PRIVACY POLICY
How LearnPointCo handles personal information
Effective 10 July 2026 · LearnPointCo Inc., 51 Trinity Street, Suite 105, Toronto, ON M5A 3C4
Legal hub · Cookie Policy · Terms of Use
1. Scope and controller identity
LearnPointCo Inc. ("LearnPointCo," "we," "us," or "our") is the data controller for personal information collected through learnpointco.pro (the "Site") and for business contact data you provide when starting a learning project or engaging our consulting services. Our registered business address is 51 Trinity Street, Suite 105, Toronto, ON M5A 3C4, Canada. Business Number: 512 906 374 RC0001.
This Privacy Policy explains our practices under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial law. It applies to visitors, prospective clients and individuals who correspond with us through the Site. It does not govern learner records processed solely under a client's authority during a consulting engagement — those relationships are defined in separate statements of work and client privacy frameworks.
Privacy inquiries and access requests: [email protected]. We aim to respond within 30 calendar days.
2. Accountability and governance
LearnPointCo maintains internal accountability for privacy compliance. Leadership designates responsibility for PIPEDA adherence, staff training on confidentiality obligations, and review of third-party service provider contracts. We assess privacy implications before launching new Site features, contact workflows or AI tutoring integrations used in client projects.
When we support Ontario public bodies — universities, colleges, school boards — we operate as a service provider under client instruction. The public body remains accountable under the Freedom of Information and Protection of Privacy Act (FIPPA). We document our role, subprocessors and data flows to assist client privacy officers; Section 6 below details FIPPA-aligned practices.
3. Categories of personal information collected
3.1 Information you provide directly
Through the contact form, email, telephone or in-person meetings we may collect:
- Full name and professional title
- Organization name, department and role
- Email address and telephone number
- Subject selection and message content
- PIPEDA consent confirmation via the
consent_pipedacheckbox (unchecked by default; required for submission) - Attachments or supplementary materials you voluntarily provide
We do not require payment card data through the Site. Invoicing for consulting services occurs through separate secure channels agreed in proposals.
3.2 Technical and usage information
When you browse the Site, servers and optional analytics (enabled only with cookie consent) may record IP address, browser user-agent, device type, operating system, referring URL, pages viewed, session duration and approximate geographic region derived from IP. Server access logs support security monitoring and troubleshooting. See our Cookie Policy for cookies and local storage, including the learnpointco_consent preference stored as JSON in local storage for approximately six months.
3.3 Client engagement materials
Under signed consulting agreements we may receive institutional datasets, de-identified or pseudonymised learner activity exports, faculty interview notes, LMS schema documentation, assessment rubrics, storyboard assets, AI tutoring prompt libraries and project correspondence. Categories vary by engagement scope. Processing purposes, retention and security requirements are specified contractually and may incorporate Canadian data residency, FIPPA classification guidance and responsible-AI documentation deliverables.
4. Purposes of collection, use and disclosure
We collect and use personal information for purposes a reasonable person would consider appropriate, limited to what is necessary:
- Responding to inquiries and scheduling learning-design discovery sessions
- Preparing proposals, statements of work, contracts and invoices in CAD
- Delivering learning experience design, AI tutoring assistant configuration, courseware production, assessment design, LMS integration and accessibility analytics services
- Maintaining client relationships, service quality and project documentation
- Complying with legal, regulatory, tax and professional obligations
- Protecting the Site and our systems against fraud, abuse and unauthorized access
- Improving Site content, security and performance where consent permits analytics
We do not sell personal information. We do not use Site data to offer get-rich AI courses, homework completion services, essay-writing tools, wellness coaching or credentialing. LearnPointCo is a B2B learning-design consultancy for education organizations.
5. Disclosure to third parties
We may disclose personal information to:
- Service providers — Canadian or foreign hosting, email delivery, document collaboration and backup vendors bound by confidentiality and security obligations proportionate to data sensitivity
- Professional advisors — lawyers, accountants or insurers when necessary for legitimate business purposes
- Public authorities — when required by valid legal process, court order or applicable law
- Successors — in a merger, acquisition or asset sale, subject to equivalent privacy protections and notice where practicable
Client engagement data is disclosed only as instructed by the client contract or with client authorization, except where law compels disclosure.
6. Ontario FIPPA and public-sector clients
Many of our clients are Ontario public bodies — universities, colleges and school boards — subject to FIPPA. While LearnPointCo Inc. is a private organization governed primarily by PIPEDA, we design consulting workflows with FIPPA principles when supporting public-sector engagements:
- We document the purpose for each data element requested and avoid collecting extraneous personal information
- We recommend storage and access controls aligned with client records-management policies
- We assist clients in assessing whether proposed AI tutoring logs or analytics constitute "personal information" under FIPPA
- We support privacy impact assessments when projects involve new collections, cross-border hosting or sensitive inferences about learners
- We return or securely destroy client data at engagement end unless retention is agreed for audit trails
FIPPA applies to public bodies, not to LearnPointCo directly. Our Corktown studio location positions us to meet with Ontario institutional privacy officers and incorporate Information and Privacy Commissioner of Ontario guidance into deliverables. Nothing in this policy constitutes legal advice; clients should consult their own counsel on FIPPA compliance.
Storage within Canada is our default for public-sector projects unless the client authorizes otherwise in writing with appropriate contractual safeguards.
7. Consent and withdrawal
We obtain meaningful consent before collecting personal information, except where collection is permitted or required without consent under PIPEDA. The contact form requires affirmative PIPEDA consent via checkbox before submission. Consent is not pre-checked.
For non-essential cookies and analytics, we request consent through the Site banner (Accept all, Reject all, or Customise linking to the Cookie Policy). Essential cookies necessary for security and consent memory may operate without separate opt-in.
You may withdraw consent for future non-essential processing by contacting us. Withdrawal does not affect processing already lawfully conducted and may limit our ability to respond to inquiries or deliver optional services. Legal and contractual retention obligations may continue to apply.
For client projects involving learner data, consent or other lawful authority is obtained by the client institution — we support documentation but do not substitute for their privacy office determinations.
8. Limiting collection, use and retention
We collect only information reasonably required for identified purposes. Contact form honeypot fields (website) detect automated spam and are not used for profiling legitimate users. We retain contact submissions and commercial correspondence as long as needed for response, relationship management and compliance — typically up to seven years for business records unless a shorter period is appropriate. Client project materials follow contract schedules; secure destruction occurs at engagement end unless extended retention is agreed for audit trails. Technical logs are retained for shorter security windows.
We apply data minimisation throughout the design lifecycle: collect only fields required for stated learning objectives; pseudonymise or aggregate where feasible; segregate production, staging and development environments; restrict access on a need-to-know basis.
9. Accuracy
We rely on you to provide accurate contact information. We update records when you notify us of changes. For client project data, accuracy responsibilities are allocated in statements of work; we flag inconsistencies discovered during quality assurance.
10. Safeguards
We implement administrative, technical and physical safeguards proportionate to sensitivity, including HTTPS transport encryption, role-based access controls, employee confidentiality agreements, secure workstations at our Trinity Street office, vendor security review and incident response planning. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
We notify clients of security incidents affecting their data without undue delay as contracts require, and cooperate with institutional breach procedures under PIPEDA and provincial law.
11. Individual access, correction and complaints
Upon written request, we provide access to personal information we control directly (e.g., contact-form submissions) subject to limited legal exceptions. We correct inaccuracies when verified and delete information when retention is no longer necessary, unless law requires continued storage.
Learners seeking access to education records should contact their institution first; we assist our client in responding when we hold data on their behalf. Submit Site-related requests to [email protected].
If you believe we have handled personal information inconsistently with this policy or PIPEDA, contact us first so we can investigate. Unresolved concerns may be referred to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Information and Privacy Commissioner of Ontario (ipc.on.ca).
12. Cross-border processing
Some subprocessors may process or store information outside Canada (for example, United States cloud regions). Where this occurs, we assess safeguards, document cross-border risks and disclose them to clients before activation. Clients may restrict subprocessor locations or require Canadian residency contractually.
13. Cookies and similar technologies
See our Cookie Policy for categories, the learnpointco_consent banner, durations and browser controls. Essential cookies support security and consent memory; optional analytics run only after acceptance.
14. Children and youth
learnpointco.pro targets education professionals and institutional decision-makers. We do not knowingly collect information from children through the Site. Project work involving minors follows client policies, parental consent requirements where applicable, and education privacy rules.
15. Changes to this policy
We update this policy when practices, technology or law change. The effective date above will reflect revisions. Material updates may be noted on the Site or communicated to active clients where appropriate.
Last updated 10 July 2026 · LearnPointCo Inc. · BN 512 906 374 RC0001