Privacy Policy
Last Updated: May 24, 2026
1. Introduction
IPOReady Inc. ("Company," "we," "us," "our") is committed to protecting your privacy and ensuring you have a positive experience on our website and application ("Services"). This Privacy Policy explains our information practices, what information we collect, how we use it, and your rights regarding that information.
This Privacy Policy applies to:
- Our website (ipoready.com)
- Our web application (app.ipoready.com)
- Mobile applications (iOS/Android)
- All related services and communications
2. Jurisdiction & Compliance
IPOReady complies with:
- United States: CCPA (California Consumer Privacy Act), GDPR where applicable
- Canada: PIPEDA (Personal Information Protection and Electronic Documents Act), PECA (Personal Information Protection Act), and provincial privacy laws
- EU/EEA: GDPR (General Data Protection Regulation) and ePrivacy Directive
3. Information We Collect
3.1 Information You Provide
- Account Registration: Name, email, phone, company name, role, password
- Company Information: Funding data, team size, sector, exchange listing targets, financial metrics
- Documents: Uploaded files (cap tables, financial statements, legal documents)
- Communications: Messages, support tickets, feedback, survey responses
- Payment Information: Billing address, subscription plan (credit card processing handled by Stripe)
3.2 Information Collected Automatically
- Device Information: IP address, browser type, operating system, device type
- Usage Data: Pages visited, time spent, features used, interactions, error logs
- Cookies & Tracking: Session cookies, authentication tokens, analytics cookies
- Location Data: Derived from IP address (not precise location)
3.3 Third-Party Data Sources
- OAuth providers (Google, LinkedIn): Email, name, profile picture
- SEDAR+ / SEDI integrations: Publicly available company filings
- Stripe: Payment and subscription information
4. How We Use Your Information
- Service Delivery: Providing IPO readiness tracking, document management, PACE scoring
- Account Management: Authentication, account recovery, support
- Communications: Service updates, billing notifications, feature announcements, support responses
- Analytics & Improvement: Understanding usage patterns, improving platform features
- Legal Compliance: Fraud prevention, security, regulatory compliance, legal obligations
- Business Operations: Billing, revenue recognition, audit trails
5. Legal Basis for Processing
We process your information based on:
- Contract: Information needed to provide Services
- Consent: Optional marketing communications, cookies beyond essential
- Legitimate Interest: Platform security, fraud prevention, business analytics
- Legal Obligation: Tax compliance, regulatory filings, law enforcement
6. Data Sharing & Disclosure
6.1 We Do NOT Sell Your Data
IPOReady does not sell, rent, or lease personal information to third parties for marketing purposes.
6.2 We Share Data With
- Service Providers: Stripe (payments), Resend (email), Twilio (SMS/WhatsApp), Slack (integrations), hosting providers
- Legal Requirements: Law enforcement, courts, regulators (with proper legal process)
- Business Transitions: Merger, acquisition, asset sale (with notice)
- Your Explicit Consent: Third-party integrations you authorize
6.3 Data Processing Agreements
All service providers operate under Data Processing Agreements (DPAs) ensuring GDPR/PIPEDA compliance and data protection standards.
7. Data Retention
| Data Type | Retention Period |
|---|
| Active Account Data | During account lifetime + 30 days after deletion |
| Financial Records | 7 years (tax/legal compliance) |
| Audit Logs | 3 years (regulatory compliance) |
| Analytics/Cookies | 13 months (or as per consent) |
| Deleted Account Data | 30 days in backup, then permanently deleted |
8. Your Privacy Rights
8.1 US Rights (CCPA)
- Right to Access: Request copy of data we hold about you
- Right to Delete: Request erasure of personal information
- Right to Opt-Out: Opt out of sale/sharing of data (we don't, but you have the right)
- Right to Correct: Request correction of inaccurate data
8.2 EU/EEA Rights (GDPR)
- Right to access, rectification, erasure, restriction of processing
- Right to data portability (export in machine-readable format)
- Right to withdraw consent
- Right to object to processing
- Right to lodge complaint with supervisory authority
8.3 Canadian Rights (PIPEDA)
- Right to access personal information
- Right to request correction
- Right to withdraw consent
- Right to file complaint with Privacy Commissioner of Canada
9. How to Exercise Your Rights
To exercise any privacy rights, submit a request to:
Email: privacy@ipoready.com
Mail: IPOReady Inc., [Address], [City], [Country]
In-App: Account Settings → Privacy & Data
We will respond within:
- US (CCPA): 45 days
- EU (GDPR): 30 days
- Canada (PIPEDA): 30 days
10. Data Security
We implement industry-standard security measures:
- TLS/SSL encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- bcryptjs hashing for passwords (12 salt rounds)
- Multi-factor authentication (MFA) optional for accounts
- Regular security audits and penetration testing
- Secure key management and access controls
11. Cookies & Tracking
| Cookie Type | Purpose | Consent Required |
|---|
| Session/Authentication | Keep you logged in | No (essential) |
| Preferences | Remember settings (theme, language) | No (essential) |
| Analytics (Google Analytics 4) | Track usage patterns, improve UX | Yes (optional) |
| Third-Party (Stripe, Slack) | Service integration | Yes (optional) |
12. International Data Transfers
Your data may be transferred to and processed in countries other than where you reside, including the United States and Canada. By using our Services, you consent to such transfers.
For EU/EEA users: We use Standard Contractual Clauses and other lawful mechanisms to ensure adequate protections for international transfers.
13. Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a minor, we will promptly delete it. Parents/guardians who believe their child has provided information should contact privacy@ipoready.com.
14. Third-Party Links
Our Services may contain links to third-party websites (SEDAR+, TSX, regulatory sites). We are not responsible for their privacy practices. Please review their policies before providing information.
15. Policy Updates
We may update this Privacy Policy periodically. Major changes will be announced via email or prominent notice on our website. Your continued use of Services after changes constitutes acceptance of the updated policy.
16. Contact Us
Privacy Officer: privacy@ipoready.com
Data Protection Authority Inquiries: dpa@ipoready.com
General Support: support@ipoready.com
Address: IPOReady Inc., [Address], [City], [Country]
This Privacy Policy was last updated on May 24, 2026. We are committed to protecting your privacy and will continue to evolve our practices to meet regulatory standards.