Privacy Policy

1. Jurisdiction & Scope

This statement applies to all JTG-operated properties, including jointtechnologygroup.com, jointtechnologygroup.ca, related microsites, and offline intake processes originating in Ontario. Where we provide services to international customers, Ontario law governs and we honour any stricter local privacy rights by contract.

2. Information We Collect

• Contact data: name, email, phone number, company, role.
• Transactional data: proposals, invoices, SOW approvals, transcripts.
• Technical data: IP address, device/browser fingerprint, session activity, cookie identifiers.
• Support data: chat histories, recordings (with consent), diagnostic uploads.
• Sensitive data: only when required for security vetting and always under written consent.

3. How & Why We Use Information

We process information under the lawful bases of consent, contract performance, and legitimate interest to:

• Deliver proposals, service engagements, and managed support.
• Authenticate portal access and secure remote sessions.
• Send operational notices, invoices, and compliance documentation.
• Improve product performance via aggregated analytics.
• Meet legal, tax, and audit obligations.

4. Sharing & Disclosure

We do not sell personal information. Limited sharing occurs with vetted processors such as cloud hosting, analytics, payment providers, and background-check partners. Each vendor signs confidentiality agreements, uses Canadian or SOC 2 datacenters whenever possible, and is reviewed annually. Disclosure to authorities occurs only when legally compelled or to enforce contractual rights.

5. Data Retention & Security

Customer files are retained for the minimum period required by Canadian tax and regulatory guidelines (typically seven years) unless a longer retention is mandated by contract. We apply encryption in transit and at rest, role-based access controls, hardware security keys for privileged logins, always-on monitoring, and documented incident response procedures.

6. Your Rights

You may submit requests to access, correct, port, or delete your personal data at any time. We respond within 30 calendar days, provide secure delivery of exported records, and document any refusal with an explanation. Marketing emails always include an unsubscribe link, and cookie preferences can be updated via the site footer controls.

7. International Transfers & AI Usage

Where information leaves Canada (for example, when using U.S.-based AI infrastructure), we implement Standard Contractual Clauses, encryption, and access logging. AI copilots are restricted to redacted project data, and human review is required before any AI-generated deliverable is released.

8. Contact & Escalation

For privacy questions or to exercise your rights, contact: