Legal
Privacy Policy
Effective date: 10 July 2026 · Last updated: 10 July 2026
This Privacy Policy describes how Threat Neural AI Inc. ("Threat Neural AI," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit threatneuralai.life, communicate with us, or engage our threat intelligence and defensive cybersecurity services. We are incorporated in British Columbia, Canada, with our principal office at 1008 Homer Street, Suite 110, Vancouver, BC V6B 2X1.
We are committed to handling personal information responsibly and in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), as well as British Columbia's Personal Information Protection Act (BC PIPA), which governs how organizations in BC collect, use, and disclose personal information in the course of commercial activities. Where provincial law applies alongside federal law, we meet the requirements of both frameworks.
1. Accountability
Threat Neural AI has designated a privacy contact responsible for our compliance with this Policy and applicable privacy legislation. For questions, access requests, or complaints, contact:
- Email: [email protected]
- Phone: +1 (604) 559-8342
- Mail: Threat Neural AI Inc., 1008 Homer Street, Suite 110, Vancouver, BC V6B 2X1, Canada
We train staff who handle personal information on our privacy obligations and review our practices periodically. Service providers that process personal information on our behalf are bound by contractual terms requiring comparable protection and use limitations consistent with PIPEDA and BC PIPA.
2. What personal information we collect
The type of information we collect depends on how you interact with us:
- Contact and inquiry data: name, email address, phone number, company name, job title, and the content of messages you submit through our contact form or email.
- Project and client data: engagement briefs, architecture diagrams, threat intelligence requirements, billing contacts, contractual records, and correspondence related to scoped security work.
- Technical and usage data: IP address, browser type, device identifiers, pages viewed, referring URLs, and approximate location derived from IP — collected through cookies and similar technologies as described in our Cookie Policy.
- Payment information: billing address and transaction records. Payment card details are processed by our payment service provider and are not stored on our servers.
- Security telemetry (client engagements): where authorized under contract, log data, alert metadata and related records that may contain identifiers such as usernames, IP addresses or device names — processed solely to deliver agreed services.
We do not intentionally collect sensitive personal information such as government-issued ID numbers, health records, or financial account credentials through our public website forms. If an engagement requires identity verification, we will explain the purpose and obtain appropriate consent before collection.
3. How we collect personal information
We collect personal information directly from you when you fill out forms, email us, call our office, sign agreements, or participate in briefings and workshops. We may also collect information indirectly when you interact with our website (through cookies and server logs) or when a colleague or agency submits an enquiry on your organization's behalf — in which case we expect they have authority to share your details.
During authorized client engagements, we may receive telemetry or log data from systems you designate. Such collection occurs only under written scope and data processing terms. We do not purchase personal information lists for marketing purposes.
4. Purposes for collection, use, and disclosure
Under PIPEDA and BC PIPA, organizations may collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We use personal information for the following purposes:
- Responding to inquiries and preparing proposals for threat intelligence and security projects;
- Performing contracted services, including detection support, intelligence synthesis, incident response assistance and assurance reporting;
- Managing accounts, invoicing, and payment processing in CAD;
- Improving our website, understanding aggregate traffic patterns, and maintaining security;
- Complying with legal obligations, responding to lawful requests, and enforcing our agreements;
- Sending service-related notices and, where permitted, marketing communications about Threat Neural AI offerings.
We disclose personal information only as necessary: to service providers (hosting, email delivery, analytics where consented, payment processors), to professional advisers under confidentiality obligations, to successors in a merger or acquisition subject to equivalent protections, or when required by law, court order, or regulatory authority.
5. Consent
We obtain your consent for the collection, use, and disclosure of personal information, except where the law permits or requires otherwise. Express consent is obtained through our contact form checkbox, engagement letters, and cookie banner. You may withdraw consent for non-essential processing by contacting us, subject to legal or contractual restrictions. Withdrawal may limit our ability to provide certain services.
For client engagements involving ongoing access to systems or data, consent and authorization are documented in written agreements that define scope, retention, subprocessors and breach notification obligations.
6. BC PIPA — additional British Columbia requirements
Because Threat Neural AI operates in British Columbia, BC PIPA applies to our commercial activities within the province. Under BC PIPA, we must inform you of the purposes for collection before or at the time of collection, limit use and disclosure to those purposes (or compatible purposes with consent), and protect personal information with reasonable security safeguards.
BC PIPA grants individuals the right to request access to their personal information and to request correction of inaccurate information. It also provides a complaint mechanism through our organization and, if unresolved, through the Office of the Information and Privacy Commissioner for British Columbia. We cooperate with the Commissioner in accordance with applicable law.
Where we act as a service provider processing personal information on behalf of a BC client, we follow the client's documented instructions and assist with access and correction requests as required by contract and BC PIPA.
7. Cross-border processing
Our website and primary business systems are hosted in Canada. Some service providers may process data in other jurisdictions. When personal information is transferred outside Canada, we assess the recipient's privacy practices and use contractual safeguards to require protection comparable to Canadian standards. Details are available on request.
8. Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Inquiry records are typically retained for up to twenty-four months unless a business relationship develops. Client engagement records are retained according to contractual terms and applicable limitation periods. Cookie consent choices are stored locally in your browser for six months.
9. Security safeguards
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold — including access controls, encryption in transit, staff training, and incident response procedures. No method of transmission or storage is completely secure; we cannot guarantee absolute security but we work continuously to reduce risk.
Client telemetry processed during engagements is segregated from unrelated data, accessed only by authorized personnel under need-to-know principles, and handled according to engagement-specific confidentiality terms.
10. Your rights
Subject to applicable law, you may request access to personal information we hold about you, request correction of inaccurate information, and withdraw consent for certain processing. To exercise these rights, contact us using the details in Section 1. We will respond within timeframes required by PIPEDA and BC PIPA, typically within thirty days.
If you are dissatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia, depending on the nature of your complaint.
11. Breach notification
If a breach of security safeguards creates a real risk of significant harm to an individual, we will notify affected individuals and report to the Privacy Commissioner of Canada as required under PIPEDA. Where BC PIPA applies, we will also comply with provincial breach notification requirements. Client contracts may specify additional notification timelines and procedures.
12. Children
Our services are directed to organizations and professionals. We do not knowingly collect personal information from individuals under the age of sixteen through our website. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when it was last revised. Material changes will be posted on this page. Continued use of our website after changes constitutes acceptance of the updated Policy for website-related processing.
14. Contact
Threat Neural AI Inc.
1008 Homer Street, Suite 110
Vancouver, BC V6B 2X1, Canada
Email: [email protected]
Phone: +1 (604) 559-8342
BN 274905163 RC0001