Privacy Policy
Last updated: July 21, 2025
Person in charge of personal information
| Title | President & Privacy Officer, DarkToLight Inc. |
| team@darktolight.io | |
| Phone | +1 514‑553-3525 |
| Address | 204 Saint-Sacrement St #300, Montreal, Quebec H2Y2S9 |
1. Purpose of this Policy
DarkToLight Inc. ("DarkToLight") values the privacy of every visitor and client. This Privacy Policy explains why and how we collect, use, disclose, safeguard and store personal information when you visit or interact with darktolight.io (the "Site") or otherwise communicate with us, in compliance with Québec’s Private‑Sector Privacy Act as amended by Law 25 and Canada’s PIPEDA.
2. Scope and Effective Date
This version takes effect on 21 July 2025 and supersedes all earlier versions. It applies to personal information in any form—digital or physical—collected by DarkToLight inside or outside Québec.
3. What “Personal Information” Means
"Personal information" means any information about an identifiable individual, alone or combined with other data. If we irreversibly anonymise or aggregate information so it can no longer identify you, it is no longer personal information.
4. How We Obtain Consent
We use express or implied consent depending on context. You may withdraw consent at any time by contacting us. Our cookie banner, form check‑boxes and unsubscribe links implement this principle.
5. Personal Information We Collect
Identifiers (name, address, email, phone), credentials (hashed passwords, MFA tokens), payment data (last‑4 of card; full card handled by Stripe/PayPal), usage data (IP, browser, pages visited), project assets you upload, and cookies (with consent). We do not intentionally collect data from children under 14.
6. Why We Use Personal Information
• Service delivery and hosting • Account management and billing • Client support • Security and fraud prevention • Analytics and UX optimisation • Marketing with consent • Legal compliance.
7. Cookies and Similar Technologies
Essential cookies load automatically. Analytics and marketing cookies load only after you opt‑in via our banner. You can withdraw consent at any time.
8. Sharing and Disclosure
We never sell or rent your data. We share it only with trusted service providers under contract, in business‑transfer scenarios, or when required by law.
9. Storage, Security and International Transfers
Data is primarily stored in Canadian data centres; some providers operate abroad. Transfers undergo a privacy equivalence assessment and contractual safeguards. Security measures include TLS/SSL, AES‑256 at rest, role‑based access control and a 72‑hour breach‑notification process.
10. Your Rights
You may access, correct, delete, or obtain an electronic copy of your personal information, withdraw consent, or object to non‑essential processing, at no cost. We respond within 30 days.
11. Retention Periods
Client files: contract term + 3 years • Invoices: 7 years • Analytics logs: 14 months • Back‑ups: rolling 30 days. Afterwards we securely delete or irreversibly anonymise data.
12. Changes to This Policy
Material changes will be posted on the Site and, where feasible, emailed to clients. The "Last updated" date indicates when revisions take effect.
13. How to Contact Us
Questions or complaints? Email team@darktolight.io or write to the Privacy Officer at the address above. If you are unsatisfied, you may contact Québec’s Commission d’accès à l’information.
DarkToLight
Custom Web Solutions for your Unique Business Needs.
Quick Links
Contact Us
team@darktolight.io
(514) 553-3525