Legal

Privacy Policy

Effective Date: November 3, 2025  |  Last Updated: April 1, 2026

1. Introduction

Output ("Output," "we," "us," or "our") operates the website located at output.systems and chat.output.systems (the "Website") and provides business consulting and intelligent systems development services (the "Services"). Output is operated by 14305124 Canada Inc, a corporation organized under the laws of Canada with its principal place of business in Toronto, Ontario, Canada.

This Privacy Policy describes how Output collects, uses, discloses, retains, and protects personal information when you visit the Website, communicate with us, or engage our Services.

This Privacy Policy is intended to comply with: PIPEDA (Canada); Quebec Law 25; GDPR and UK GDPR; CCPA/CPRA (California); and other applicable data protection laws.

2. Data Controller and Contact Information

For all privacy-related inquiries, requests, or complaints, please contact:

Privacy Officer: Curtis Grier-Coward
Email: curtis@output.systems
Address: 375 University Ave Suite 3267, Toronto, Ontario, Canada M5G 2J5

We will respond to all inquiries within thirty (30) days, or such shorter period as required by applicable law.

3. Information We Collect

3.1 Information You Provide Directly — Full name, email address, telephone number, business name and role, industry and business size, information about your business operations relevant to the Services requested, communication preferences, and any other information you voluntarily provide.

3.2 Information Collected Automatically — IP address, browser type and version, operating system, device identifiers, pages visited, referring URL, date and time of access, geolocation data derived from IP address, cookies and similar tracking technologies.

3.3 Sensitive Personal Information — We do not knowingly collect sensitive personal information such as government IDs, health information, biometric data, racial or ethnic origin, religious beliefs, or sexual orientation.

4. Legal Bases for Processing (GDPR / UK GDPR)

For individuals in the EU, UK, or Switzerland, we process personal information on the following bases: Consent, Contract, Legitimate Interests, and Legal Obligation. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Use Personal Information

To respond to inquiries, deliver and improve our Services, process transactions, send service and marketing communications (where permitted), analyze Website usage, prevent fraud, comply with legal obligations, and enforce our terms. We do not use personal information for automated decision-making that produces legal effects without explicit consent.

6. Disclosure of Personal Information

We do not sell personal information. We may share it only with service providers bound by contractual protections (cloud hosting, email platforms, CRM, analytics, payment processors, professional advisors), where required by law, in connection with a business transfer, or with your explicit consent.

7. Cookies and Tracking Technologies

We use strictly necessary cookies, analytics cookies (subject to consent), and marketing cookies (subject to consent). You may manage preferences through the Website's cookie consent tool or your browser settings. Non-essential cookies are not deployed until consent is given for users in jurisdictions requiring prior consent.

8. Data Retention

Inquiry data (no engagement): up to 24 months. Active client data: duration of engagement plus 7 years. Marketing data: until unsubscribe or withdrawal of consent. Website analytics: up to 26 months. Legal records: as required by law. Data no longer required is securely deleted or anonymized.

9. International Data Transfers

Output is based in Canada, which has been recognized by the European Commission as providing adequate data protection for commercial organizations subject to PIPEDA. For transfers to other jurisdictions, we rely on appropriate safeguards including Standard Contractual Clauses.

10. Data Security

We implement encryption in transit (TLS/SSL) and at rest, access controls, regular security assessments, staff confidentiality obligations, vendor due diligence, and incident response procedures. No method of electronic transmission is completely secure. In the event of a data breach, we will notify affected parties and regulatory authorities as required by law.

11. Your Rights

All users: Access, correction, deletion, withdrawal of consent, and complaint.

EU / UK / Switzerland (GDPR): Restriction of processing, data portability, right to object, right not to be subject to automated decision-making, and the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA): Know what personal information is collected, request deletion, correct inaccurate information, opt out of sale or sharing (Output does not sell personal information), limit use of sensitive personal information, and non-discrimination for exercising rights.

To exercise any right, contact us at curtis@output.systems. We will verify your identity before responding.

12. Children's Privacy

The Website and Services are not directed to children under the age of 16. We do not knowingly collect personal information from children. If we learn we have done so, we will delete it promptly.

13. Third-Party Links and Embedded Content

The Website may contain links to third-party websites and embedded content (such as scheduling widgets). Embedded content behaves as if you had visited the third-party website directly. These third parties may collect data, set cookies, and monitor your interaction with their content. We encourage you to review their privacy policies.

14. Marketing Communications

We may send marketing communications where permitted by law and where required, with your consent. You may opt out at any time by clicking unsubscribe in any marketing email or contacting us directly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Website with a revised Last Updated date. Material changes will be communicated through additional means where practicable. Continued use of the Website after the effective date constitutes acceptance of the revised Policy.

16. Regulatory Authorities

Canada: Office of the Privacy Commissioner (priv.gc.ca)  |  Quebec: Commission d'accès à l'information (cai.gouv.qc.ca)  |  EU: Your local Data Protection Authority (edpb.europa.eu)  |  UK: Information Commissioner's Office (ico.org.uk)  |  California: California Privacy Protection Agency (cppa.ca.gov)

17. Governing Law

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Disputes will be subject to the exclusive jurisdiction of the courts of the Province of Ontario, except where prohibited by applicable law in your jurisdiction. Nothing in this Policy limits your right to bring a complaint under the mandatory provisions of your local data protection laws.

BOOK A FREE DISCOVERY CALL