Privacy Policy

Effective May 5, 2026. This policy explains what information Initrode collects, how we use it, who we share it with, and the rights you have over it. For questions, contact [email protected].

1. Who we are

Initrode (“we,” “us,” “our”) is the operator of initrode-it.com and the advisory firm behind the AI services described on this website. We are a Canadian business. Our privacy inquiries are handled at [email protected].

2. What information we collect

We collect different types of information depending on how you interact with us.

Information you give us directly. When you email us, fill out a form, or engage our services, you may share your name, work email, phone number, company, job title, and any information you include in your message or project scope. You may also submit domain names, website URLs, keywords, or related context when using tools such as our AI Visibility Audit.

Information collected automatically when you visit this site. We use Google Analytics 4 to measure aggregate traffic and content performance. This includes your IP address (truncated before storage where configuration allows), device and browser type, pages visited, referral source, approximate geographic region, and session duration. We do not combine this data with personal information you provide unless you take an action that explicitly links the two.

Information we receive from third parties. If you book a call via our scheduling tools, contact us through a partner, or interact with us through professional networks, we may receive contact information and context through those channels.

Information you do not provide. We do not knowingly collect sensitive personal information (health, financial, biometric, or similar) through this website. If an engagement requires handling such information, we document the scope and protections explicitly in the engagement contract.

3. How we use your information

We use personal information to:

  • Respond to inquiries, scope engagements, and deliver services you ask us to deliver.
  • Operate, maintain, and improve this website and the tools hosted on it.
  • Communicate with you about engagements, service updates, and (if you opt in) relevant content.
  • Comply with legal obligations, including record-keeping, invoicing, and audit requirements.
  • Protect Initrode, our clients, and the integrity of our systems from fraud, abuse, or security incidents.

4. Legal basis (PIPEDA and GDPR)

Under Canadian privacy legislation (PIPEDA), we collect, use, and disclose personal information with your consent, either express or implied, for the purposes described in this policy. Where you engage our services, consent is implied for the processing needed to deliver them; for other uses (such as marketing communications), we ask explicitly.

If you are located in the European Economic Area, the United Kingdom, or another GDPR-adjacent jurisdiction, our legal bases include: consent (for optional communications), contractual necessity (for delivering the services you engage), legitimate interests (for improving our services and protecting our systems), and legal obligation (for tax, accounting, and record-keeping requirements).

5. Who we share information with

We do not sell personal information. We share it only with:

  • Service providers who help us operate the business (hosting, analytics, email delivery, scheduling, CRM, and AI engine providers we query on your behalf when you use tools such as the AI Visibility Audit). These providers are bound by contract to handle your information only on our instructions and to protect it appropriately.
  • Our delivery partners where a service engagement requires subcontracted delivery capacity. Our AI-Augmented Helpdesk service is delivered under Sourced Delivery: Initrode is the customer of record, and we subcontract the L1 and L2 staffing layer to an MSP partner from our partner program. In those cases we share the minimum information required for the subcontracted partner to operate the service under our prime engagement.
  • Our partner, Classified Intelligence, for heavier cybersecurity, privacy, and GRC advisory work, when and only when you ask for an introduction or the engagement explicitly requires it.
  • Authorities and legal advisors, when required by law, regulation, court order, or to establish, exercise, or defend legal claims.
  • Acquirers or successors, in the event of a corporate transaction (merger, acquisition, reorganization), subject to confidentiality and ongoing obligations consistent with this policy.

6. Where your information is stored

Initrode is based in Canada, and our primary operations are Canadian. Some service providers we rely on operate in the United States and other jurisdictions. When personal information is transferred outside Canada, we take steps to ensure an equivalent level of protection, including contractual safeguards and vendor due diligence. If you want details about where specific data types are held, contact [email protected].

7. How long we keep it

We keep personal information only as long as necessary for the purpose it was collected, plus any period required by law. Engagement records are typically retained for seven years after the engagement ends for tax, accounting, and audit purposes. Analytics data is retained according to the configured retention period in Google Analytics 4 (currently 14 months by default). Website contact inquiries are retained for up to two years unless there is an active business reason to retain longer.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your information, subject to our legal or contractual retention obligations.
  • Restrict or object to certain processing.
  • Withdraw consent at any time where processing is based on consent.
  • Receive a copy of your information in a portable format.
  • Lodge a complaint with a privacy regulator.

We do not discriminate against individuals for exercising these rights.

9. How to exercise your rights

Send a request to [email protected]. We will confirm receipt within a business week and respond substantively within 30 days. We may need to verify your identity before acting on a request. If we decline a request (for example, because it conflicts with a legal retention obligation), we will explain why.

10. Cookies and tracking

This website uses cookies and similar technologies for essential site functions and analytics. For a full list of what we use and how to control it, see our Cookie Policy.

11. Children

This website is intended for business users. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

12. Security

We maintain administrative, technical, and physical safeguards intended to protect personal information from unauthorized access, use, or disclosure. These include access controls, logging, encryption in transit for sensitive data, and regular review of our vendor posture. No system is perfectly secure, but we take protection seriously, and we work with our partner, Classified Intelligence, on security and privacy discipline where engagements warrant it.

13. AI Visibility Audit

If you submit a request for our free AI Visibility Audit, we collect, process, and store information specifically for that audit, in addition to the general practices described above.

What you submit. Your work email, company name, audit-target URL, business category, primary market, a short description of what you sell, and an optional short list of competitors. We also record the IP address and browser of the submission for security and to enforce our rate limits.

What we fetch. Our automated scanner retrieves a small number of publicly accessible files from your audit-target URL. We do not read content behind authentication and do not crawl your site beyond a tightly scoped set of public artifacts.

What we send to AI engines. We construct a small set of buyer-intent prompts about your category and your company name and submit them to third-party AI engine providers. The prompts contain only the information you submitted on the form; we do not send the contents of your website to AI engines for the audit.

What we generate. The audit produces a results email delivered to the submission email, and an internal briefing record stored on a Contact and Company in our CRM associated with your work email and company domain.

How long we keep audit data. The complete audit record is retained for 18 months from the audit date and then purged automatically. The Contact and Company records in our CRM persist for the duration of any active customer relationship and follow our standard CRM retention policy. You can request earlier deletion at any time by emailing [email protected].

Audit window and re-runs. The bundled 30-minute strategy review attached to a paid Sprint or Retainer engagement is available for 30 days from your audit date. After 30 days the audit is stale; you may request a free re-run, which creates a fresh audit record and a new 30-day window.

Rate limits and abuse protection. We limit submissions to one audit per audit-target apex domain per 30 days, with additional automated abuse protection. Submissions from disposable or free-webmail providers are not accepted; the work email must match the apex domain of the audit target.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or services. We will update the effective date at the top of the policy and, for material changes, notify clients directly where appropriate.

15. Regulator contact

You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy regulator. If you are located in the European Economic Area or the United Kingdom, you may contact your local data-protection authority.

16. Contact

Privacy inquiries: [email protected]
General inquiries: (888) 886-3928 (Answered by Bella, our virtual agent.)