Skip to content
Impradel

Privacy Policy

Last updated: July 4, 2026

The short version

Impradel collects only the personal and business information needed to deliver our services, contacted you back, or improve our website. We do not sell your information. We share it only with the service providers who help us operate (such as email delivery, hosting, and our risk assessment platform), and only to the extent necessary to provide our services to you. You can ask us what we hold about you, correct it, or ask us to delete it, at any time.

The rest of this policy explains that in full detail, as required by Canadian, U.S., and European privacy law.

1. Who We Are

Impradel Inc. ("Impradel," "we," "us," or "our") is a Canadian company based in St. Catharines, Ontario, providing virtual Chief Risk Intelligence Officer (vCRIO) and virtual Chief Information Security Officer (vCISO) advisory services.

Our designated Privacy Officer, responsible for compliance with this policy, can be reached at legal@impradel.com.

This policy applies to impradel.com and all services, tools, and communications associated with it, including our free vCRIO Risk Intelligence Diagnostic, our contact and consultation booking process, and our engagement sign-up forms.

2. What Information We Collect

We collect information directly from you when you interact with our website:

  • Contact information: name, email address, phone number (where provided), job title, and organization name
  • Organizational information: organization size, industry sector, and details you share about your organization's current situation, timeline, or objectives
  • Assessment responses: your answers to the vCRIO Risk Intelligence Diagnostic questionnaire, and the resulting score and tier
  • Communications: messages you send through our contact form, chat assistant, or booking process
  • Technical information: standard web log data (such as IP address, browser type, and device type) collected automatically when you visit our site

We do not knowingly collect any special category of sensitive personal information (such as health, biometric, or financial account data) through our website, and we ask that you not include such information in any free-text field, including our chat assistant or the diagnostic's open-ended questions.

3. Why We Collect It

We collect and use your information only for the following identified purposes:

  • To generate and deliver your vCRIO Risk Intelligence Snapshot report
  • To respond to your inquiries and requests for consultation
  • To evaluate and respond to engagement sign-up requests
  • To operate our website's chat assistant and answer your questions
  • To maintain records of our communications with you
  • To improve our website, services, and content
  • To meet our own legal, accounting, and regulatory obligations

We do not use your information for any purpose beyond what is identified above without first obtaining your consent.

4. How We Obtain Your Consent

By submitting a form on our website (including our assessment, contact, or engagement sign-up forms), you consent to the collection and use of your information for the purposes described in Section 3.

Where a form requires an explicit consent checkbox, that consent is express and must be actively given before submission is possible. Elsewhere, your consent may be implied by your voluntary use of our services, consistent with what a reasonable person would expect in the circumstances, as permitted under Canadian privacy law.

You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us at legal@impradel.com. Withdrawing consent may affect our ability to provide certain services to you.

5. Who We Share Your Information With

We do not sell, rent, or trade your personal information to any third party.

We share information only with trusted service providers who help us operate our business, and only to the extent necessary for them to perform that function:

  • Email delivery providers, to send your diagnostic report, confirmations, and correspondence
  • Risk assessment platform providers, to support the scoring and analysis behind our diagnostic tool
  • Website hosting and infrastructure providers, to operate our website securely
  • Scheduling providers, to facilitate booking a consultation
  • Artificial intelligence service providers, to power our website's chat assistant
  • Analytics providers (Umami), to understand aggregate site traffic patterns, such as which pages are visited and which sites refer visitors here. Umami is cookieless and does not receive or store any information that identifies you individually — see our Cookie Policy for details

Each of these providers is contractually restricted from using your information for any purpose other than providing services to Impradel, and from retaining it longer than necessary.

We may also disclose information where required by law, such as in response to a valid legal order, or to protect the rights, safety, or property of Impradel, our clients, or the public.

6. Where Your Information Is Processed

Because some of our service providers operate infrastructure located in the United States, your information may be processed or stored outside of Canada. Where this occurs, we take reasonable steps to ensure a comparable level of protection is applied, consistent with our obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA).

If you are located in the European Union, the United Kingdom, or elsewhere outside Canada, please note that your information will be transferred to and processed in Canada and, where applicable, the United States. By using our website and services, you acknowledge this cross-border processing.

7. How Long We Keep Your Information

We retain personal information only for as long as necessary to fulfill the purposes identified in Section 3, or as required by applicable law, whichever is longer. Assessment and engagement records are retained for the duration of our business relationship with you and for a reasonable period afterward to meet our legal, accounting, and business record-keeping obligations. You may request earlier deletion at any time, as described in Section 9.

8. How We Protect Your Information

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold, informed by the same risk management principles we recommend to our clients. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by law.

9. Your Rights

If you are in Canada, under PIPEDA you have the right to:

  • Know what personal information we hold about you and why
  • Request access to that information
  • Request correction of inaccurate or incomplete information
  • Challenge our compliance with this policy by contacting our Privacy Officer
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not met our obligations

If you are in the European Union or United Kingdom, you additionally have the right to:

  • Request erasure of your personal information ("right to be forgotten")
  • Request a portable copy of your information
  • Restrict or object to certain processing
  • Lodge a complaint with your local data protection supervisory authority

We honor these rights for all individuals who contact us requesting them, regardless of location, as a matter of practice consistent with our commitment to strong privacy protection. We are currently reviewing formal representative appointment requirements under GDPR Article 27 as our international client base grows; this policy will be updated with representative contact details if and when that appointment is made.

To exercise any of these rights, contact legal@impradel.com. We will respond within 30 days, consistent with PIPEDA's standard.

10. Email Communications

Transactional and service-related emails (such as your diagnostic report or a response to your inquiry) are sent as a direct result of your request and are not subject to Canada's Anti-Spam Legislation (CASL) consent requirements. If we ever send commercial or promotional email, we will obtain your express opt-in consent first, and every such email will include a clear method to unsubscribe, consistent with CASL.

11. Children's Privacy

Our services are intended for business professionals and are not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The "Last updated" date at the top of this page will reflect the most recent revision. Material changes will be communicated through a notice on our website.

13. Contact Us

Questions, requests, or complaints regarding this policy or your personal information can be directed to:

Impradel Inc.
Email: legal@impradel.com
Website: impradel.com

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.