Privacy Policy

1. Who We Are

AdvisorApex Inc. (“AdvisorApex,” “we,” “us,” or “our”) operates the AdvisorApex platform — a CRM, pipeline management, and AI-assisted workflow tool built for licensed Canadian life insurance and wealth advisors. Our registered address is in Canada.

This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use our website at advisorapex.ca and our application platform (collectively, the “Services”).

2. Information We Collect

Account & Profile Information

• Full name, email address, and phone number provided at sign-up
• Provincial insurance advisor licence number and licence province(s)
• Business name, office address, and errors & omissions insurance details
• Profile photo (optional)

Lead & Client Data You Enter

• Names, email addresses, phone numbers, and postal codes of your leads
• CASL consent records (method, date/time, IP address, source)
• Appointment notes, pipeline stage, lead scoring data
• Communication logs and AI-drafted message drafts (all require your approval before sending)

Billing Information

• Payment method details are processed and stored by Stripe, Inc. — we receive only a tokenized card reference and last-four digits. We never store full card numbers.
• Billing address and transaction history

Usage & Technical Data

• IP address, browser type, device identifiers, and operating system
• Pages visited, features used, and session duration
• Server logs and error reports

3. How We Use Your Information

• To provide the Services: Account creation, authentication, pipeline management, AI agent drafting, and appointment scheduling.
• To process payments: Subscription billing via Stripe.
• To send service communications: Account confirmations, trial reminders, billing receipts, and critical security notices. These are transactional — not marketing.
• To improve the platform: Aggregated, anonymised usage analytics help us prioritise features.
• To comply with legal obligations: Responding to lawful requests from Canadian regulatory authorities.

We do not use your data or your leads’ data to train AI models. AI agent actions are drafted based on templates and context you provide — no personal lead data leaves Canada to train third-party models.

4. Canadian Data Residency

All personal information and lead data stored in AdvisorApex resides in our Canadian database (Supabase PostgreSQL, ca-central-1 — Canada Central). This supports your obligations under PIPEDA and provincial privacy legislation.

Some service providers we rely on operate internationally (see Section 6). Where personal data is processed outside Canada, we ensure contractual protections are in place consistent with PIPEDA Schedule 1, Principle 7.

5. CASL — Canada’s Anti-Spam Legislation

AdvisorApex is built to help you comply with CASL. Our platform records express and implied consent, timestamps and IP addresses, consent methods, and unsubscribe requests. The Do Not Contact flag in any lead record hard-blocks all AI-generated outbound communications to that individual.

You remain solely responsible for obtaining and documenting valid consent for any commercial electronic messages you send through or outside the platform. Our CASL tracking tools are an aid — not a guarantee of compliance.

6. Information Sharing

We share personal information only in the following circumstances:

• Service providers: Clerk (authentication), Stripe (payments), Resend (transactional email), Twilio (SMS), Vercel (hosting), Supabase (database). Each is bound by data processing agreements.
• AI inference: OpenAI / Anthropic APIs may receive message drafting prompts. Prompts are structured to exclude personally identifiable lead information wherever possible. No persistent training occurs.
• Legal requirements: We may disclose information if required by Canadian law, court order, or to protect our legal rights.
• Business transfers: In the event of a merger, acquisition, or asset sale, users will be notified prior to transfer of personal information.

We do not sell, rent, or trade personal information to any third party for their marketing purposes.

7. Data Retention

• Active account data is retained for the duration of your subscription plus 90 days after cancellation.
• If you cancel, your data is accessible for 30 days (“grace period”), after which it is queued for deletion.
• Billing records are retained for 7 years to meet Canadian tax and accounting obligations.
• CASL consent audit logs are retained for 3 years after the last commercial electronic message sent to a contact, consistent with CASL enforcement guidance.

8. Your Rights Under PIPEDA

You have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Withdrawal of consent: Withdraw consent to non-essential processing (note: withdrawal may affect our ability to provide certain Services).
• Deletion: Request erasure of your account and associated personal data, subject to retention obligations described above.
• Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe your privacy rights have been violated.

To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Security

We implement industry-standard safeguards including TLS 1.3 encryption in transit, AES-256 encryption at rest, multi-factor authentication, role-based access controls, and regular security reviews. No transmission over the internet is 100% secure — we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you and the OPC as required under PIPEDA’s breach notification obligations.

10. Cookies & Tracking

We use essential cookies for authentication (Clerk session tokens) and functional cookies to remember your preferences. We do not use third-party advertising or behavioural tracking cookies. See our Cookie Policy for full details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and notify registered users via email if changes are material. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

12. Contact Us