Privacy Policy

1. Who We Are

ThinkPulse AI Inc. ("CertGo", "we", "us", "our") is a corporation incorporated under the laws of Canada, operating the AI-powered CFA exam preparation platform at certgo.ai.

For any privacy-related inquiries, please contact our Privacy Officer at [email protected].

2. Information We Collect

We collect personal information only when necessary for the purposes described in this policy, and only when you voluntarily provide it or when we are permitted to do so under applicable law.

2.1 Information You Provide Directly

• Account information: Name, email address, and password when you register
• Payment information: Billing details processed by Stripe (we do not store full card numbers)
• Profile information: CFA level you are preparing for, study preferences
• Communications: Messages you send to our support team
• User-generated content: Notes, custom flashcards, and other content you create within the platform

2.2 Information Collected Automatically

• Usage data: Pages viewed, features used, questions attempted, answers submitted, time spent studying
• Device and browser information: IP address, browser type, operating system, device identifiers
• Log data: Access times, error logs, and referring URLs
• Cookies and similar technologies: As described in Section 8

3. How We Use Your Information

We use the information we collect for the following purposes:

4. Legal Basis for Processing (PIPEDA)

Under PIPEDA, we collect, use, and disclose personal information based on the following grounds:

• Consent: You have given us consent to process your information for specific purposes (e.g., marketing emails). You may withdraw consent at any time.
• Contractual necessity: Processing is necessary to perform our agreement with you (e.g., delivering the subscription service).
• Legitimate interest: We have a legitimate interest in processing your information (e.g., improving our platform, preventing fraud), which is not overridden by your rights.
• Legal obligation: We are required by law to process certain information.

5. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information with:

5.1 Service Providers

Trusted third-party vendors who help us operate the Service, under contractual obligations to protect your data:

• Stripe, Inc. — Payment processing
• Anthropic, PBC — AI model infrastructure (query processing; we do not share personally identifiable information beyond what is necessary)
• Cloud hosting providers — Infrastructure and data storage
• Analytics providers — Aggregated usage analysis
• Email service providers — Transactional and marketing communications

5.2 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of CertGo, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website prior to such a transfer.

6. International Data Transfers

CertGo is based in Canada. Some of our service providers are located in the United States or other countries. When we transfer personal information outside Canada, we ensure appropriate safeguards are in place to protect your information to a standard comparable to PIPEDA, including contractual data protection clauses.

By using our Service, you acknowledge that your information may be processed in countries other than your own, including Canada and the United States.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this policy, or as required by applicable law.

• Active accounts: Retained for the duration of your account
• Closed accounts: Basic account data retained for up to 3 years for legal and audit purposes, then securely deleted
• Payment records: Retained for 7 years as required by Canadian tax regulations
• Usage and analytics data: Retained in aggregated, anonymized form indefinitely

You may request deletion of your personal data at any time, subject to legal retention requirements. See Section 9 for your rights.

8. Cookies and Tracking Technologies

CertGo uses cookies and similar tracking technologies to enhance your experience and analyze platform usage.

You may control cookie preferences through your browser settings. Disabling non-essential cookies may affect some functionality of the Service. We will request your consent for non-essential cookies where required by law.

9. Your Privacy Rights

Under PIPEDA and applicable Canadian law, you have the following rights with respect to your personal information:

To exercise any of these rights, please contact our Privacy Officer at [email protected]. We will respond within 30 calendar days. In some cases, we may need to verify your identity before processing your request.

We do not charge a fee for access requests unless they are excessive or repetitive.

10. Email Communications and Anti-Spam (CASL)

CertGo complies with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages where we have obtained your express or implied consent, and each message will include a clear and functional unsubscribe mechanism.

Transactional emails (such as payment receipts, account notifications, and password resets) are not subject to CASL opt-out requirements as they are necessary for the Service.

You may opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your notification preferences in account settings
• Contacting us at [email protected]

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Regular security assessments and monitoring
• Payment card data processed solely by PCI-DSS compliant Stripe

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that poses a real risk of significant harm, we will notify affected users and, where required, the Office of the Privacy Commissioner of Canada.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will promptly delete such information.

13. Note to Users Outside Canada

If you are accessing CertGo from the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

Please contact us at [email protected] to exercise any such rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email and/or by posting a prominent notice on certgo.ai at least 14 days before the changes take effect. The updated policy will be identified by a revised "Last Updated" date.

Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

15. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact: [email protected]