Privacy Notice

Last Updated: March 5, 2026

Welcome to LamFia. This Privacy Notice explains how LamFia, a sole proprietorship registered in the Province of Ontario, Canada, operating under the Business Names Act (Ontario) ("LamFia," "we," "our," or "us"), collects, uses, discloses, retains, and otherwise processes personal information in connection with our websites (including https://LamFia.com and https://cloud.LamFia.com), installable software, cloud-hosted software-as-a-service (SaaS) platforms, consulting services, training services, and all related products and services (collectively, the "Services").

This Privacy Notice is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), the Consumer Protection Act, 2002 (Ontario), and other applicable Canadian federal and provincial privacy legislation (collectively, "Applicable Privacy Law"). Where this Privacy Notice refers to "personal information," it means information about an identifiable individual, as defined under PIPEDA.

This Privacy Notice does not address our privacy practices relating to LamFia job applicants, employees, contractors, or other employment-related individuals, nor data that is not subject to Applicable Privacy Law (such as de-identified, aggregated, or publicly available information). This Privacy Notice is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

1. Our Role in Processing Personal Information

Under Applicable Privacy Law, an organization that determines the purposes for which personal information is collected, used, or disclosed is accountable for that personal information. LamFia is accountable for the personal information under its control, including personal information transferred to third parties for processing on our behalf.

This Privacy Notice describes our privacy practices where we are acting as the organization accountable for the collection, use, and disclosure of personal information. However, this Privacy Notice does not cover or address how our customers may process personal information when they use our Services, or how we may process personal information on their behalf in accordance with their instructions as a service provider. We recommend referring to the privacy notice of the customer with whom you have a relationship for information on how they engage service providers, like us, to process personal information on their behalf. We are generally not in a position to respond to individual requests relating to personal information we process on behalf of our customers, and we recommend directing any such requests to the relevant customer.

2. Consent

In accordance with PIPEDA, we collect, use, and disclose your personal information with your knowledge and consent, except where permitted or required by law. By using our Services, providing your personal information to us, or engaging us for consulting or training services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Notice.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain Services to you. To withdraw consent, please contact us at privacy@LamFia.com.

3. Our Collection and Use of Personal Information

The categories of personal information we collect depend on how you interact with us and our Services, including whether you use our installable software, SaaS platform, consulting services, or training services. You may provide personal information directly when you provide contact information, use our Services, register for an account, engage us for consulting or training, complete an online transaction, participate in an event or survey, or otherwise contact us.

We also collect personal information automatically when you interact with our websites and other Services and may collect personal information from other sources and third parties.

3.1. Personal Information Provided by Individuals

We collect the following categories of personal information that individuals provide to us:

Contact Information: First and last name, phone number, email address, mailing address, and communication preferences. We use this information primarily to fulfill your request or transaction, to communicate with you directly, to administer our consulting and training engagements, and to send you commercial electronic messages in accordance with CASL and your preferences.

Professional Information: Job title, company name, professional background, industry, and the nature of your relationship with us. We use this information primarily to fulfill your request or transaction, to determine how we communicate with you, to administer your account, to scope and deliver consulting and training services, and for customer support purposes.

Account Information: First and last name, email address, phone number, account credentials or one-time passcodes, transaction history, and the history of your use of our Services. We use this information primarily to administer your account, provide you with our Services (including SaaS and installable software licensing), communicate with you regarding your account and use of Services, and for customer support purposes.

Customer Content: Any files, documents, audio, videos, images, data, code, configurations, or communications you choose to input, upload, or transmit to our Services, including through our SaaS platform or installable software. We use this content primarily to provide you with our Services, to facilitate your requests, and to improve our Services. We do not train any models or products on Customer Content.

Consulting and Training Information: Information you provide in connection with consulting engagements and training services, including project requirements, business processes, technical specifications, training needs assessments, and related documentation. We use this information primarily to deliver the applicable consulting or training services, to prepare deliverables and training materials, and to improve our service offerings.

Payment Information: Payment card information, billing address, and other financial information. We use third-party payment processors to process payments made to us. We do not retain personally identifiable financial information such as full payment card numbers. All such information is provided directly by you to our third-party payment processors. The payment processor's use of your personal information is governed by their own privacy notice.

Event and Survey Information: Information provided when you sign up for an event, complete a survey, or submit a testimonial. We use this information to administer and facilitate our Services, respond to your submission, communicate with you, conduct market research, and improve our business.

Feedback and Support Information: The contents of messages sent through forms, chat platforms, email addresses, or other contact channels, as well as recordings of calls with us, where permitted by Applicable Privacy Law. We use this information primarily to investigate and respond to your inquiries, communicate with you, and improve our Services.

If you choose to contact us, we may need additional information to fulfill the request or respond to your inquiry. We may provide additional privacy disclosures where the scope of the request or personal information required falls outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we process the information you provide at that time.

3.2. Personal Information Automatically Collected

We, and our third-party partners, automatically collect information you provide to us and information about how you access and use our Services when you engage with us. We typically collect this information through the use of automatic data collection technologies, including: (i) cookies or small data files stored on an individual's computer or device; and (ii) other related technologies, such as web beacons, pixels, embedded scripts, and logging technologies. Information collected automatically may be combined with other personal information we collect directly from you or receive from other sources.

We, and our third-party partners, use automatic data collection technologies to collect the following:

Information About Your Device and Network: Device type, manufacturer, model, operating system, IP address, browser type, Internet service provider, and unique identifiers associated with you, your device, or your network.

Information About Your Use of Our Services: The site from which you came, the site to which you go when you leave our Services, how frequently you access our Services, browsing behaviour and actions you take on our Services (such as pages visited, content viewed, queries made, and links and advertisements you interact with). We may employ third-party technologies to collect detailed information about browsing behaviour on our Services, which may record mouse movements, scrolling, clicks, and keystroke activity on our Services.

Information About Your Location: General geographic location derived from your IP address. We do not collect precise geolocation data without your express consent.

We use this automatically collected information to improve your experience, monitor and improve our Services, enhance security, diagnose technology problems, provide personalized content, and plan for and enhance our Services.

For information about the choices you may have in relation to our use of automatic data collection technologies, please refer to the "Your Privacy Choices" section below.

3.3. Personal Information from Other Sources and Third Parties

We may receive personal information from the following sources:

Single Sign-On: We may allow you to log in through third-party accounts. We receive tokens from the single sign-on protocol to identify you and confirm authentication, not your third-party login credentials.

Employers: If you interact with our Services in connection with your employment, we may obtain personal information from your employer (e.g., contact information for administering the customer relationship).

Other Customers: We may receive your personal information from our other customers, such as through referrals.

Business Partners: We may receive your information from business partners in connection with integrated services or joint offerings.

Service Providers: Our service providers that perform services on our behalf, such as analytics providers, may collect and share personal information with us.

Other Sources: We may collect personal information from publicly available sources or third-party data providers.

3.4. Additional Uses of Personal Information

In addition to the primary purposes described above, we may also use personal information to:

  • Fulfill or meet the reason the information was provided, such as to deliver Services, process payments, or perform consulting and training engagements;
  • Manage our business and its day-to-day operations;
  • Communicate with you, including via email, text message, chat, and telephone, in compliance with CASL;
  • Facilitate our relationship with you and, where applicable, the organization you represent;
  • Request feedback about our service offerings;
  • Address inquiries or complaints;
  • Create and maintain accounts;
  • Verify your identity and entitlement to our Services;
  • Market our Services to you in compliance with CASL;
  • Administer, improve, and personalize our Services;
  • Develop, operate, improve, maintain, protect, and provide our Services;
  • Identify and analyse how you use our Services;
  • Create aggregated or de-identified information that cannot reasonably be used to identify you;
  • Conduct research and analytics;
  • Test, enhance, update, and monitor the Services, or diagnose or fix technology problems;
  • Help maintain and enhance the safety, security, and integrity of our Services;
  • Defend, protect, or enforce our rights or applicable agreements (including our Terms of Service);
  • Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity;
  • Facilitate business transactions, including a potential sale of the business or its assets;
  • Comply with contractual and legal obligations; and
  • Fulfill any other purpose for which you provide your personal information, or for which you have otherwise consented.

4. Our Disclosure of Personal Information

We disclose or otherwise make available personal information in the following circumstances:

To Your Employer: If you interact with our Services in connection with your employment, we may disclose personal information to your employer (e.g., usage information related to your employer's customer relationship with us).

To Service Providers: We engage third parties to perform certain services on our behalf. Depending on the applicable services, these service providers may process personal information on our behalf or have access to personal information while performing services on our behalf. Our service providers are contractually required to protect personal information and to use it only for the purposes for which it was disclosed.

To Business Partners: We may share personal information with our business partners in connection with joint or integrated service offerings, or we may allow our business partners to collect personal information directly from you in connection with our Services.

To Marketing Providers: We coordinate and share personal information with our marketing providers in order to advertise and communicate with you about our Services, in compliance with CASL.

To Other Businesses as Needed to Provide Services: We may share personal information with third parties you engage with through our Services or as needed to fulfill a request or transaction (e.g., payment processing services).

In Connection with a Sale of the Business or Its Assets: In the event of a sale, transfer, or other disposition of the LamFia business or substantially all of its assets, or in the unlikely event of bankruptcy, receivership, or insolvency, your personal information may be among the assets disclosed, transferred, or assigned to the purchaser or successor, subject to Applicable Privacy Law. We may also disclose personal information during negotiations relating to such a transaction.

To Comply with Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:

  • In connection with the establishment, exercise, or defence of legal claims;
  • To comply with laws, court orders, or to respond to lawful requests and legal process;
  • To protect our rights and property and those of our agents, customers, and others, including to enforce our agreements, policies, and Terms of Service;
  • To detect, suppress, or prevent fraud;
  • To reduce credit risk and collect debts owed to us;
  • To protect the health and safety of us, our customers, or any person; or
  • As otherwise required or permitted by Applicable Privacy Law.

With Your Consent or Direction: We may disclose your personal information to certain other third parties or publicly with your consent or at your direction.

5. Cross-Border Transfers of Personal Information

Your personal information is primarily stored and processed in Canada. However, in the course of providing our Services, personal information may be transferred to, stored in, or processed in jurisdictions outside of Canada, including by our service providers and business partners. When personal information is transferred outside of Canada, it may be subject to the laws of those jurisdictions. We take reasonable contractual and other measures to ensure that personal information transferred outside of Canada receives a comparable level of protection as required under PIPEDA.

By using our Services, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside of Canada, and you consent to such transfers for the purposes described in this Privacy Notice.

6. Your Privacy Choices

The following privacy choices are made available to all individuals with whom we interact. You may also have additional rights depending on your province or territory of residence.

6.1. Communication Preferences

Email Communication Preferences: You can stop receiving promotional or commercial electronic messages from us by clicking on the "unsubscribe" link provided in any of our email communications, or by contacting us at privacy@LamFia.com. In accordance with CASL, we will process your unsubscribe request within ten (10) business days. Please note that you cannot opt out of service-related or transactional email communications (such as account verification, transaction confirmation, or service update emails).

6.2. Automatic Data Collection Preferences

You may be able to utilize third-party tools and features to restrict our use of automatic data collection technologies. For example: (i) most browsers allow you to change browser settings to limit automatic data collection technologies; (ii) most email providers allow you to prevent the automatic downloading of images in emails; and (iii) many devices allow you to change device settings to limit automatic data collection. Please note that blocking automatic data collection technologies may negatively impact your experience using our Services, as some features may not work properly. We do not have control over these third-party tools and features and are not responsible if they do not function as intended.

6.3. Targeted Advertising Preferences

We may engage third parties to help us facilitate targeted advertising. The data used for this purpose is primarily collected through automatic data collection technologies. In addition to the steps set forth in the Automatic Data Collection Preferences section above, you may be able to exercise control over advertisements by leveraging opt-out programs, including:

Device-Specific Opt-Out Programs: Certain devices provide the option to turn off targeted advertising (such as Apple devices through App Tracking Transparency or Android devices through opt-out of ads personalization). Please refer to your device manufacturer's user guides.

Digital Advertising Alliance of Canada (DAAC): The DAAC allows individuals to opt out of receiving online interest-based targeted advertisements from participating companies. Visit https://youradchoices.ca/ for more information.

Google Analytics: We may use Google Analytics to understand how users interact with our Services. For information on how Google Analytics collects and processes data and how you can control information sent to Google, visit https://www.google.com/policies/privacy/partners/. You can learn about Google Analytics' opt-out options, including the Google Analytics Browser Add-On, at https://tools.google.com/dlpage/gaoptout/.

Please note that opting out of targeted advertising does not mean you will no longer see advertisements from us. It means the ads you see should not be based on your inferred interests. We are not responsible for the effectiveness of, or compliance with, any third parties' opt-out options or programs.

6.4. Partner-Specific Preferences

Certain of our third-party providers and partners offer additional ways to exercise control over your personal information:

Device-Specific / Platform-Specific Preferences: The device or platform you use to interact with us may provide additional choices regarding the data you share with us. Please refer to your device or platform provider's user guides.

7. Your Rights Under Canadian Privacy Law

7.1. Access to Personal Information

Under PIPEDA, you have the right to request access to the personal information we hold about you. Upon receiving a written request and verifying your identity, we will inform you of the existence, use, and disclosure of your personal information and provide you with access to that information within thirty (30) days of receiving the request (or such longer period as may be permitted by law), subject to certain exceptions under PIPEDA.

7.2. Correction of Personal Information

You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate. If we disagree with a request for correction, we will note your request in our files.

7.3. Withdrawal of Consent

You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Please note that withdrawal of consent may limit our ability to provide certain Services to you.

7.4. Complaints

If you have a concern about our personal information practices, you may file a complaint with our Privacy Officer at privacy@LamFia.com. We will investigate all complaints and respond within thirty (30) days. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca or with the applicable provincial privacy commissioner.

7.5. How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@LamFia.com. We may need to verify your identity before processing your request. We will not charge a fee for responding to a request, except in circumstances permitted by PIPEDA (e.g., repeated or frivolous requests).

8. Service-Specific Privacy Practices

8.1. Installable Software

When you download, install, and use LamFia's installable software, we may collect technical information about your device, operating system, software version, installation status, error logs, and usage patterns. This information is used to provide software updates, troubleshoot issues, enforce licensing, and improve our products. We do not access files, data, or content stored on your device unless you expressly transmit such information to us through the software's features. You are responsible for ensuring the security of your local systems and data.

8.2. SaaS Platform

When you use LamFia's SaaS platform, we collect account information, Customer Content you upload or input, and usage data. Customer Content is encrypted in transit and at rest. We do not train any models on Customer Content. Upon termination of your account, we may delete Customer Content within thirty (30) days, and we shall have no obligation to maintain or provide any Customer Content after such period.

8.3. Consulting Services

In the course of providing consulting services, we may receive personal information about you or your organization's personnel, clients, or partners as necessary to deliver the engagement. We use this information solely for the purpose of performing the consulting services described in the applicable Statement of Work. We will treat all personal information received during consulting engagements in accordance with this Privacy Notice and any applicable confidentiality obligations.

8.4. Training Services

When you participate in LamFia's training services, we collect registration information, attendance records, assessment results, and feedback. If training sessions are recorded (with prior notice and, where required, consent), we may retain recordings for internal quality assurance and future training purposes. Training Materials and course content are our Intellectual Property and are not considered your personal information.

9. Children's Personal Information

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of eighteen (18), being the age of majority in the Province of Ontario. If an individual is under the age of eighteen (18), they should not use our Services or otherwise provide us with any personal information. If a child under the age of eighteen (18) has provided personal information to us, we encourage the child's parent or guardian to contact us at privacy@LamFia.com to request that we remove the personal information from our systems. If we learn that any personal information we have collected has been provided by a child under the age of eighteen (18), we will promptly delete that personal information.

10. Data Security

LamFia takes the security of your personal information seriously. We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction. These measures include encryption of personal information in transit and at rest, access controls, and secure software development practices.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for the security of your own systems and devices. You must notify us immediately at support@LamFia.com of any unauthorized access to or use of your account.

11. Retention of Personal Information

We will retain the personal information we collect about you for no longer than reasonably necessary to fulfill the purposes for which it was collected, and in accordance with our legitimate business interests and Applicable Privacy Law. However, if necessary, we may retain personal information for longer periods as required by law or as needed to resolve disputes or protect our legal rights.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, whether we can achieve the purposes by other means, and our legal, regulatory, tax, accounting, and other obligations.

Once retention is no longer reasonably necessary, we will either delete or de-identify the personal information or, if that is not possible (for example, because personal information has been stored in backup archives), we will securely store the personal information and isolate it from further active processing until deletion or de-identification is possible.

12. Third-Party Websites and Services

Our Services may include links to third-party websites, plug-ins, applications, and other services. This Privacy Notice does not apply to any personal information practices of third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices. We are not responsible for the privacy practices or content of any third-party services.

13. Accountability and Governance

13.1. Privacy Officer

LamFia has designated a Privacy Officer who is accountable for LamFia's compliance with this Privacy Notice and with Applicable Privacy Law. All inquiries, complaints, and requests related to privacy should be directed to:

LamFia — Privacy Officer Email: privacy@LamFia.com Markham, Ontario, Canada

13.2. Breach Notification

In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm to an individual, LamFia will, in accordance with PIPEDA:

(a) Report the breach to the Office of the Privacy Commissioner of Canada;

(b) Notify affected individuals as soon as feasible; and

(c) Keep a record of the breach for a minimum of twenty-four (24) months.

14. Updates to This Privacy Notice

We may update this Privacy Notice from time to time. When we make changes, we will update the "Last Updated" date at the top of this Privacy Notice. If we make material changes, we will notify individuals by email to their registered email address, by prominent posting on our websites, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided. Your continued use of the Services after any change constitutes your acceptance of the updated Privacy Notice.

15. Governing Law

This Privacy Notice and any dispute arising out of or relating to it shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any proceedings related to this Privacy Notice shall be brought exclusively before the courts of the Province of Ontario, sitting in the Town of Markham, Regional Municipality of York, Ontario, Canada.

16. Contact Us

If you have any questions, requests, or complaints in connection with this Privacy Notice or other privacy-related matters, please contact us at:

LamFia — Privacy Officer Markham, Ontario, Canada Email: privacy@LamFia.com Website: https://LamFia.com

This Privacy Notice is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. The exclusive jurisdiction for any disputes is the courts sitting in Markham, Ontario, Canada.