LEGAL_PROTOCOL // 01

PRIVACY PROTOCOL

EFFECTIVE DATE: JAN 2026 // LAST UPDATED: MAR 2026 // JURISDICTION: BC, CANADA

This Privacy Protocol ("Policy") governs how Ideafridge collects, processes, retains, and protects your data. We treat your information with the same strategic precision we apply to your market narrative.

01. SCOPE & WHO THIS APPLIES TO

This Privacy Protocol applies to all individuals and entities who interact with Idea Fridge Media, Inc. ("Ideafridge," "we," "our," or "us") — including visitors to our website, prospective clients, and active partners subscribed to any tier of the Narrative GTM platform.

Ideafridge is incorporated and operates from British Columbia, Canada. This Policy is governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). Where we serve clients in other jurisdictions, we apply these Canadian standards as our baseline and comply with applicable local requirements.

This Policy does not apply to the content your organization creates or deploys through the platform. That content is governed by your Subscription Agreement.

"Personal Information" means any information about an identifiable individual — including name, business email address, job title, IP address, usage data, and communications metadata — as defined under PIPEDA and BC PIPA.

02. INFORMATION WE COLLECT

We collect information in two primary ways: data you provide directly, and data we collect automatically as you interact with our platform.

Information you provide directly:

  • Work email address and professional contact information
  • Company name, industry category, and GTM team size
  • Communications exchanged as part of service delivery
  • Content inputs shared for narrative intelligence processing (e.g., transcripts, messaging briefs)
  • Billing and payment information, processed via PCI-DSS compliant partners

Information collected automatically:

  • IP address, browser type, and device identifiers
  • Pages visited and interaction patterns on ideafridge.com
  • Timestamps of logins and platform actions

// IMPORTANT NOTE: We do not purchase third-party marketing lists. We do not collect data from social media platforms without your explicit authorization. We do not collect sensitive personal data (as defined under GDPR Article 9) through our standard intake processes.

03. HOW WE USE YOUR INFORMATION

We use your information for the following purposes, each tied to a legitimate operational need:

  • Service delivery: To onboard, configure, and operate your Narrative GTM engagement.
  • Communication: To send operational updates and Weekly Briefs. We do not send unsolicited promotional emails.
  • Availability verification: To confirm that no conflicting Client in your category is currently under exclusivity.
  • Security & fraud prevention: To detect and prevent unauthorized access or spam submissions.
  • Platform improvement: Aggregated and anonymized usage data may be used to refine deployment cycle performance.

04. LEGAL BASES FOR PROCESSING

Under PIPEDA and BC PIPA, Ideafridge collects, uses, and discloses Personal Information only with your knowledge and consent, except where the law permits otherwise. Our processing is grounded in the following PIPEDA accountability principles:

  • Consent: We obtain meaningful consent before or at the time of collection.
  • Contractual necessity: Processing required to deliver services under your active Subscription Agreement.
  • Legitimate business purposes: Security, fraud prevention, and platform improvement.
  • Legal obligation: Processing required to comply with applicable Canadian tax and reporting law.

// NOTE FOR US & UK CLIENTS: If you are located in the United States or the United Kingdom, your Personal Information is processed in Canada under Canadian privacy law. Canada is recognized by the UK as providing an adequate level of data protection.

05. DATA SHARING & THIRD PARTIES

Ideafridge does not sell, rent, or trade your Personal Data. Data is disclosed only in the following limited circumstances:

  • Service providers: Cloud hosting, payment processing, and analytics vendors bound by strict DPAs.
  • Professional advisors: Legal counsel and auditors bound by confidentiality.
  • Business transfers: In the event of an acquisition or asset sale (with prior notice).
  • Legal requirements: Where required by law, subpoena, or court order.

06. DATA RETENTION

We retain your Personal Information only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by applicable Canadian law.

  • Active Client data: Retained for the duration of the Subscription and for 36 months following termination.
  • Prospect data: Retained for 12 months from date of submission.
  • Billing records: Retained for a minimum of 7 years in accordance with tax requirements.
  • Security logs: Retained for 90 days.

Upon expiration, data is either securely deleted or irreversibly anonymized.

07. YOUR RIGHTS

Under PIPEDA and BC PIPA, you have the right to access, correct, or withdraw consent regarding your Personal Information. We respond to verifiable requests within 30 calendar days.

To exercise any of these rights, contact us at privacy@ideafridge.com. We may require verification of your identity.

// SUPERVISORY AUTHORITIES: If unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or the Office of the Information and Privacy Commissioner for BC (OIPC).

08. SECURITY ARCHITECTURE

We implement robust technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Strict role-based access controls
  • Regular vulnerability assessments
  • Documented incident response procedures

// LIMITATION: No security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet.

09. COOKIES & TRACKING

We do not use advertising cookies or cross-site tracking pixels. Our tracking is limited to strictly necessary session cookies and anonymized analytics cookies (deployed only with consent where required).

10. CHILDREN'S PRIVACY

Ideafridge is a B2B platform. Our services are not directed to, and we do not knowingly collect Personal Data from, individuals under the age of 16.

11. INTERNATIONAL DATA TRANSFERS

While Ideafridge processes data primarily in Canada, some third-party sub-processors may operate in the United States or elsewhere. We require that all processors apply protections substantially equivalent to PIPEDA standards.

12. CHANGES TO THIS POLICY

We reserve the right to update this Privacy Protocol. Material changes will be communicated via email or prominent platform notices. Continued use of our services constitutes acceptance of the updated Policy.

13. CONTACT THE DATA CONTROLLER

If you have questions or wish to exercise your data rights, reach us here:

// PRIVACY OFFICE
Idea Fridge Media, Inc. (BC, Canada)
Email: privacy@ideafridge.com
Subject line: "Privacy Request — [Your Name]"

We target a response time of 5 business days for all initial inquiries.