1. About Advisor Advisory and the scope of this policy

Advisor Advisory Inc. (“Advisor Advisory”, “we”, “us” or “our”) operates the AdvisorAdvisory platform at https://advisoradvisory.com (the “Site”). Advisor Advisory is federally incorporated in Canada and provides a directory where clients can discover, compare and connect with licensed investment advisors. Clients can search for advisors, view profiles, leave reviews and contact advisors through web forms. Advisors can create free or premium profiles, upload biographies, credentials and other documents, and respond to client inquiries. We may display advertisements or sponsored content on the Site, and advisors may subscribe to paid plans for premium features. We do not handle or facilitate financial transactions between clients and advisors.

This Privacy Policy explains how we collect, use, store and share the personal information of clients, advisors and visitors (collectively “users”) who use our services. It describes your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and any substantially similar provincial laws. PIPEDA is Canada’s federal privacy law that regulates how privatesector organizations handle personal information during commercial activities . Provincial privacy laws in British Columbia, Alberta and Québec offer similar protections and may apply to personal information collected within those provinces. This policy applies regardless of where you reside because PIPEDA applies to interprovincial and international collection, use and disclosure of personal information.

2. Personal information we collect

Information you provide directly

1. Account and profile details. When you create an account (either as a client or advisor), we collect your name, email address and password. Advisors also provide professional information such as licences, certifications, areas of specialty, professional bios, education and work history, and may upload documents and photographs.
2. Contact and communication data. If you fill out a contact form, request information or interact with us by email or chat, we collect the information you provide, such as your email address, phone number and message content. When clients contact advisors through the Site, we forward the content of those messages to the selected advisor.
3. Reviews and other usergenerated content. Clients can submit reviews about advisors. Reviews may include ratings, comments, and any other information you choose to provide. You decide what to include, but please do not post confidential or sensitive personal data about yourself or others.
4. Subscription and payment details. Advisors who subscribe to premium plans provide payment information such as name, billing address and payment card details. Payments are processed by thirdparty payment processors; we do not store full creditcard numbers.
5. Support and feedback. If you contact us for support or provide feedback or suggestions, we collect that information.

Information we collect automatically

1. Usage and device information. Like most websites, we collect information about how you interact with the Site. This includes IP addresses, browser type, device identifiers, pages viewed, referring URLs and the date/time of visits. PIPEDA regards information such as name, age, ID numbers, contact details, income, credit records and opinions as examples of personal information. While usage data alone may not identify you, we treat it as personal information when it can be linked to you.
2. Cookies and tracking technologies. We use cookies, web beacons and similar technologies to operate our Site, remember your preferences, analyse how the Site is used and deliver advertisements (see section 6 below). Under Canada’s AntiSpam Law (CASL) and PIPEDA, organizations may rely on implied consent for nonsensitive cookies so long as the collection and use are within the reasonable expectations of users.

Information from other sources

1. Advisor verification. We may confirm advisors’ licences and credentials with regulators or public databases. Where permitted by law, we may collect disciplinary history and insurance status.
2. Thirdparty analytics and advertising partners. We receive aggregated reports from analytics providers to understand Site traffic and performance. Advertising partners may provide us with information about ad impressions or clicks to measure campaign effectiveness.

3. How we use personal information

We only collect, use and disclose personal information for purposes identified at or before collection. Advisor Advisory uses personal information for the following purposes:

1. To provide and improve our services. We use account and usage information to operate, maintain and improve the Site, to display advisor profiles, to allow clients to search, filter and contact advisors and to enable advisors to manage their profiles.
2. To facilitate communication. We relay client inquiries to advisors and notify clients when advisors respond. We send transactional communications (such as confirmations, receipts, account alerts, password reset emails and renewal notices).
3. To verify advisors and maintain trust. We may use advisor information to verify professional credentials and eligibility, ensuring that only licensed advisors appear in our directory.
4. To process payments. We use subscription and payment information to process advisor payments and manage subscription plans. Payments are handled by thirdparty processors subject to their own privacy policies.
5. To personalize content and advertising. We may use cookies and usage data to remember your preferences and to deliver relevant advertisements or sponsored content. The Office of the Privacy Commissioner (OPC) has stated that optout consent is acceptable for targeted advertising provided individuals are aware of the purpose, can easily opt out and the information collected is limited and deidentified.
6. To conduct research and analytics. We analyse how users interact with the Site to improve functionality, develop new features and understand trends.
7. For security and fraud prevention. We monitor activity to prevent misuse of the Site, detect fraud and protect the security of user accounts. PIPEDA requires organizations to protect personal information with appropriate safeguards.
8. To comply with legal obligations. We may use or disclose personal information to meet legal and regulatory requirements, respond to lawful requests, enforce our Terms and Conditions, or protect our rights and the rights of others.

We will not use personal information for purposes beyond those described without obtaining your consent or as required or permitted by law.

4. Legal basis and consent

PIPEDA’s ten Fair Information Principles require organizations to be accountable, identify purposes, obtain consent, limit collection, limit use/disclosure/retention, ensure accuracy, provide safeguards, maintain openness, provide individual access and allow individuals to challenge compliance . Advisor Advisory follows these principles.

Consent. We obtain meaningful consent before collecting, using or disclosing personal information. Consent may be express (e.g., checking a box when creating an account) or implied (e.g., continuing to use the Site after we provide notice of our practices). Under PIPEDA, implied consent may be relied upon when information is not sensitive and the collection and use align with reasonable expectations . We require express consent before collecting sensitive information or using information for new purposes. You may withdraw consent at any time by contacting us; however, we may retain or continue to use information for the period necessary to fulfill the purpose for which it was collected or as required by law .

Targeted advertising consent. The OPC has determined that optout consent is acceptable for targeted advertising if users are clearly informed of the purpose, can easily opt out and only nonsensitive information is used . We implement a cookie banner to provide notice and an option to manage preferences.

5. How we share personal information

We do not sell personal information. We share personal information only as described below:

1. With advisors. When clients submit inquiries or requests to advisors, we share the client’s name, contact information and message content with the selected advisor so they can respond. Advisors are independent professionals and are responsible for handling personal information according to their own legal obligations.
2. With service providers. We engage thirdparty companies and individuals to help deliver our services (e.g., hosting providers, payment processors, analytics providers, email and SMS providers, advertising networks). These service providers may have access to personal information only to perform services on our behalf and are contractually required to protect it.
3. With advertising and analytics partners. We may allow advertising partners to set cookies or use web beacons to collect information about your device and browsing actions for advertising and measurement purposes. Such partners use the information to provide us with aggregated reports and to deliver ads based on interests. We follow the OPC’s guidance on online behavioural advertising, including avoiding tracking on websites aimed at children and enabling optout mechanisms.
4. For legal reasons. We may disclose personal information if required to comply with law, regulation, legal process or governmental request; to enforce our agreements; to protect the rights, property or safety of Advisor Advisory, our users or others; or to respond to emergencies.
5. Business transfers. If we engage in a merger, acquisition or sale of all or part of our business or assets, personal information may be transferred as part of that transaction. We will ensure the confidentiality of personal information is maintained and provide notice before transferring to a third party.
6. Aggregated or deidentified data. We may share aggregated or deidentified information that cannot reasonably be used to identify you, for analytics, marketing or research purposes.

6. Cookies and tracking technologies

We use different types of cookies and similar technologies:

1. Essential cookies enable core functionality such as security, network management and accessibility. These cookies are necessary for the Site to function and cannot be switched off.
2. Functional cookies remember your settings and preferences to enhance your experience (for example, remembering your language or city filter).
3. Analytics cookies collect information about how visitors use the Site, such as pages visited and links clicked, so we can improve performance.
4. Advertising cookies help deliver advertisements and measure their effectiveness. According to Baker McKenzie’s Global Data & Cyber Handbook, organizations in Canada can rely on implied consent to install cookies as long as the personal data collected is not sensitive and the collection aligns with users’ reasonable expectations . The OPC allows optout consent for targeted advertising when the purpose is clear, individuals can easily opt out, only nonsensitive information is used and data is deidentified.

When you first visit the Site, a banner informs you about our use of cookies and links to this policy. You can choose to continue browsing (implied consent) or opt out of advertising cookies. You can also adjust your browser settings to refuse or delete cookies; however, this may affect functionality. For more information about cookies or to change your settings, please use the cookiemanagement tool on our Site or refer to your browser’s help documentation.

We do not knowingly use cookies to track or target children or to serve ads on websites aimed at children.

7. Data retention and security

We retain personal information only as long as necessary for the purposes described in this policy or as required by law . We determine retention periods based on the nature of the information, the purposes for collection, legal and regulatory requirements and potential disputes. For example:

• Account information is retained while your account is active and for a reasonable period thereafter to respond to inquiries, enforce our agreements or comply with recordkeeping obligations.
• Reviews and advisor profiles are retained for the life of the platform unless you remove them or request deletion.
• Payment records are retained for tax and auditing purposes.

We implement administrative, technical and physical safeguards to protect personal information against loss, theft and unauthorized access, disclosure, copying, use or modification . Measures include encryption, access controls, secure software development practices, regular security reviews and staff training. However, no system is completely secure. In the event of a breach of security safeguards that poses a real risk of significant harm, PIPEDA requires organizations to report the breach to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals . We maintain records of all security incidents and will follow these procedures if a breach occurs.

8. International data transfers

Our servers are currently located in Canada, but we may transfer personal information to third parties or service providers in other countries. PIPEDA applies to interprovincial and international collection, use and disclosure of personal information . When transferring personal information outside of Canada, we ensure that recipients provide an equivalent level of protection, for example by using contractual safeguards.

9. Your rights under Canadian privacy laws

Under PIPEDA and equivalent provincial laws, individuals have several privacy rights. These include:

1. Right to be informed. Organizations must identify the purposes for which personal information is collected and make their data handling policies readily available.
2. Right to access. You have the right to request access to personal information held about you . Upon request, we will inform you of the existence, use and disclosure of your personal information and provide access within a reasonable time (generally within 30 days) at minimal or no cost.
3. Right to correction (rectification). You may request that inaccurate or incomplete personal information be corrected . If we make a correction, we will send the updated information to any third parties who have access, where appropriate.
4. Right to withdraw consent. You may withdraw your consent to our use or disclosure of your personal information at any time, subject to legal or contractual restrictions . This may affect the services we can provide.
5. Right to complain. You may lodge a complaint with Advisor Advisory’s privacy officer or with the Office of the Privacy Commissioner of Canada if you believe your rights have been violated .

Under Québec’s Law 25, individuals also have a right to erasure and data portability . If you are a resident of Québec, you may request deletion of personal information or obtain a portable copy, subject to legal and technical feasibility.

10. How to exercise your rights

To make a privacy request, please email info@advisoradvisory.com. You may also mail your request to our Privacy Officer at the address listed on our Site. Requests must be made in writing (including email). We may ask you for additional information to verify your identity and ensure the personal information relates to you. We will respond within 30 days or inform you if an extension is needed, explaining the reasons and your right to complain. We will not charge a fee unless the request is complex or excessive; if a fee is necessary, we will notify you in advance .

If we refuse your request, we will provide reasons and information about any recourse you may have, including filing a complaint with the OPC.

11. Thirdparty services and links

Our Site may contain links to thirdparty websites, applications or services that are not owned or controlled by Advisor Advisory, including those of advisors. This policy does not apply to the privacy practices of those third parties. We encourage you to review their privacy policies. We are not responsible for the content or privacy practices of thirdparty sites.

12. Children’s privacy

Our services are intended for adults. We do not knowingly collect personal information from individuals under the age of majority in their province or state of residence. If we become aware that a child has provided us with personal information without parental consent, we will delete that information. We also do not allow targeted advertising on websites aimed at children.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will post the updated policy on this page and indicate the “Last updated” date. If the changes are material, we may notify you through the Site or by email. Your continued use of the Site after the effective date of the revised policy constitutes acceptance of the revised policy.

14. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us at info@advisoradvisory.com. You may also reach our Privacy Officer by mail at the address provided on our Site.

We are committed to addressing your inquiries and complaints in a timely and transparent manner and to working with regulatory authorities to resolve any privacy concerns.