Compliance & Privacy Policy

OZELO™ Engine  ·  Effective date: [EFFECTIVE DATE]  ·  Last updated: [DATE]

This policy explains how [OZELO LEGAL ENTITY NAME] ("OZELO™", "we", "us") approaches privacy and compliance for the OZELO™ Engine software and the ozelo.com website. It describes our zero-cloud, local-processing model, the roles of the parties, the limited information we collect, and how the design is built to support advisors' obligations under Quebec's Law 25 and PIPEDA.

1. Scope of this policy

This policy covers two things: (a) the way the OZELO™ Engine software is designed to handle the personal information advisors process within it, and (b) the limited personal information OZELO™ itself collects from advisors and website visitors. It does not replace the privacy notices an advisor provides to their own clients, nor an advisor's own obligations as the party responsible for client and child information.

2. Our privacy philosophy

OZELO™ follows a zero-cloud, local-first design. The personal information of client families and children is entered and processed on the advisor's own device and is not transmitted to or stored on OZELO™'s servers. Our view is simple: the safest place for a child's data is nowhere — so we built the product not to hold it.

3. Roles & responsibilities

As between the advisor and OZELO™:

• the advisor is the party responsible for client and child personal information — the "person carrying on an enterprise" under Law 25 and the organization under PIPEDA — and determines the purposes for which it is used;
• OZELO™ provides the software and acts as a software/service provider. Because of the local-processing model, OZELO™ does not collect, receive, host, or have access to the client or child personal information the advisor processes in the Software.

Advisors remain responsible for their own privacy notices, consents, records, and regulatory obligations.

4. How the software handles personal information

• Local processing. Family and child information is processed on the advisor's device, not in a central cloud database.
• Selective reading. When an advisor provides a data file, the Software reads only the fields it needs to operate; the remainder of the file is not read.
• On-device encryption. Information stored by the Software on the advisor's device is protected using AES encryption.
• Visual privacy. The Software masks personal information on screen to reduce inadvertent exposure.
• Advisor-sent communications. Messages to families are sent through the advisor's own email systems, not from an OZELO™ server.

5. Children's information & parental consent

The Curriculum is delivered to families that include minors, which calls for heightened care. The Software includes a consent gate: Curriculum cannot be delivered to a child until the advisor records that consent from a parent or legal guardian has been obtained. Under Law 25, consent to process the personal information of a minor under 14 is given by the person having parental authority. The advisor is responsible for obtaining and maintaining valid consent to the standard required by law; the consent gate is a workflow control that supports — but does not replace — that obligation.

6. Information OZELO™ collects

OZELO™ collects a limited set of information directly from advisors and visitors, which does not include the client or child Curriculum data processed locally in the Software:

• Account & licence information — name, business contact details, firm, and licence/seat details.
• Billing information — handled through our payment processor; OZELO™ does not store full payment card numbers.
• Support communications — information you provide when you contact us.
• Website information — limited technical and usage data described in Section 7.

7. Website privacy & cookies

When you visit ozelo.com we may collect limited technical information (such as IP address, browser type, and pages viewed) and use [analytics provider, e.g., privacy-respecting analytics] to understand site usage. We use [strictly necessary / analytics] cookies. [Insert cookie banner / consent mechanism details and list of cookies once finalized.] If you submit a contact or access request, we use the information you provide to respond.

8. How we use information

We use the information we collect to provide, secure, and improve the Software and website; to process subscriptions and billing; to provide support; to communicate about your account and service; and to meet legal and regulatory obligations. We do not sell personal information.

9. Service providers & disclosure

We share information only as needed with service providers who help us operate (for example, [payment processor], [hosting/CDN provider], and [analytics provider]), under contracts that require them to protect it. We may disclose information where required by law or to protect rights and safety. If OZELO™ is involved in a merger or acquisition, information may be transferred subject to this policy.

10. Data retention

We keep the information OZELO™ collects only as long as needed for the purposes described here or as required by law, after which it is deleted or de-identified. Client and child information processed locally in the Software is retained on the advisor's device under the advisor's control and is governed by the advisor's own retention practices.

11. Security

We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including the on-device encryption and access controls built into the Software. No method of storage or transmission is perfectly secure, but the local-processing model is designed to minimize the information at risk by not centralizing it.

12. Your rights (Law 25 / PIPEDA)

Subject to applicable law, you may have the right to access, correct, or update the personal information OZELO™ holds about you, to withdraw consent, and — under Law 25 — to request portability of certain information and to be informed of automated processing. To exercise these rights for information OZELO™ holds, contact us using Section 16. For client or child information processed in the Software, requests should be directed to the responsible advisor, since OZELO™ does not hold that information. You may also contact the [Commission d'accès à l'information du Québec] or the [Office of the Privacy Commissioner of Canada] with a complaint.

13. Privacy incidents

OZELO™ maintains procedures to assess and respond to confidentiality incidents involving information it holds, and will notify affected individuals and regulators where required by Law 25, PIPEDA, or other applicable law. Because the Software does not transmit client or child information to OZELO™, incidents involving information held locally by an advisor are assessed and reported by that advisor as the responsible party. [Counsel to confirm incident-handling and record-keeping obligations.]

14. Data location & transfers

Client and child information processed in the Software remains on the advisor's device, in the advisor's location. Information OZELO™ collects (Section 6) may be processed by our service providers; where information is processed outside Quebec or Canada, we take steps intended to provide an appropriate level of protection. [Counsel to confirm any Law 25 transfer-assessment requirements.]

15. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "last updated" date and, where appropriate, provide additional notice. Your continued use after changes take effect constitutes acceptance.

16. Contact & privacy officer

The person responsible for the protection of personal information at OZELO™ is [NAME / TITLE — Privacy Officer]. For privacy questions or requests, contact [privacy@ozelo.com], [OZELO LEGAL ENTITY NAME], [REGISTERED ADDRESS, Montréal, Québec].