Section 01

Overview & Data Controller

This Privacy Policy describes how Nonlinear Platform Development ("Company", "we", "us", or "our") collects, uses, stores, and protects personal information in connection with our website at nonlinearplatform.com (the "Site") and our software platforms delivered on a subscription licensing basis (together, the "Services").

We are committed to protecting the privacy of all individuals who interact with our Site and Services. This Policy is written in compliance with applicable privacy laws including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, and other applicable international privacy regulations.

By accessing our Site or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to the practices described herein, please discontinue use of our Site and Services.

Data Controller Identity

Company Name: Nonlinear Platform Development

Website: nonlinearplatform.com

Privacy Contact: Click to reveal and send email

Jurisdiction: Canada — with global operations serving North America, the European Union, the United Kingdom, and international territories.

Section 02

Information We Collect

We collect personal information in several ways: information you provide directly to us, information collected automatically when you visit our Site, and in limited cases, information derived from your use of our Services. The scope of data we collect is limited to what is reasonably necessary for the legitimate purposes described in this Policy.

2.1 Information You Provide Directly

When you contact us by email, request information about our Services, or engage with our licensing process, you may provide us with:

  • Your name and professional title or designation
  • Your email address and other contact information you choose to share
  • Your institutional or organizational affiliation
  • Details of your research interests, professional context, or licensing requirements
  • Any other information you voluntarily include in correspondence with us

2.2 Information Collected Automatically

When you visit our Site, we and our service providers may automatically collect certain technical and usage information, including:

  • IP address and approximate geographic location derived from it
  • Browser type, version, and operating system
  • Device type and screen resolution
  • Pages viewed, time spent on pages, and navigation paths within our Site
  • Referring URLs or search terms that led you to our Site
  • Date, time, and duration of your visit
  • Interaction data such as clicks and scroll depth (only where analytics cookies are enabled with your consent)

2.3 Cookie and Local Storage Data

We use browser-based storage mechanisms — including cookies and browser localStorage — to maintain functional state and, where you have consented, to collect analytics and preference data. Full details are set out in Section 5 of this Policy.

2.4 Information We Do Not Collect

We do not collect, and have no intention to collect, sensitive personal data such as health records, financial account details, government-issued identification numbers, biometric identifiers, racial or ethnic origin data, religious beliefs, or any information from individuals known to be under the age of 16. If you are a licensee of our platforms, the privacy terms applicable to your use of those platforms are governed by the separate data processing terms accompanying your subscription agreement.

Section 03

How We Use Your Information

We use the personal information we collect solely for legitimate business purposes consistent with the context in which it was collected. Specifically, we use your information to:

  • Respond to your enquiries and provide information about our Services and licensing options
  • Process and administer subscription licensing agreements and related administrative matters
  • Maintain and improve the security, functionality, and content of our Site and Services
  • Analyse Site usage patterns to understand how professionals find and interact with our content (with your consent, where required by law)
  • Send transactional communications directly related to your enquiry or subscription — such as licensing documentation, renewal notices, or technical notifications
  • Comply with applicable legal obligations, including regulatory requirements and lawful governmental requests
  • Defend against, investigate, and resolve disputes, claims, or potential violations of our terms
  • Prevent fraud, unauthorized access, and other harmful or unlawful activities

We will not use your personal information for purposes materially different from those listed above without providing you with prior notice and, where required by applicable law, obtaining your explicit consent.

Section 05

Cookies & Tracking Technologies

Our Site uses cookies and browser localStorage to function correctly and, with your consent, to improve your experience and our understanding of how the Site is used. This section constitutes our Cookie Policy as required under the EU ePrivacy Directive, GDPR, and equivalent laws including the UK PECR.

5.1 What Are Cookies?

Cookies are small text files placed on your device by a website you visit. They allow the website to recognise your device, remember preferences, and collect certain technical information. We also use browser localStorage — a similar client-side storage technology that persists data locally on your device without transmitting it to our servers in the same manner as session cookies.

5.2 Cookies We Use

Name / Identifier Type Purpose Duration
nlp_cookie_consent Essential Stores your cookie consent preferences so the consent banner is not displayed on every page visit and your choices are honoured across sessions. 12 months
Session state (localStorage) Essential Temporary client-side state required for core website functionality. No personally identifiable information is stored in essential session storage. Session / Until cleared
Functional preference data Functional Stores display or interface preferences to improve the consistency of your experience across visits. Active only with your consent. 12 months
Analytics identifiers Analytics Anonymised identifiers enabling aggregate analytics about page views, session duration, and navigation patterns. Active only with your consent. No personally identifiable data is transmitted. Up to 24 months
Marketing / retargeting cookies Marketing Not currently deployed. This category is reserved for potential future use, which will only be activated with your explicit prior consent. N/A (not active)

5.3 Managing Your Cookie Preferences

You can update your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of any page on this Site. You may also manage, restrict, or delete cookies through your browser settings; however, disabling essential cookies may impair or prevent access to certain Site functionality.

For detailed guidance on managing cookies in your browser, visit allaboutcookies.org or your browser's help documentation.

5.4 Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. Our Site respects your cookie consent choices as described above. Because there is currently no universally agreed technical standard for responding to DNT signals, we do not alter Site behaviour in response to DNT browser signals specifically, but we encourage you to use our Cookie Preferences tool to exercise precise control over tracking.

Section 06

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to any third party. We may share your data only in the following limited, controlled circumstances:

6.1 Service Providers

We engage a small number of trusted third-party service providers who assist in operating our Site and delivering our Services — for example, web hosting providers, email delivery services, and analytics platforms. These providers are granted access to personal data only to the extent strictly necessary to perform their designated function on our behalf. They are bound by contractual data processing agreements that prohibit use of your data for any purpose beyond the specific service rendered and require implementation of appropriate security measures.

6.2 Legal Requirements

We may disclose personal information if required to do so by applicable law, regulation, court order, or governmental authority, or where we have a good-faith belief that such disclosure is necessary to protect the rights, property, or safety of our Company, our users, or the public — provided such disclosure is proportionate and conducted in accordance with applicable law.

6.3 Business Transfers

In the event of a merger, acquisition, asset sale, or other corporate restructuring, personal information held by us may be transferred to a successor entity. We will provide advance notice before your personal information becomes subject to a materially different privacy policy, and we will offer affected individuals the opportunity to exercise applicable data rights prior to any such transfer.

6.4 No Sale of Personal Data

We explicitly confirm that we do not sell personal information as that term is defined under the CCPA/CPRA, GDPR, or any other applicable privacy regulation, and have not done so at any point during the preceding 12-month period.

Section 07

International Data Transfers

Our operations are headquartered in Canada. As a remote-first company serving clients globally, personal data we collect may be processed or stored in countries other than the country in which it was originally collected, including countries that may not provide the same level of data protection as your home jurisdiction.

Transfers from the EEA, UK, and Switzerland

Where we transfer personal data of individuals located in the European Economic Area, the United Kingdom, or Switzerland to countries outside those territories that have not received an adequacy decision, we implement appropriate safeguards in accordance with GDPR Chapter V, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (2021 SCCs)
  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, where applicable
  • Other legally recognised transfer mechanisms as available and appropriate to the context

Canada has received a formal adequacy finding from the European Commission under Article 45 GDPR. Accordingly, transfers of personal data from the EEA to Canada are treated as compliant with GDPR transfer requirements without requiring additional safeguards.

You may request further information about the specific safeguards we apply to international transfers by contacting us at the details provided in Section 15.

Section 08

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable law. Our general retention principles are as follows:

  • Enquiry and correspondence data: Retained for up to 3 years from the date of last contact, to enable us to respond to follow-up enquiries and maintain a record of professional communications.
  • Licensing and contractual data: Retained for the duration of the active subscription agreement plus a minimum of 7 years thereafter, in accordance with applicable tax and corporate record-keeping requirements.
  • Technical and server log data: Automatically collected technical data is retained for a maximum of 12 months from collection for security diagnostic and abuse prevention purposes.
  • Cookie consent records: Records of consent are retained for as long as necessary to demonstrate compliance, typically 3 years from the date of consent or last preference update.
  • Anonymised analytics data: Aggregated and fully anonymised analytics data — which no longer constitutes personal information — may be retained indefinitely for statistical and product improvement purposes.

Upon expiry of applicable retention periods, personal data is securely deleted or irreversibly anonymised. You may request earlier deletion of your personal data, subject to the exceptions and limitations described in Section 9 below.

Section 09

Your Rights Under GDPR (EU / EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data under the General Data Protection Regulation and applicable implementing legislation. These rights are subject to certain legal limitations and exceptions, but we will always endeavour to respond to your requests in a fair, timely, and fully transparent manner.

Right of Access
You have the right to request confirmation as to whether we hold personal data about you, and to obtain a copy of that data along with supplementary information about how and why it is processed (Article 15 GDPR).
Right to Rectification
You have the right to request correction of any inaccurate personal data we hold and, where appropriate, completion of incomplete personal data concerning you (Article 16 GDPR).
Right to Erasure
Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances — for example, where it is no longer necessary for the purpose for which it was collected (Article 17 GDPR).
Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain defined circumstances, such as while the accuracy of data is being contested or where you have objected to processing (Article 18 GDPR).
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller (Article 20 GDPR).
Right to Object
You have the right to object at any time to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds which override your interests (Article 21 GDPR).
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time without any detriment. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal (Article 7(3) GDPR).
Right to Lodge a Complaint
You have the right to lodge a complaint with your national data protection supervisory authority if you believe your privacy rights have been infringed. We encourage you to contact us first so we may address your concern directly.

To exercise any of these rights, please contact us using the details in Section 15. We will respond to all verified requests within 30 days. Where requests are complex or numerous, we may extend this period by up to a further 60 days, providing written notice of any such extension and the reasons for it. We will not charge a fee for any subject access request unless requests are manifestly unfounded, excessive, or repetitive.

We will not discriminate against you for exercising any of your privacy rights.

Section 10

California Consumer Privacy Rights (CCPA / CPRA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA), effective 1 January 2023.

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information as defined under the CCPA: identifiers (such as name, email address, and IP address); internet or other electronic network activity information (browsing activity on our Site, interaction data); professional or employment-related information (job title and institutional affiliation, where voluntarily provided); and inferences drawn from the foregoing to develop a profile about your professional interests.

Your California Rights

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom it was shared or disclosed.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain statutory exceptions (such as where the information is necessary to complete a transaction, comply with legal obligations, or detect security incidents).
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you, taking into account the nature and purposes of the processing.
  • Right to Opt-Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioural advertising. This right therefore does not currently apply. We commit to providing an opt-out mechanism should these practices ever be adopted.
  • Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive personal information as defined under the CPRA.
  • Right to Non-Discrimination: We will not deny you goods or services, charge different prices, or provide a different level of quality for exercising any of your CCPA/CPRA rights.

Submitting a California Rights Request

To submit a verifiable consumer request, please contact us at the email address provided in Section 15. Include "California Privacy Request" in the subject line and describe the nature of your request. We will acknowledge receipt within 10 business days and provide a substantive response within 45 calendar days. Where reasonably necessary, we may extend this period by up to 45 additional calendar days with prior written notice.

We may need to verify your identity before processing your request using information already on file. Authorized agents may submit requests on your behalf provided they submit verifiable written proof of authorization, and we verify both the agent's authority and your identity before processing.

Shine the Light (Cal. Civ. Code § 1798.83): California residents may also request information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes, so this provision does not currently apply.

Section 11

Canadian Privacy Rights (PIPEDA & Provincial Law)

As a Canadian company, we are subject to and comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial privacy legislation including Alberta's Personal Information Protection Act (PIPA), British Columbia's PIPA, and Québec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64).

PIPEDA's Ten Fair Information Principles

Our privacy practices are designed to fully comply with PIPEDA's ten Fair Information Principles: accountability, identifying purposes, consent, limiting collection, limiting use and disclosure, accuracy, safeguards, openness, individual access, and providing recourse for challenging compliance. We have designated a Privacy Officer responsible for our compliance with this Policy and applicable privacy laws.

Your Rights Under PIPEDA

  • Right of Access: You have the right to request access to personal information we hold about you, subject to limited exceptions provided by law, and to challenge the accuracy or completeness of that information.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal information we maintain about you.
  • Right to Withdraw Consent: You may withdraw consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions, and upon reasonable notice. We will advise you of the consequences of withdrawal before you exercise this right.
  • Right to Complain: If you believe we have not handled your personal information in compliance with PIPEDA or applicable provincial law, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca, or the relevant provincial commissioner in Alberta or British Columbia.

Québec Law 25 (Act 25) — Additional Rights

Québec residents have additional rights under Law 25, including: the right to data portability (to receive personal information held about you in a technologically structured and commonly used format); the right to de-indexation (the right to request cessation of dissemination of your personal information or de-indexation from search technology results where dissemination causes harm); and the right to be informed about, and to contest, significant decisions made about you through automated processing. We do not currently engage in automated decision-making that significantly affects individuals visiting our Site.

Pursuant to Law 25, if a confidentiality incident (privacy breach) affecting your personal information occurs and presents a risk of serious harm, we will notify you and the Commission d'accès à l'information du Québec (CAI) as required.

Section 12

Children's Privacy

Our Site and Services are directed exclusively to adults operating in professional, academic, research, and institutional capacities. We do not knowingly collect, use, or disclose personal information from individuals under the age of 16. In jurisdictions where the applicable age threshold differs (including the United States under COPPA, where the threshold is 13), we comply with applicable local law.

If you are a parent or guardian and you believe that a child under the applicable age threshold has provided personal information to us without your consent, please contact us immediately using the details in Section 15. We will investigate and take prompt steps to delete such information from our records.

If you are under the applicable age threshold for your jurisdiction, you are not permitted to use this Site or our Services, and you must not provide any personal information to us.

Section 13

Security

We implement technical, administrative, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, accidental loss, or destruction. These measures are reviewed and updated on a regular basis in line with evolving best practices and include, but are not limited to:

  • Encrypted data transmission via TLS/HTTPS for all Site communications, with modern cipher suites and HSTS where supported
  • Strict access controls limiting access to personal data to only those personnel with a defined operational need
  • Regular review and testing of our data handling practices, security configuration, and vendor posture
  • Contractual requirements obligating all third-party service providers to maintain equivalent security standards and notify us promptly of any security incidents
  • Internal policies and procedures governing the lawful handling, storage, transfer, and scheduled deletion of personal data

Despite these measures, no method of transmission over the Internet or system of electronic storage is completely secure. We cannot guarantee the absolute security of your personal information. In the event of a data breach that presents a risk of harm to affected individuals, we will notify you and applicable regulatory authorities in accordance with the timelines required by applicable law.

Reporting a Security Concern

If you believe your personal information has been compromised, or if you have identified a security vulnerability in our Site, please notify us immediately using the contact details in Section 15. We treat all security reports with the highest priority and will investigate promptly and confidentially.

Section 14

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable legal requirements. When we make changes, we will revise the "Last Updated" date displayed at the top of this page and, where material changes are involved, post a prominent notice on our Site at the time the updated Policy takes effect.

For changes that are material and affect individuals whose personal information we hold, we will make reasonable efforts to provide advance notice — for example, by sending an email to individuals who have previously provided contact information to us, or by posting a notification banner on our Site for a defined period prior to the change taking effect.

We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your personal information. Your continued use of the Site following the effective date of any update constitutes your acknowledgment of the revised Policy, to the extent permitted by applicable law. If you do not agree with the changes, you should cease use of our Site and may exercise any applicable data rights as described in this Policy.

We maintain an internal record of all prior versions of this Privacy Policy. If you wish to review a prior version or have questions about what has changed, please contact us at the details below.

Section 15

Contact Us & Data Subject Requests

If you have any questions, concerns, complaints, or requests relating to this Privacy Policy or our data handling practices — including requests to exercise any of your statutory privacy rights — please contact us directly. We welcome enquiries from all individuals and will respond in a timely, transparent, and respectful manner.

Privacy Contact Details

Nonlinear Platform Development

Privacy & Data Protection Enquiries: Click to reveal and send email

Please include "Privacy Request" or "Data Subject Request" in the subject line of your email, along with your full name, country of residence, and a clear description of your request or concern. We will acknowledge receipt within 5 business days and provide a substantive response within the timeframes required by applicable law (typically 30 days for GDPR; 45 days for CCPA/CPRA; 30 days for PIPEDA).

Supervisory Authorities

If you are not satisfied with our response to a privacy concern or data subject request, you have the right to escalate the matter to the relevant supervisory or regulatory authority for your jurisdiction:

  • Canada (Federal): Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca
  • Québec (Provincial): Commission d'accès à l'information du Québec (CAI) — cai.gouv.qc.ca
  • European Union: Your national Data Protection Authority — full list available at edpb.europa.eu
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • California, USA: California Privacy Protection Agency (CPPA) — cppa.ca.gov
  • All US Residents: Federal Trade Commission (FTC) for general consumer privacy concerns — ftc.gov

This Privacy Policy was last reviewed and updated on 1 January 2025. It constitutes the complete and current statement of Nonlinear Platform Development's privacy practices with respect to the Site and its associated Services. This Policy is published in English. In the event of any discrepancy between a translated version and the English text, the English text shall prevail. Nothing in this Policy limits or modifies any rights you may have under mandatory applicable law.