Legal
Privacy Policy
Last updated: April 22, 2026 · Applies to the AdvisorAxis private beta.
AdvisorAxis Inc. ("AdvisorAxis," "we," "us") respects your privacy and the privacy of the clients you serve. This policy explains what personal information we collect, why, and how we protect it. It applies to the AdvisorAxis platform in its current private-beta state. A more detailed policy will apply at general release; we will notify every beta participant of any material changes by email before they take effect.
1. Who this applies to
This policy covers two groups of people:
- Advisors — the licensed financial professionals who use AdvisorAxis to manage their practice.
- Clients of those advisors — whose personal and financial information advisors enter into AdvisorAxis in order to provide advice.
Advisors are our customers. Clients are the customers of our customers. We treat client data as information that belongs to the advisor and the client, not to us.
2. What we collect
From advisors
- Name, email, phone, licence number, firm/MGA, province(s) of practice
- Login credentials (passwords stored as salted bcrypt hashes — never plaintext)
- Authentication tokens, session metadata, IP address, device / browser type, audit log of platform actions
- Payment information (when we introduce paid plans — handled by Stripe; we don't store card numbers)
From clients (entered by their advisor)
- Identity: name, date of birth, gender, contact information, marital status, dependants
- Financial: income, net worth, registered and non-registered accounts, corporate structures, insurance coverage, beneficiaries
- Planning inputs the advisor captures as part of their needs analysis
3. Why we collect it
- To provide the advisor-facing platform (CRM, planning tools, reports)
- To authenticate users and prevent unauthorized access
- To generate the compliance audit trail Canadian advisors are expected to maintain
- To diagnose and fix bugs reported by beta participants
- To contact advisors about product updates, maintenance, and — if they opt in — new features
4. What we don't do with it
We do not sell client data. We do not use client data to train machine-learning models. We do not share client data with advertisers. We do not send marketing email on behalf of advisors to their clients.
5. Where your data lives
Production data is stored in Canadian-region infrastructure (primarily Toronto / Montreal data centres). Encryption is applied in transit (TLS 1.2+) and at rest. Backup snapshots remain within Canada. We do not use US-region processors for primary storage of advisor or client data.
When the advisor enables the optional "Bring Your Own AI" integration, prompts and responses flow to the AI provider the advisor has configured. If that provider is outside Canada, the advisor is responsible for the cross-border transfer and for obtaining any required client consent.
6. How long we keep it
We retain advisor account data for as long as the advisor maintains an AdvisorAxis subscription plus a reasonable wind-down window. Client records inside an advisor's account are retained per the retention period the advisor configures (typically the 7 years required by MFDA / CIRO / CSA rules). When an advisor deletes a client, we mark the record as deleted and purge it from active systems after the advisor's configured grace period. Audit log entries may be retained longer to satisfy regulatory record-keeping obligations.
7. Your rights
Under PIPEDA and provincial equivalents (including Quebec's Law 25), you have the right to:
- Know what personal information we hold about you
- Request access to that information
- Request correction of inaccurate information
- Withdraw consent for future collection (subject to legal and contractual exceptions)
- Lodge a complaint with the Office of the Privacy Commissioner of Canada
Advisors: contact us to exercise your rights on your own account. Clients of advisors: please contact your advisor first — they are the primary custodian of your record in AdvisorAxis. We will assist advisors in responding to valid client requests.
8. Security
We follow industry-standard security practices, including encryption in transit and at rest, salted-hash password storage, short-lived access tokens, multi-factor authentication (rolling out in beta), firm-level data isolation, and a detailed audit log on every write. No system is perfectly secure; if we ever become aware of a breach affecting your data we will notify you promptly and comply with applicable Canadian breach-notification laws.
9. Changes to this policy
Material changes will be announced by email to every active beta participant at least 30 days before taking effect. Minor clarifications will be posted here without individual notice.
10. Contact
Privacy inquiries: privacy@advisoraxis.ca
General inquiries: hello@advisoraxis.ca