Privacy Policy

We're serious about protecting your information

Last Updated: January 15, 2026 Download PDF Version
Quick Navigation

Introduction

Look, we get it - nobody actually enjoys reading privacy policies. But here's the thing: we're lawyers who deal with data protection every day, so we've tried to make this one actually readable.

At Polyformative Legal Solutions, we handle sensitive business information daily. That means we can't mess around when it comes to privacy. This policy explains what we collect, why we need it, and what we do with it. No fluff, no legal jargon that makes your eyes glaze over.

Quick note: By using our website or services, you're agreeing to this privacy policy. If something here doesn't sit right with you, reach out to us before you provide any information.

We're not in the business of collecting info for the sake of it. Everything we gather serves a specific purpose in delivering legal services or keeping our website running smoothly.

Personal Information You Give Us

When you reach out or become a client, you'll probably share things like:

  • Contact details - name, email, phone number, business address
  • Company info - business name, industry, size, corporate structure
  • Financial details - payment information, billing addresses (we don't store full credit card numbers, by the way)
  • Legal matter specifics - whatever you tell us about your case or business needs
  • Communications - emails, messages, documents you send our way
Stuff We Collect Automatically

Like most websites built this century, ours picks up some technical info when you visit:

  • Device & browser data - IP address, browser type, operating system, device identifiers
  • Usage patterns - pages you visit, how long you stick around, what you click on
  • Location data - general geographic location based on your IP (not GPS-level tracking)
  • Cookies & similar tech - more on this in its own section below
Privileged Communications: Once you're our client, everything you share falls under solicitor-client privilege. That's sacred territory in our world, and we protect it accordingly.

We're not gonna sell your data to advertisers or anything sketchy like that. Here's what we actually do with your information:

Legal Services Delivery

Providing the legal advice and representation you hired us for, managing your matters, drafting documents, and keeping you updated on your case.

Client Communications

Responding to your inquiries, sending updates, scheduling meetings, and generally staying in touch about your legal matters.

Billing & Administration

Processing payments, maintaining financial records, and handling the administrative side of our relationship.

Legal Compliance

Meeting our professional obligations under the Law Society rules, anti-money laundering regulations, and other legal requirements we gotta follow.

Website Improvement

Analyzing how people use our site so we can make it better, fix bugs, and improve user experience.

Security & Fraud Prevention

Protecting our systems, detecting suspicious activity, and preventing unauthorized access to sensitive information.

We might also send you occasional updates about legal developments that could affect your business - but you can opt out of those anytime.

We don't hand out your information like candy on Halloween. But there are some situations where we might need to share it:

Service Providers We Work With

Sometimes we bring in third parties to help us do our jobs better - think cloud storage providers, payment processors, IT support. They only get access to what they need, and they're bound by strict confidentiality agreements.

Legal Obligations

If we're legally required to disclose information - like responding to a court order, subpoena, or regulatory investigation - we'll do so. We'll push back on overly broad requests, though, and we'll let you know unless we're prohibited from doing so.

With Your Permission

If you ask us to share your info with someone (like opposing counsel, co-counsel, or other advisors), we'll obviously do that. We might also share limited info with potential clients you're looking to acquire or merge with - but only with explicit consent.

Professional Advisors

We occasionally consult with our own lawyers, accountants, or insurance providers. When we do, they're bound by the same confidentiality obligations we are.

Important: We don't sell, rent, or trade your personal information to third parties for marketing purposes. Period.

Security isn't just a checkbox for us - it's baked into everything we do. We're handling privileged legal information, so we've gotta get this right.

Technical Safeguards
  • Encryption - Data in transit uses TLS/SSL encryption. Stored data is encrypted at rest.
  • Access controls - Multi-factor authentication, role-based access, and the principle of least privilege.
  • Secure infrastructure - Our servers are hosted in certified data centers with physical security measures.
  • Regular security audits - We test our systems regularly and patch vulnerabilities promptly.
  • Firewall protection - Network-level security to prevent unauthorized access.
Organizational Measures
  • Staff training - Everyone on our team receives regular security and privacy training.
  • Confidentiality agreements - All employees and contractors sign strict NDAs.
  • Clean desk policy - Physical documents are secured when not in use.
  • Incident response plan - We've got procedures in place if something does go wrong.
Reality check: No security system is 100% bulletproof. We take every reasonable precaution, but if you're transmitting info over the internet, there's always some level of risk. Use your judgment about what you send via email vs. secure client portal.

Under Canadian privacy law (PIPEDA and its provincial equivalents), you've got some solid rights when it comes to your personal information. Here's what you can do:

Right to Access

You can ask to see what personal information we have about you. We'll provide it within 30 days (though complex requests might take a bit longer).

Right to Correction

If something we have on file is wrong, let us know and we'll fix it. We take accuracy seriously, especially for legal documents.

Right to Deletion

You can ask us to delete your info, with some exceptions (like if we need it for legal or regulatory reasons, or to defend against claims).

Right to Portability

In some cases, you can get your data in a format that's easy to transfer to another service provider.

Right to Object

Don't want us using your info for a particular purpose? Let us know. We'll stop unless we've got a compelling legal reason to continue.

Right to Opt-Out

Marketing emails got you annoyed? Hit unsubscribe or let us know, and we'll stop. We'll still need to send you stuff related to active legal matters, though.

To exercise any of these rights, just reach out to our Privacy Officer (contact info at the bottom of this page). We'll verify your identity and get back to you ASAP.

Heads up: If we're holding your information because of professional or legal obligations (like file retention requirements), we might not be able to delete everything immediately. But we'll explain why and give you your options.

Yeah, we use cookies. Not the chocolate chip kind (though those are in our kitchen). The digital kind that help our website work properly.

What Cookies We Use
Cookie Type Purpose Can You Opt Out?
Essential Cookies Keep the site functioning - login sessions, security features, form submissions Nope, these are necessary
Analytics Cookies Help us understand how visitors use our site so we can improve it Yep, use your browser settings
Preference Cookies Remember your choices (like language or font size) Sure, but then we can't remember your preferences
Managing Your Cookie Preferences

Most browsers let you control cookies through their settings. You can usually find this under "Privacy" or "Security" settings. Just keep in mind that blocking certain cookies might make parts of our site not work properly.

We don't use cookies for advertising or tracking you across other websites. We're lawyers, not an ad network.

We don't keep your information forever (unless we legally have to). Here's our general approach:

Client Files

The Law Society of Ontario requires us to keep client files for at least 10 years after a matter closes. For corporate clients, we often keep files longer since they might be relevant to future work. Tax-related documents? Those stick around for 7 years minimum per CRA requirements.

Prospective Client Info

If you reach out but don't end up becoming a client, we'll typically delete your inquiry info after 2 years - unless there's a conflict of interest reason to keep it longer.

Marketing Communications

If you've signed up for updates or newsletters, we'll keep your contact info until you unsubscribe. Simple as that.

Website Analytics

Anonymous usage data is typically retained for 2 years for analysis purposes, then automatically deleted.

Bottom line: We keep stuff as long as we need it for legitimate purposes, then we get rid of it securely. If you've got questions about a specific type of data, just ask.

We're a Canadian firm, and we try to keep data in Canada whenever possible. But let's be real - the internet doesn't respect borders, and sometimes we need to work with service providers located elsewhere.

Where Your Data Might Go

Some of our service providers (like cloud hosting, email, or collaboration tools) might store data on servers in the United States or other countries. When that happens, your information is subject to the laws of those countries - including government access requests under their legal frameworks.

What We Do About It

When we use international service providers, we make sure they've got strong security measures and privacy commitments. We use standard contractual clauses and data processing agreements to maintain protection standards equivalent to Canadian law.

For particularly sensitive client matters, we can arrange for data to stay exclusively in Canada - just let us know if that's important to you.

Privacy law evolves, technology changes, and sometimes we update our practices. When we make significant changes to this policy, we'll post the updated version here and update the "Last Updated" date at the top.

For material changes that affect how we use or protect your information, we'll notify active clients directly via email. If you're just a website visitor, checking back here occasionally is a good idea.

Pro tip: Bookmark this page and check it once a year or so. We'll never make changes that weaken your privacy protections without giving you a heads up first.

Our website might link to other sites - government agencies, industry associations, legal resources, whatever. We're not responsible for their privacy practices, and this policy doesn't apply to them.

When you click through to another site, you're on your own. Read their privacy policies, use your judgment, and don't assume they follow the same standards we do.

Same goes for any social media platforms where we might have a presence. Those are governed by their own privacy policies, not ours.

Our services are for businesses and adults. We don't knowingly collect information from anyone under 18, and our website isn't designed for kids.

If you're a parent or guardian and you think your child has provided us with personal information, let us know and we'll delete it promptly.

Privacy Officer Contact

Got questions about this privacy policy? Want to exercise your privacy rights? Concerned about how we're handling your information? Reach out to our Privacy Officer - that's what they're here for.

Mail Privacy Officer
Polyformative Legal Solutions
Suite 1200, 181 Bay Street
Toronto, ON M5J 2T3, Canada
Privacy Officer
Not satisfied with our response?

You've got the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.