Privacy Policy
How NeuralCraftLab collects, uses, and protects your personal information.
NeuralCraftLab ("we," "us," or "our") operates the website neuralcraftlab.life and provides professional neural network craft training at 715 King Street West, Suite 408, Toronto, ON M5V 1W5, Canada. Our business number is BN 834729156RC0001. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in Ontario.
By accessing our website, submitting an enquiry, enrolling in a programme, or otherwise interacting with our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services or provide personal information to us.
1. Accountability
NeuralCraftLab is responsible for personal information under our control. We have designated a Privacy Officer who oversees compliance with this policy and PIPEDA. You may contact our Privacy Officer at [email protected] or by mail at the address above. We will respond to privacy enquiries within thirty (30) business days unless an extension is permitted under applicable law.
We train staff and contractors who handle personal information on privacy obligations. Third-party service providers who process data on our behalf are bound by written agreements requiring comparable protection standards.
2. Information we collect
2.1 Information you provide directly
We collect personal information that you voluntarily submit through our contact form, enrolment applications, pathway advisory bookings, corporate training requests, and email correspondence. This may include:
- Full name and preferred name
- Email address and telephone number
- Mailing address and billing address
- Employment information and employer name (for corporate clients)
- Educational background and technical experience (for programme placement)
- Payment information (processed by third-party payment processors; we do not store full credit card numbers)
- Messages, questions, and feedback you send us
- Consent records, including PIPEDA consent checkboxes on forms
2.2 Information collected automatically
When you visit neuralcraftlab.life, we may automatically collect certain technical information, including IP address, browser type and version, operating system, referring URL, pages viewed, date and time of access, and device identifiers. This information is collected through server logs and, where you have consented, cookies and similar technologies as described in our Cookie Policy.
2.3 Information from third parties
We may receive information from corporate clients who enrol employees in our programmes, from payment processors confirming transaction status, and from publicly available professional profiles (such as GitHub or LinkedIn) when you share them during pathway advisory sessions. We use such information only for the purposes described in this policy.
3. Purposes for collection, use, and disclosure
We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Primary purposes include:
- Responding to enquiries submitted through our website or email
- Processing programme enrolment, scheduling, and attendance records
- Delivering training services, including lab access and instructor feedback
- Processing payments and issuing receipts
- Communicating programme updates, schedule changes, and administrative notices
- Conducting pathway advisory assessments and producing learning plans
- Improving our website, programmes, and student experience through aggregated analytics (with consent where required)
- Complying with legal obligations, including tax reporting and consumer protection requirements
- Protecting against fraud, abuse, and security threats
- Maintaining alumni community channels for graduates who opt in
We will not use your personal information for materially different purposes without obtaining fresh consent, except where permitted or required by law.
4. Consent
We obtain meaningful consent before collecting, using, or disclosing personal information, except where the law permits collection without consent. Express consent is required for contact form submissions (via the PIPEDA consent checkbox), marketing communications, and non-essential cookies.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may limit our ability to provide certain services — for example, we cannot process enrolment without basic contact and payment information. To withdraw consent, contact [email protected].
5. Disclosure to third parties
We do not sell personal information. We may disclose personal information to:
- Payment processors (e.g., Stripe) to complete transactions
- Cloud hosting providers that store website and enrolment data on servers located in Canada or the United States
- Email service providers for transactional and administrative communications
- Professional advisors (lawyers, accountants) bound by confidentiality obligations
- Government authorities when required by law, court order, or regulatory request
- Corporate clients, limited to attendance and progress information for employees they enrolled (with prior notice to the individual)
When personal information is processed outside Canada, it may be subject to the laws of the foreign jurisdiction. We take reasonable steps to ensure comparable protection through contractual safeguards.
6. Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods in 2026:
- Contact form enquiries: 24 months from last interaction
- Enrolment and academic records: 7 years from programme completion
- Financial records: 7 years per Canada Revenue Agency requirements
- Marketing consent records: until consent is withdrawn plus 3 years
- Server logs: 90 days
When information is no longer needed, we securely delete or anonymise it.
7. Security safeguards
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold. Measures include encrypted HTTPS transmission, access controls limiting staff access to need-to-know basis, secure password policies, regular software updates, and locked premises at our Toronto campus. No method of transmission or storage is completely secure; we cannot guarantee absolute security but we continuously review and improve our practices.
8. Individual access and correction
Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it, subject to limited exceptions under PIPEDA (such as information protected by solicitor-client privilege or disclosure that would reveal personal information about another individual). We will respond within thirty (30) days.
If you believe information we hold about you is inaccurate or incomplete, you may request correction. We will amend records as appropriate and, where necessary, forward corrected information to third parties who received the original data.
9. Children's privacy
Our programmes are designed for adults aged 18 and over. We do not knowingly collect personal information from individuals under 16 without parental consent. If we learn that we have collected information from a minor without proper consent, we will delete it promptly.
10. Challenging compliance
If you have concerns about our privacy practices, contact our Privacy Officer at [email protected]. We will investigate all complaints and respond with our findings and proposed remediation. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
11. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated "Last updated" date. Where required, we will obtain fresh consent for new uses of previously collected information. Continued use of our services after changes constitutes acceptance of the revised policy for non-material updates. Archived versions of this policy are available upon request for the current and prior calendar year. Contact our Privacy Officer for accessible-format copies upon request.
12. Cross-border data transfers
Some of our service providers may store or process personal information on servers located in the United States or other jurisdictions outside Canada. When information crosses borders, it may be accessible to law enforcement and national security authorities in those countries under local laws. Before transferring personal information, we assess the risks and implement safeguards such as standard contractual clauses, data processing agreements, and vendor security reviews. You may request information about cross-border transfers affecting your data by contacting our Privacy Officer.
13. De-identification and analytics
We may aggregate and de-identify personal information to produce statistical reports about programme outcomes, website usage, and operational performance. De-identified data cannot reasonably identify an individual and is not subject to PIPEDA. We may use de-identified data indefinitely for research, curriculum improvement, and public reporting of cohort metrics displayed on our website.
14. Breach notification
In the event of a security breach involving personal information that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA breach notification provisions. Notifications will describe the nature of the breach, the information involved, steps we are taking, and recommendations for protecting yourself. We maintain an internal incident response plan reviewed annually in 2026. Records of all breaches, near-misses, and remediation actions are retained for seven years and reviewed by the Privacy Officer each quarter.
15. Contact
NeuralCraftLab Privacy Officer
715 King Street West, Suite 408
Toronto, ON M5V 1W5, Canada
Email: [email protected]
Phone: +1 (289) 555-4726
Business number: BN 834729156RC0001