Privacy Policy

1.  Who we are

InLight InSight Inc. ("Company", "we", "us", "our") operates the website(s) inlightinsight.com (collectively, the "Site") built and hosted on the
GoHighLevel™ platform.

2  Scope of this Policy

This Policy explains how we collect, use, disclose, transfer and safeguard the personal information of visitors, customers and other end‑users ("you"), and the rights and choices you have. It is drafted to comply with, and where possible exceed, the requirements of:

• Canada: the Personal Information Protection and Electronic Documents Act (PIPEDA), substantially‑similar provincial laws, Québec’s Law 25, Alberta & -British Columbia Personal Information Protection Acts, and Canada’s Anti‑Spam Law (CASL);

• United States: the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA and other enacted state privacy laws, as well as the federal Children’s Online Privacy Protection Act (COPPA);

• European Economic Area & United Kingdom: the GDPR/UK GDPR;

• Any other applicable international privacy standards.

Unless expressly stated otherwise, the higher level of protection prevails where laws conflict.

3  Information we collect

Information you provide: Name, postal address, email, telephone, account credentials, marketing preferences, payment details (processed via PCI‑DSS‑compliant partners), survey responses, support queries, user‑generated content

Information collected automatically: IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, links clicked, session duration, crash
data, cookies, pixels and similar technologies

Sensitive information: We do not intentionally collect sensitive personal information (e.g. health data) unless you voluntarily provide it. Where we do, we obtain explicit consent or rely on another lawful basis

4  How we use personal information

We process personal information to:

Provide, operate and maintain the Site and related services;

Create, administer and secure user accounts;

Fulfil purchases, subscriptions or other transactions;

Personalize content, offers and advertising;

Communicate with you (e.g. account notices, marketing—consent‑based as required);

Conduct analytics, research and product development;

Detect, prevent and investigate fraud, abuse and security incidents;

Comply with our legal obligations and enforce our Terms & Conditions.

Legal bases (GDPR et al.): consent; performance of a contract; legitimate interests (e.g. security, marketing to existing customers); legal obligation; protection of vital interests.

5  Sharing & disclosure

We never sell personal information for monetary consideration. We share it only with:

Service providers & processors (e.g. GoHighLevel™, hosting, analytics, email/SMS platforms, payment gateways) bound by confidentiality and data‑processing agreements;

Affiliates & business partners involved in servicing your account, subject to equivalent obligations;

Authorities & other parties when required to comply with law, protect rights or pursue remedies;

Successors in case of merger, acquisition or similar transaction;

Others with your consent.

6  International transfers

Our servers and those of our providers may be located in
Canada, the U.S. and other countries. Where a transfer occurs to a jurisdiction without an adequacy decision, we rely on Standard Contractual Clauses or another recognized mechanism.

7  Your privacy rights

Depending on where you reside, you may have the right to:

Access and obtain a copy of personal information we hold about you; Correct inaccurate or incomplete data; Delete (erase) your personal information; Port data to another organisation; Restrict or object to certain processing (including targeted advertising); Opt out of the "sale" or "sharing" of personal information under U.S. state laws; Withdraw consent at any time.

Requests can be made via [email protected]. We will respond within the statutory deadline (e.g. 30 days under
PIPEDA/GDPR; 45 days under CPRA).

You also have the right to complain to your local regulator (e.g. the Office of the Privacy Commissioner of Canada, the California Privacy Protection Agency, or your EU/UK supervisory authority).

8  Cookies & similar technologies

We use first‑ and third‑party cookies for core functionality, analytics, advertising and social media. You can adjust cookie settings in your browser and may opt out of interest‑based ads via tools such as YourAdChoices. We honour Global Privacy Control (GPC) signals where technically feasible.

9  Do Not Track & opt‑out mechanisms

Our Site does not respond to traditional "Do Not Track" headers, but California and other U.S. visitors can exercise CCPA/CPRA opt‑out rights via the "Do Not Sell or Share My Personal Information" link in the footer.

10  Data retention & security

We retain personal information only for as long as necessary to fulfil the purposes above or as required by law, then securely erase or anonymise it. We apply administrative, technical and physical safeguards aligned with ISO 27001 and NIST SP 800‑53. No system is perfectly secure; transmission of information is at your own risk.

11  Children’s privacy

The Site is not directed to children under 13 (U.S.) or under the age of digital consent in your jurisdiction (16 under GDPR). We do not knowingly collect data from children. If you believe we have inadvertently done so, contact us to delete it.

12  Third‑party links & services

Our Site may contain links to external sites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of every site you visit.

13  Changes to this Policy

We may revise this Policy periodically. The “Last updated” date will change. Material changes will be announced via email or a prominent notice at least 30 days before they take effect.

14  Contact us

Eva Alexandre

InLight InSight Inc.

Email: [email protected]
Mail: 467 Dunbar Crt, Kelowna, BC, V1P 1T5, Canada