"), use our accountability infrastructure platform (the "Platform"), or otherwise interact with us.

By accessing or using the Website or Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use our Website or Platform.

This Privacy Policy is compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), the General Data Protection Regulation (GDPR) where applicable, and other relevant privacy legislation.

2. Information We Collect

2.1 Information You Provide Directly

We may collect personal information that you voluntarily provide to us, including but not limited to:

  • Contact Information: Full name, email address, telephone number, mailing address, and organizational affiliation.
  • Professional Information: Job title, organization name, organization size, industry sector, and professional role.
  • Account Information: Email address, password (encrypted), and role-based access credentials when you create an account on our Platform.
  • Communication Data: Any messages, inquiries, feedback, or other content you submit through our contact forms, demo request forms, whitepaper request forms, consultation request forms, or other communication channels.
  • Business Information: Information about your organization's compliance challenges, risk profiles, workforce size, and operational needs that you provide during consultations, demos, or platform onboarding.

2.2 Information Collected Automatically

When you visit our Website, we may automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, time and date of visits, time spent on pages, click-through data, referring URL, and other browsing behavior on our Website.
  • Log Data: Server logs that may include your IP address, access times, pages viewed, and the page you visited before navigating to our Website.
  • Location Data: Approximate geographic location derived from your IP address.

2.3 Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. For more details, please see Section 9 (Cookies Policy) below.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Service Delivery: To provide, maintain, operate, and improve our Website and Platform, including processing demo requests, responding to inquiries, and delivering our accountability infrastructure services.
  • Account Management: To create and manage your account, authenticate your identity, and provide role-based access to the Platform.
  • Communications: To respond to your inquiries, send you requested information, provide customer support, and send service-related notices and updates.
  • Marketing: To send you promotional communications about our products, services, events, and other news, where you have consented to receiving such communications or where otherwise permitted by law.
  • Analytics and Improvement: To understand how users interact with our Website and Platform, to analyze trends, administer the site, track user movements, and gather demographic information for aggregate use.
  • Security: To detect, prevent, and address technical issues, fraud, unauthorized access, and other harmful or illegal activities.
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.
  • Business Operations: To conduct business planning, reporting, and forecasting, and for other internal administrative purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as receiving marketing communications.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, provided that such interests are not overridden by your rights and freedoms.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

  • Service Providers: We may share your information with trusted third-party service providers who perform services on our behalf, such as email delivery (Resend), web hosting, analytics, and customer support. These providers are contractually obligated to protect your information and may only use it for the purposes for which it was disclosed.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other corporate transaction, your personal information may be transferred as part of that transaction, subject to appropriate confidentiality agreements.
  • With Your Consent: We may share your information for any other purpose disclosed to you at the time we collect the information or with your explicit consent.
  • Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context of the processing and our legal obligations.

When personal information is no longer required, we will securely delete or anonymize it. If deletion is not possible (for example, because the information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit using TLS/SSL protocols.
  • Encryption of passwords using industry-standard hashing algorithms (bcrypt).
  • Role-based access controls and authentication mechanisms.
  • Regular security assessments and vulnerability testing.
  • Secure hosting infrastructure with continuous monitoring.
  • Employee training on data protection and privacy best practices.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request the deletion of your personal information, subject to certain legal exceptions.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or your local data protection authority.

To exercise any of these rights, please contact us using the information provided in Section 14 below. We will respond to your request within the timeframes required by applicable law.

9. Cookies Policy

Our Website uses cookies and similar tracking technologies to enhance your browsing experience. The types of cookies we use include:

  • Strictly Necessary Cookies: Essential for the operation of the Website and Platform, such as session management and authentication cookies. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our Website by collecting and reporting information anonymously.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Website. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Refer to your browser's help documentation for instructions on how to manage cookies.

10. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than Canada, including the United States or other jurisdictions where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal information outside of Canada or the EEA, we implement appropriate safeguards to ensure that your information receives an adequate level of protection, including standard contractual clauses approved by the European Commission, or other legally recognized transfer mechanisms.

11. Third-Party Links

Our Website may contain links to third-party websites, services, or applications that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

12. Children's Privacy

Our Website and Platform are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe that we may have collected information from a child under 18, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where required by law, providing additional notice (such as by email or through a prominent notice on our Website). We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

GNOSIS Ethical Intelligence

Privacy Officer

Newfoundland, Canada

Email: info@gnosisethical.com

Website: www.gnosisethical.com

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of Newfoundland and Labrador, Canada, and the federal laws of Canada applicable therein, without regard to its conflict of law provisions.