Privacy Policy

This Privacy Policy explains how Experivise Technologies Inc. (“Experivise”) collects, uses, shares, and protects personal information across our marketing website, product platform, APIs, and customer support interactions (together, the “Services”).

When an advisory firm uses Experivise to serve its clients, that firm acts as the “controller” of its clients’ personal information and Experivise acts as the “processor.” This policy addresses our role as a controller for our own direct users (firm team members, prospects, website visitors) and our role as a processor for firm clients.

Account and profile data

When you sign up, we collect your name, email, phone, firm name, title, and billing information. If your firm uses SSO, we receive the identity attributes released by your identity provider.

Usage and device data

We collect logs of how you interact with the Services — pages viewed, features used, timestamps, IP address, browser type, and approximate geographic location derived from IP. This supports security, troubleshooting, analytics, and product improvement.

Customer data (processed on your firm’s behalf)

When your firm uses Experivise to manage client relationships, we store the records you create — client profiles, households, workflows, documents, notes, signatures, and KYC evidence. Your firm controls the scope and contents of this data.

Marketing and website data

If you visit experivise.com or request a demo, we collect what you provide plus cookie identifiers and referrer information. See our Cookies Policy for details.

We use personal information to:

• Provide, maintain, and support the Services — including account provisioning, authentication, and customer support.
• Bill you, prevent fraud, and meet our legal and tax obligations.
• Understand product usage, diagnose issues, and improve the experience. Where practical, we use aggregated or de-identified data for this purpose.
• Send transactional notifications (billing, security, support) and, with your consent, product updates or marketing communications you can unsubscribe from at any time.
• Comply with law, enforce our Terms of Use, and protect the rights, safety, and property of Experivise, our customers, and others.

For individuals covered by the EU GDPR, UK GDPR, or PIPEDA in Canada, we rely on the following legal bases:

• Contract: providing the Services to you or your firm.
• Legitimate interests: product improvement, fraud prevention, network and platform security, and limited direct marketing to existing customers.
• Consent: optional cookies, newsletter sign-ups, and certain product communications. You may withdraw consent at any time.
• Legal obligation: meeting tax, accounting, and regulatory requirements.

We share personal information only as described below:

• Subprocessors: infrastructure and tooling vendors that help us run the Services (hosting on AWS, email delivery, analytics, error monitoring, payment processing). A current list is available on request at security@experivise.com.
• Your firm: if you are a client of an advisory firm that uses Experivise, your firm controls what it sees and who at the firm can access your records.
• Legal and safety: we disclose information when legally compelled, and only to the extent required, after challenging overbroad requests.
• Business transfers: in the event of a merger, acquisition, or asset sale, personal information may transfer, subject to the acquirer honoring commitments at least as protective as this policy.

We do not sell personal information.

We apply commercially reasonable technical and organizational measures to protect personal information — including encryption in transit (TLS 1.2+), encryption at rest (AES-256 where supported), role-based access control, audit logging, vulnerability management, and regular third-party penetration testing.

Despite these measures, no system is perfectly secure. Report suspected vulnerabilities or incidents to security@experivise.com.

We keep personal information only as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

For customer data managed by your firm, retention is configured by your firm’s administrators. After account termination, we typically delete customer data within 60 days except where retention is required by law.

Experivise is headquartered in Canada and operates infrastructure in Canada, the United States, and Ireland. When personal information travels across borders, we rely on lawful mechanisms such as Standard Contractual Clauses and adequacy decisions where applicable.

Depending on where you live, you may have the right to access, correct, delete, or port your personal information; object to or restrict certain processing; and withdraw consent. To exercise these rights, email privacy@experivise.com.

If you are a client of a firm that uses Experivise, please direct requests to that firm first — it is the controller of your data.

The Services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe we have collected data from a child, contact us and we will delete it.

Privacy questions, requests, or complaints: email privacy@experivise.com or write to Experivise Technologies Inc., Attn: Privacy Office, 325 Front Street West, Suite 400, Toronto, ON M5V 2Y1, Canada.