Pholeo Privacy Policy

Effective Date: February 13, 2026

Introduction

Pholeo Inc. ("Pholeo," "we," "us," or "our") operates the Pholeo marketing portfolio creator platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service, including our free and paid subscription plans. By using the Service, you consent to the practices described in this Privacy Policy.

1. Definitions

  • Personal Information means information about an identifiable individual, as defined under the Personal Information Protection and Electronic Documents Act (PIPEDA).
  • User Content means any content uploaded or created by users on the Service.
  • Billing Information means payment-related data such as credit or debit card details, billing address, and transaction history.

2. Information Collection

We collect the following categories of information:

  • Registration Information: When creating an account, we collect your name, email address, and authentication credentials (password is stored in hashed form).
  • Billing Information: When you subscribe to a paid plan or make a purchase, our third-party payment processor collects your payment details (e.g., credit or debit card number, expiration date, and billing address). Pholeo does not directly store full payment card numbers. We receive and retain limited transaction data, such as the last four digits of your card, transaction amounts, and billing dates, for record-keeping and support purposes.
  • User Content: We store content you upload or create on the platform, including marketing materials and portfolio information.
  • Usage Data: We collect data on how you use the platform, including page views, feature interactions, clicks, and errors.
  • Device Information: We collect device type, operating system, browser type, browser language, and IP address.

3. Use of Information

We use collected information for the following purposes:

  • To provide, maintain, and improve the Service
  • To authenticate users and manage accounts
  • To process payments, manage subscriptions, and send billing-related communications (e.g., receipts, renewal reminders, and failed payment notices)
  • To communicate with you about your account, including service announcements, security alerts, and customer support messages
  • To send promotional communications, such as information about new features, offers, or content relevant to you (you may opt out of promotional emails at any time using the unsubscribe link in any such email or through your account settings)
  • For analytics purposes, to understand how users interact with the Service and to improve our offerings
  • To detect, prevent, and address fraud, abuse, or security issues

4. Data Storage and Security

We primarily store user data in secure cloud infrastructure located in Canada, but some of our service providers may process data in other jurisdictions. We implement industry-standard security measures, including encryption of data in transit and at rest, access controls, regular security reviews, and secure authentication protocols. While we take reasonable steps to protect your information, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

5. Sharing Information

We may share your information with the following categories of third parties:

  • Payment Processors: We share billing information with third-party payment processors (e.g., Stripe) to process subscription payments and transactions. These processors handle your payment data in accordance with their own privacy policies and applicable payment card industry (PCI) standards.
  • Infrastructure and Service Providers: We use third-party providers for cloud hosting, email delivery, analytics, and customer support tools. These providers access your data only as necessary to perform services on our behalf and are contractually obligated to protect your information.
  • Legal Obligations: We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

We do not sell your personal information to third parties.

A list of key service providers (subprocessors) may be available upon request.

6. Cookies and Tracking Technologies

We and our partners may use cookies and similar tracking technologies:

  • Essential Cookies: Required for the Service to function, including authentication and session management.
  • Analytics Cookies: Used to understand how users interact with the Service, measure performance, and identify areas for improvement. We may use third-party analytics services (e.g., Google Analytics) that set their own cookies.
  • Preference Cookies: Used to remember your settings and preferences across sessions.

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

7. User Rights

Under applicable privacy laws, including PIPEDA, you have the following rights regarding your personal information:

  • Access: You may request access to the personal information we hold about you.
  • Correction: You may request correction of inaccurate or incomplete personal information.
  • Deletion: You may request deletion of your account and associated personal data, subject to our legal retention obligations (see Section 8).
  • Withdrawal of Consent: You may withdraw your consent for data processing at any time, subject to legal or contractual restrictions. Withdrawal of consent may affect your ability to use certain features of the Service.
  • Data Portability: You may request a copy of your certain personal information in a commonly used, machine-readable format, where technically feasible.
  • Opt Out of Marketing: You may opt out of promotional communications at any time (see Section 3).

To exercise any of these rights, contact us at [email protected] or use the relevant options in your account settings. We will respond to your request within 30 days.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, or as required by applicable laws. Specifically:

  • Account Data: Retained for as long as your account is active. Upon account deletion, we will delete or anonymize your personal data within 30 days where feasible, except for residual copies in backups or logs and where required for legal, security, or compliance purposes.
  • Billing and Transaction Records: Retained for a period of up to 7 years after the date of the transaction to meet tax, audit, and financial record-keeping requirements.
  • Usage and Analytics Data: Retained in aggregated or anonymized form and may be kept indefinitely for analytical purposes.

After the applicable retention period, we will securely delete or anonymize your personal data in accordance with our data management practices and legal obligations.

9. Data Breach Notification

In the event of a data breach that creates a real risk of significant harm to individuals, Pholeo will notify affected users and the Office of the Privacy Commissioner of Canada as required under PIPEDA. We will provide notification as soon as feasible after becoming aware of the breach, including a description of the breach, the types of information involved, and the steps we are taking in response.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at [email protected].

11. International Data Transfers

Pholeo is based in Canada, and your personal information is primarily stored and processed in Canada, but some service providers may process data in other jurisdictions. If you access the Service from outside of Canada, your information may be transferred to, stored in, and processed in Canada or other countries. By using the Service, you consent to the transfer of your information to these jurisdictions, where privacy laws may differ from those in your jurisdiction. We take reasonable steps to ensure your information remains protected in accordance with this Privacy Policy and applicable laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes at least 30 days in advance through email or in-app notifications. The "Effective Date" at the top of this page indicates when this Privacy Policy was last revised. Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes.

13. Contact

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:
[email protected]

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Canada, including PIPEDA and applicable provincial privacy legislation.