Privacy Policy

Last Updated: 2025-10-07

Introduction

This Privacy Policy ("Policy") is provided by Blueprint Partnership Consulting Inc. (hereinafter referred to as the "Company," "we," "our," or "us") and sets forth the basis on which we collect, use, disclose, and safeguard information. This Policy applies to all data processing activities conducted by the Company in connection with your access to and use of the FundDirector software application (the "Platform"), our proprietary real estate private equity business modelling service.

  1. Information We Collect

    1. Client-Provided Data: We collect information that you directly provide to the Company when you establish an account and utilize the Platform. This category of data includes: (i) Account and Business Information, such as your name, contact details, account credentials, company name, and branding assets; (ii) Financial and Portfolio Information, which encompasses historical financial data, current and future financial plans, and detailed portfolio composition data including assets, debts, investors, and tenants; and (iii) User-Generated Content, which consists of all file uploads, text inputs, and specific prompts you submit to our AI systems for processing and analysis.

    2. Data from Third-Party Sources: Subject to your express authorization, the Company may collect information from integrated third-party services. The primary source of such data is financial software integrations, including but not limited to QuickBooks Online (QBO). Upon authorization, the Company collects historical financial data from such services to populate your account and facilitate the Platform’s analytical functions.

    3. System-Generated Data: In the course of providing our services, the Platform generates data through its internal processes. This "System-Generated Data" includes: (i) AI-Generated Content, such as reports, summaries, and financial model outputs created by our Large Language Model (LLM) features in response to user prompts; and (ii) Analytics and Metrics, which are calculated data points and performance trends derived from the analysis of Client-Provided and third-party data.

    4. Automatically Collected Usage Data: When you access or interact with the Platform, we automatically collect certain technical information about your device and usage patterns. This "Usage Data" may include your Internet Protocol (IP) address, browser type, device identifiers, system log data, the pages you visit, the features you use, and the date and time of your interactions.

  2. Use of Information

    The Company processes the information collected for the following purposes, founded upon the principles of necessity for service delivery and legitimate business operations:

    1. Provision of Core Services: To deliver, maintain, and operate the Platform's core functionalities. This includes processing Client-Provided Data, Third-Party Data, and System-Generated Data for the purposes of performing financial modeling, organizing portfolio compositions, managing user accounts, and generating strategic analyses as integral components of the service.

    2. AI-Powered Analysis and Reporting: To provide advanced analytical capabilities through our AI-powered features. User-Generated Content, prompts, and relevant portfolio data are processed to generate insights, summaries, and reports. This processing may necessitate the transfer of such data to Third-Party Sub-Processors, as further detailed in Section 5, to leverage specialized Large Language Models (LLMs) required for service delivery.

    3. Platform Maintenance and Security: To ensure the security, integrity, and stability of the Platform. We process User-Generated Content and Prompts to monitor for, prevent, and address system misuse, abuse, or illicit activities. Furthermore, we may analyze aggregated usage data to identify trends, diagnose technical issues, and improve the overall performance and user experience of the Platform.

    4. Client Communication and Support: To communicate with you regarding your account and our services. This includes sending administrative information, service-related announcements, and security notices, as well as responding to your comments, questions, and requests for customer support.

    5. Legal and Regulatory Compliance: To comply with applicable legal obligations, court orders, or governmental and law enforcement requests. We may use your information as we believe necessary or appropriate to enforce our terms of service, protect our rights, privacy, safety, or property, and/or that of you or others.

  3. Data Security and Storage

    The Company has implemented and shall maintain appropriate technical, administrative, and organizational measures designed to protect the confidentiality, integrity, and security of your information. Our security architecture includes the segregation of data by client and portfolio. Sensitive financial information is stored in dedicated proprietary file formats that are encrypted at rest and are decrypted into system memory only as required for processing. Data is encrypted in transit using industry-standard protocols such as Transport Layer Security (TLS), and we enforce strict access controls and authentication requirements to limit information access to authorized personnel.

    For the purposes of service delivery and archival, the Company stores data on secure company servers and may utilize third-party cloud storage providers, such as Amazon Web Services or Google Cloud Storage. Accordingly, your information may be stored, processed, and transferred to data centers located outside of your province or country, including in the United States. All data, regardless of storage location, is subject to our security protocols.

    Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

  4. Disclosure to Third Parties and Sub-Processors

    In the course of delivering the Platform and its associated services, the Company engages certain third-party entities. Subject to your express authorization, the Platform may integrate with third-party financial software services, such as QuickBooks Online (QBO), for the purpose of automated data ingestion.

    To provide the Platform's advanced analytical capabilities, the Company utilizes specialized Large Language Models (LLMs) operated by third-party sub-processors. The use of these AI-powered features necessitates the transfer of User-Generated Content, prompts, and associated portfolio data to these sub-processors for processing. Our primary AI sub-processors include Google LLC (Gemini Models), Anthropic, PBC (Claude Models), and OpenAI, L.L.C. (GPT Models). The engagement of these sub-processors may involve the transfer and processing of your information in jurisdictions outside of your province or country of residence, including the United States. Furthermore, we may utilize third-party cloud providers for archival storage and analytics services to improve Platform performance.

    The processing of your information by any such third party is governed by their respective privacy policies and terms of service. The Company does not control and is not responsible for the data protection or privacy practices of any third party. We encourage you to review the privacy policies of these entities before authorizing any data integration or utilizing services that rely upon them.

  5. Data Retention and Deletion

    The Company shall retain information for the duration that your account remains active and as necessary to provide the Services, including for the purpose of maintaining historical analysis capabilities. Notwithstanding the foregoing, data shall be deleted from our systems under specific conditions.

    1. Client-Initiated Deletion: You retain control over your data and may initiate its deletion. You have the right to delete a specific financial "scenario," which permanently deletes the associated portfolio files and generated proforma data. Furthermore, you may request the deletion of your entire account, which will result in the permanent deletion of your domain-specific directory and all associated financial data from our active systems.

    2. Company-Initiated Deletion and Overriding Retention Needs: The Company will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also initiate the deletion of your data upon formal request from you, following a prolonged period of account inactivity after providing advance notice, or if required by a legitimate request from a governmental or law enforcement authority.

  6. Your Data Protection Rights

    Subject to applicable data protection laws in your jurisdiction, you may hold certain rights with respect to your personal information. These rights may include:

    1. Right of Access: The right to request access to and receive a copy of the personal information the Company holds about you.

    2. Right to Rectification: The right to request the correction of any information you believe is inaccurate or the completion of information you believe is incomplete.

    3. Right to Erasure: The right to request the deletion of your personal information, subject to certain exceptions and our data retention policies as outlined in Section 6. As specified therein, you may initiate the deletion of certain data directly through the Platform.

    4. Right to Data Portability: The right to request that we provide your data in a structured, commonly used, and machine-readable format, and to have it transferred to another data controller where technically feasible.

    5. Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

    To exercise any of these rights, please submit a verifiable request to us at legal@funddirector.ca. We may require you to provide sufficient information to verify your identity before responding to your request.

  7. Compliance with Provincial and Federal Privacy Legislation

    The Company is committed to the protection of personal information in accordance with applicable Canadian privacy legislation, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Alberta’s Personal Information Protection Act (PIPA). In adherence with the obligations and principles set forth in this legislation, the Company:

    1. Consent and Reasonable Purpose: Limits the collection, use, and disclosure of personal information to purposes that are reasonable and explicitly identified within this Policy. Pursuant to Section 7 of PIPA, your use of the Platform and its services constitutes your consent to the data processing activities described herein, including the transfer of information to Third-Party Sub-Processors as necessary for service delivery.

    2. Limitation of Collection and Use: Ensures that the collection of personal information is limited to that which is reasonable and necessary for the provision, maintenance, and security of the Platform, as justified in Section 3.

    3. Accountability and Safeguards: Assumes accountability for all personal information under its control and has implemented reasonable administrative, technical, and physical safeguards, as detailed in Section 4, to protect such information against risks such as loss, theft, and unauthorized access, in compliance with Section 34 of PIPA.

    4. Cross-Border Data Transfers: Provides notice, in accordance with Section 13.1 of PIPA, that in the course of service delivery, personal information may be transferred, stored, and processed by third-party service providers located outside of Canada, including in the United States. As detailed in Sections 4 and 5, such information may become subject to the laws and lawful access requests of governmental and law enforcement authorities in those foreign jurisdictions.

    5. Access and Rectification: Upholds the right of individuals to access their personal information and request the correction of any inaccuracies, as stipulated under Part 3 of PIPA and further detailed in Section 7 of this Policy.

    6. Retention: Retains personal information only for the period necessary to fulfill the identified purposes or as required or permitted by law, in accordance with the retention and deletion protocols specified in Section 6.

  8. Children's Privacy

    The Platform is not directed to, nor intended for use by, individuals under the age of eighteen (18) years ("Minors"). The Company does not knowingly solicit or collect Personal Information from Minors. In the event that we learn that we have inadvertently collected Personal Information from a Minor without verifiable parental consent, we will take commercially reasonable steps to delete such information from our systems. If you are a parent or guardian and you believe that a Minor has provided us with Personal Information, please contact us immediately at the contact details provided in Section 11.

  9. Changes to This Privacy Policy

    The Company reserves the right to amend, update, or otherwise modify this Privacy Policy at any time and in its sole discretion. We shall provide notice of such amendments by posting the revised Policy on this page and updating the "Last Updated" date accordingly. Any such modifications shall be deemed effective immediately upon posting. Your continued use of the Platform after the effective date of any such changes shall constitute your conclusive acceptance of the Policy as modified.

  10. Contact Us

    If you have any questions about this Privacy Policy, please contact us:

    Email: legal@funddirector.ca

Back to Home