Privacy
Privacy Policy
Last updated: 3 July 2026
Overview
Synth Circuit Inc. ("Synth Circuit", "we") respects your privacy. This policy explains our practices under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) for visitors to synthcircuit.life and clients of our generative-AI and automation studio.
We are an applied-AI studio based in Vancouver, British Columbia. We design and build custom generative-AI systems, conversational AI, workflow automation circuits, retrieval-augmented generation knowledge bases and MLOps infrastructure for client organizations. Personal information handling supports enquiry response, project delivery and legal compliance — not unrelated marketing resale.
Who is responsible
Privacy Officer contact: [email protected]
Address: 1090 West Georgia Street, Suite 1800, Vancouver, BC V6E 3V7, Canada
BN: 916240837 BC0001
Information we collect — website
When you browse synthcircuit.life we may collect:
- Technical logs: IP address, browser type, pages viewed, timestamps and referring URLs.
- Cookie and local storage data recording your consent preferences (six-month retention).
- Form submissions: name, email, phone, company, message content and consent checkbox status.
Information we collect — client projects
During generative-AI and workflow automation engagements we process:
- Business contact details for project stakeholders and billing.
- Workflow documentation, integration credentials (stored securely), and communications.
- Client datasets for retrieval knowledge bases, fine-tuning (with consent), model evaluation and guardrails testing.
- Generated outputs logged for quality review when contracted.
Why we use personal information
- To respond to prototype and project enquiries.
- To deliver contracted generative-AI strategy, prototyping, workflow wiring, RAG systems, conversational AI, support automation and MLOps services.
- To invoice CAD fees and manage retainers.
- To secure and improve our website.
- To meet legal obligations.
We do not sell personal information. Website enquiries are not used to train general LLMs.
Consent
Contact forms require active PIPEDA consent (checkbox not pre-ticked). Client data processing is governed by statements of work and data processing agreements. Use of client content for model improvement beyond project delivery requires separate written consent.
Disclosure
We disclose information only to:
- Infrastructure and LLM API providers under confidentiality terms.
- Professional advisors when necessary.
- Authorities when legally required.
International processing
Some subprocessors operate in the United States. We use contractual safeguards and offer Canadian-region deployment for sensitive workloads. Details provided in client agreements.
Retention schedule
- Marketing enquiries: up to 24 months.
- Project artifacts: per contract, typically 90 days to 12 months post-completion.
- Financial records: per Canadian tax requirements.
- Cookie consent: 6 months locally in your browser.
Security
Access controls, encryption in transit, least-privilege credentials and staff confidentiality obligations protect data. No method is 100% secure; we notify clients of breaches as required.
Your rights under PIPEDA
You may request access to, correction of, or deletion of personal information we hold — subject to legal exceptions. Email [email protected]. We respond within 30 days.
Client and model data
Documents indexed for RAG remain client property. Fine-tuned weights are delivered or destroyed per agreement. We isolate client environments where feasible. Evaluation datasets are handled under contract terms. We report model limitations honestly; accuracy is never guaranteed.
Cookies
See our Cookie Policy for categories, vendors and opt-out steps.
Children
Services are for business users. We do not knowingly collect data from anyone under 16.
Privacy Commissioner
If unresolved, contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.
Change log
- 3 July 2026 — Initial publication for synthcircuit.life launch.
Questions
[email protected] · +1 (604) 733-6120
Accountability and training
Our staff with access to personal information receive privacy and security training appropriate to their roles. Access is limited to personnel who require it for enquiry response, project delivery or billing. We review subprocessors periodically for PIPEDA-compatible practices.
Marketing communications
We send project-related email to clients under contract. Promotional email to enquiry contacts requires consent and includes unsubscribe options. We do not purchase mailing lists.
Model provider data handling
When client projects use third-party LLM APIs, provider terms govern transient processing of prompts and completions. We configure API settings to minimize retention where providers allow. Client agreements list approved providers and regions.
Access request process
To request access or correction, email [email protected] with identity verification sufficient for us to locate your records. We may request additional detail to prevent unauthorized disclosure. Responses are provided in accessible formats where feasible.
Breach response
If a breach creates real risk of significant harm under PIPEDA, we notify affected individuals and the Privacy Commissioner, document remediation steps and cooperate with investigations.
Automated decisions
Website form data is not used for solely automated decisions with legal effect. Client automation circuits may include automated steps under separate contracts with required human review points.
Subprocessor review
We evaluate cloud and LLM subprocessors for security certifications and data handling terms before use in client projects. Clients may request subprocessor lists during active engagements. We notify clients of material subprocessor changes where contracts require.
Retention of communications
Email and message threads related to projects may be retained for the duration of the engagement plus the retention period in your agreement. Enquiry emails from non-clients follow the schedule in the Retention section above.
Withdrawal of consent
You may withdraw marketing consent anytime. Withdrawal does not affect processing necessary to complete an active contract or comply with law. To withdraw website analytics consent, update cookie preferences or clear local storage.
Accuracy of personal information
We rely on you to provide accurate contact information. You may request correction of inaccurate records we maintain about you.
Openness and transparency
This policy is publicly available. We describe purposes at collection where practicable — for example, the contact form states that information is used to respond under PIPEDA with an explicit consent checkbox.
Challenging compliance
You may challenge our compliance with PIPEDA by contacting [email protected]. We investigate complaints and respond with our findings and any planned remediation.
PIPEDA fair information principles — how we apply them
Accountability
Synth Circuit Inc. is accountable for personal information under our control. Our Privacy Officer oversees compliance and responds to inquiries.
Identifying purposes
We identify purposes at or before collection — contact forms state enquiry response; client contracts define project data purposes.
Limiting collection
We collect only information reasonably required for stated purposes. Website forms do not request unnecessary sensitive data.
Limiting use, disclosure and retention
Information is used only for identified purposes unless you consent or law requires otherwise. Retention follows schedules in this policy and client agreements.
Accuracy
We take reasonable steps to keep personal information accurate. Clients and enquiry contacts may request correction.
Safeguards
Security measures appropriate to sensitivity protect personal information, including access controls and encryption in transit.
Openness
This policy is publicly available. We provide additional detail on request regarding practices and subprocessors for active projects.
Individual access
Access requests are handled within PIPEDA timelines with identity verification to prevent unauthorized disclosure.
Challenging compliance
Concerns may be raised with us first, then with the Office of the Privacy Commissioner of Canada if unresolved.
Generative-AI project data specifics
When building conversational AI or content generation systems, we may process prompts, completions and evaluation logs containing personal information if present in client datasets. Clients are responsible for lawful collection of source data. We process such data only under contract, apply access controls and delete per agreement. Fine-tuning on data containing personal information requires explicit consent and impact assessment.
Support automation data
Support automation projects may involve ticket content with customer personal information. We configure retention, redaction and access consistent with client policies and PIPEDA. Human review queues limit exposure of sensitive content to authorized client staff.
Website server logs
Server logs may include IP addresses and request metadata for security and troubleshooting. Logs are rotated and deleted on a schedule separate from analytics cookies. Logs are not used for profiling visitors beyond aggregate security monitoring.
Contacting the Privacy Commissioner
We encourage you to contact us first at [email protected] so we can address concerns directly. If you remain unsatisfied, the Office of the Privacy Commissioner of Canada accepts complaints at priv.gc.ca or 1-800-282-1376. We will cooperate with any investigation related to our handling of personal information.
Policy review schedule
We review this Privacy Policy at least annually and whenever material changes to our processing activities occur — for example, new subprocessors, new service lines or regulatory updates affecting generative-AI deployments in Canada.
Questions and requests
For any privacy question, access request or complaint, contact [email protected] or write to the Privacy Officer at our Vancouver address. We aim to acknowledge enquiries within five business days.
Data portability
Where technically feasible and required by contract, we assist clients in exporting custom configurations and documentation developed during projects. Personal information portability requests from individuals are handled under PIPEDA access provisions.
Research and development
We do not use identifiable client or website visitor data for internal research unrelated to contracted deliverables without consent. Aggregated anonymised metrics from consented analytics may inform website improvements only.
Effective date
This policy is effective as of 3 July 2026 and applies to all personal information in our control from that date forward, subject to prior notices for legacy processing where applicable.