Privacy Policy

1. Introduction

Torinit Technologies Inc. ("Torinit," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit our websites (torinit.com, torinit.ai, score.torinit.com, monaro.ai), use our products and services, engage with us for consulting services, or interact with us in any other capacity.

Torinit is an AI consulting firm headquartered in Ontario, Canada. We are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation. Where we process data of individuals in other jurisdictions, we comply with applicable local laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and other relevant privacy regulations.

If you have questions about this policy, contact our Privacy Office at privacy@torinit.com.

2. Information We Collect

2.1 Information You Provide Directly

• Contact information (name, email address, phone number, company name, job title) when you book a discovery meeting, complete a contact form, subscribe to communications, or register for events
• Assessment data when you complete the Distributor Intelligence Score (DIS) assessment on score.torinit.com, including your responses to assessment questions, company information you provide or confirm, and your email address if you request the PDF report
• Business information you share during consulting engagements, including organizational data, operational metrics, system configurations, and business processes relevant to the engagement scope
• Communications you send to us via email, contact forms, or other channels

2.2 Information Collected Automatically

• Device and browser information (device type, operating system, browser type and version, screen resolution)
• Usage data (pages visited, time spent on pages, navigation patterns, referring URLs)
• IP address and approximate geographic location derived from IP
• Cookie and tracking technology data (see our Cookie Settings page at /cookies for details)

2.3 Information from Third-Party Sources

• Publicly available business information used during the DIS assessment pre-population phase, including company details sourced from public websites, job postings, press releases, and industry databases
• Information from analytics and advertising platforms that help us understand how visitors interact with our websites

2.4 Client Engagement Data

During consulting engagements (AI Consulting, AI Studio, and Co-Innovation), Torinit may access and process data from client systems including but not limited to:

• Enterprise Resource Planning (ERP) system data including transaction records, pricing data, inventory data, customer records, and purchasing history
• Operational data including sales performance, margin analysis, supplier program attainment, and workflow metrics
• Product and catalog data including SKU information, cross-reference tables, and manufacturer data

This data is accessed solely for the purpose of delivering the contracted consulting engagement and is governed by the specific terms of each client engagement agreement.

3. How We Use Your Information

We use personal information for the following purposes:

• To provide and improve our websites, products, and services
• To deliver the DIS assessment, generate your Distributor Intelligence Score, and produce your assessment report
• To deliver consulting services under the terms of your engagement agreement
• To communicate with you about our services, respond to inquiries, and provide customer support
• To send marketing communications where you have opted in or where permitted by applicable law (you may opt out at any time)
• To analyze website usage and improve the user experience
• To comply with legal obligations and protect our rights

4. Legal Basis for Processing

Under PIPEDA and applicable law, we process personal information based on:

• Your consent, which may be express or implied depending on the sensitivity of the information and the context
• The necessity of processing for the performance of a contract or engagement agreement
• Our legitimate business interests, where these are not overridden by your privacy rights
• Compliance with legal obligations

You may withdraw your consent at any time by contacting privacy@torinit.com. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

5. How We Share Your Information

We do not sell personal information. We share personal information only in the following circumstances:

• Service providers: We share data with third-party service providers who perform services on our behalf (hosting, analytics, email delivery, CRM). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Professional advisors: We may share information with our legal, accounting, and other professional advisors as necessary.
• Legal requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.
• With your consent: We may share information with third parties when you have given us explicit consent to do so.

Client engagement data is never shared with third parties outside of the specific engagement, is never used to benefit other clients, and is never used to train general-purpose AI models unless explicitly authorized in writing by the client.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Website visitor data: Analytics and cookie data is retained for up to 26 months
• Contact and marketing data: Retained until you unsubscribe or request deletion, plus a reasonable period for record-keeping
• DIS assessment data: Assessment responses and results are retained for 24 months to allow you to return to your results. You may request deletion at any time
• Client engagement data: Retained for the duration of the engagement plus the period specified in the engagement agreement. Upon engagement conclusion, client data is handled according to the data disposition terms in the engagement agreement. Where no specific terms exist, client data is deleted or returned within 90 days of engagement completion
• Monaro.ai product data: Mechanical drawings and BOM data processed through Monaro are handled according to the Monaro Terms of Service and the customer's subscription agreement

7. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Incident response procedures for potential data breaches
• Secure data handling practices during consulting engagements, including isolated processing environments for client data

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a copy of your data in a structured, machine-readable format
• Withdrawal of consent: Withdraw consent for processing where consent is the basis
• Objection: Object to processing based on legitimate interests

For Canadian residents: You have rights under PIPEDA to access and correct your personal information. You may file a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights have been violated.

For California residents: Under the CCPA, you have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@torinit.com.

For EEA/UK residents: Where GDPR applies, you have additional rights including the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact privacy@torinit.com. We will respond within 30 days or the period required by applicable law.

9. International Data Transfers

Torinit is headquartered in Canada. Your information may be processed in Canada and, where our service providers are located, in other countries. Canada has been recognized by the European Commission as providing an adequate level of data protection. Where data is transferred to countries without adequacy determinations, we implement appropriate safeguards including standard contractual clauses.

10. Children's Privacy

Our websites and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last Updated" date. For material changes, we will provide notice through our website or by email where appropriate. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you are not satisfied with our response to a privacy concern, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.