Privacy Policy
This Privacy Policy describes how Sidona Inc. ("Sidona," "we," "us," or "our") collects, uses, discloses, and protects your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial and territorial privacy legislation.
Last updated: May 17, 2026 • Effective date: May 17, 2026
1. Introduction & Scope
Sidona Inc. is a Canadian corporation operating across all provinces and territories. We operate a web-based platform that uses artificial intelligence to aggregate, analyze, and present publicly available government procurement data to our users.
This Privacy Policy applies to all personal information we collect through our website at sidona.ca, our web application (the "Platform"), email communications, and any other services we provide (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
2. Information We Collect
We collect personal information in accordance with PIPEDA's Principle 4 (Limiting Collection). We only collect information that is necessary for the purposes identified below.
a) Information You Provide Directly
- Account Information: Name, email address, organization name, and password when you create an account.
- Billing Information: Payment details (processed securely by our third-party payment processor—we do not store full credit card numbers).
- Contact & Inquiry Information: Name, email, phone number, and message content when you contact us or request a demo.
- Profile Information: Job title, industry, company size, and procurement preferences you choose to provide.
b) Information Collected Automatically
- Usage Data: Pages visited, features used, search queries, time spent on pages, and clickstream data.
- Device & Technical Data: IP address, browser type, operating system, device identifiers, and referring URLs.
- Cookies & Similar Technologies: As described in our Cookie Policy.
c) Information from Third Parties
- Authentication Providers: If you sign in via a third-party service (e.g., Google), we receive your name, email, and profile image from that provider.
- Public Government Sources: We aggregate publicly available procurement data from government websites. This data is institutional and does not typically contain personal information.
3. How We Use Your Information
In accordance with PIPEDA's Principle 5 (Limiting Use, Disclosure, and Retention), we use your personal information only for the purposes for which it was collected, including:
- Providing & Improving Services: To operate, maintain, and enhance the Platform, including AI-powered procurement matching and alerts.
- Account Administration: To manage your account, process transactions, and provide customer support.
- Communication: To send service-related notices, respond to inquiries, and (with your consent) deliver marketing communications.
- Analytics & Research: To understand usage patterns, improve our AI models, and develop new features.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
- Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
4. Consent
In accordance with PIPEDA's Principle 3 (Consent), we obtain your meaningful consent before collecting, using, or disclosing your personal information. The form of consent may vary depending on the sensitivity of the information and your reasonable expectations.
- Express Consent: We obtain express consent for sensitive personal information, marketing communications, and sharing information with third parties for their own purposes.
- Implied Consent: In certain circumstances, your consent may be implied, such as when you voluntarily provide information to us for an obvious purpose (e.g., providing your email to create an account).
- Withdrawal of Consent: You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us at the details below. Withdrawal may affect our ability to provide certain Services.
5. Disclosure of Information
We do not sell your personal information. We may share your information in the following limited circumstances:
- Service Providers: With trusted third-party vendors who assist us in operating the Platform (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data and use it only as directed by us.
- Legal Requirements: When required by law, regulation, subpoena, court order, or other governmental request.
- Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your information may be transferred as a business asset. You will be notified of any such change.
- With Your Consent: For any other purpose with your explicit consent.
Cross-Border Data Transfers
Some of our service providers may store or process data outside of Canada (e.g., in the United States). When this occurs, your personal information may be subject to the laws of those jurisdictions. We take reasonable steps to ensure that your personal information is protected through contractual obligations that are comparable to PIPEDA requirements.
6. Data Retention
In accordance with PIPEDA's Principle 5, we retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
- Active Accounts: We retain your personal information for the duration of your account's existence.
- Closed Accounts: Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal, regulatory, or legitimate business purposes (e.g., tax records, dispute resolution).
- Marketing Data: If you unsubscribe from marketing communications, we will promptly cease marketing use of your data, though we may retain a suppression record to honor your preference.
7. Data Security
In accordance with PIPEDA's Principle 7 (Safeguards), we implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:
Technical Safeguards
- Encryption in transit (TLS/SSL) and at rest
- Secure authentication via Clerk
- Regular security audits and vulnerability testing
- Access controls and role-based permissions
Organizational Safeguards
- Employee confidentiality agreements
- Privacy training for staff handling personal data
- Incident response and breach notification procedures
- Regular review of privacy practices
8. Your Rights Under Canadian Privacy Law
Under PIPEDA and applicable Canadian provincial and territorial privacy legislation, you have the following rights with respect to your personal information:
Right of Access (Principle 9)
You may request access to the personal information we hold about you. We will respond within 30 days of receiving your request.
Right to Correction
You may challenge the accuracy and completeness of your personal information and have it amended as appropriate.
Right to Withdraw Consent
You may withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions.
Right to Complain
If you believe we have not handled your personal information appropriately, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376.
Right to Deletion
You may request that we delete your personal information. We will comply unless we are required or permitted by law to retain it.
9. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.
10. Third-Party Links & Services
Our Platform may contain links to third-party websites, applications, or services that are not operated by Sidona. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Platform.
11. Disclaimer & Limitation of Liability
THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. To the fullest extent permitted by applicable law, Sidona Inc. disclaims all warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, and non-infringement.
Sidona Inc. does not warrant that: (a) the Services will meet your requirements; (b) the Services will be uninterrupted, timely, secure, or error-free; (c) the procurement data or results obtained through the Services will be accurate, complete, or reliable; or (d) any defects in the Services will be corrected.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL SIDONA INC., ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES — including but not limited to loss of profits, data, business opportunities, or goodwill — arising out of or in connection with your use of the Services, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, even if Sidona Inc. has been advised of the possibility of such damages.
In any event, Sidona Inc.'s total aggregate liability to you for all claims arising out of or relating to the use of the Services shall not exceed the amounts paid by you to Sidona Inc. during the twelve (12) months immediately preceding the event giving rise to the claim, or one hundred Canadian dollars (CAD $100), whichever is greater.
You acknowledge that the procurement data displayed on the Platform is aggregated from publicly available government sources and is provided for informational purposes only. Sidona Inc. is not responsible for any decisions made based on this data and does not guarantee the accuracy, completeness, or timeliness of any government procurement information.
12. Governing Law
This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the federal laws of Canada and the laws of the province or territory in which the dispute arises, without regard to conflict of law principles. You agree to submit to the jurisdiction of the courts located in Canada.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on our Platform. Your continued use of the Services after any modifications indicates your acceptance of the updated Privacy Policy. We encourage you to review this page periodically. The "Last updated" date at the top of this policy indicates when it was last revised.
14. Contact Us
If you have any questions, concerns, or requests regarding your personal information or this Privacy Policy, please reach out through our official contact channel:
Sidona Inc.
Canada
Submit a privacy inquiry via our Contact Page
We will acknowledge receipt of your inquiry within a reasonable timeframe and will respond substantively within 30 days, in accordance with PIPEDA requirements. If you are unsatisfied with our response, you may escalate your complaint to the Office of the Privacy Commissioner of Canada.