Privacy Policy

Last updated: 4 January 2026

1 Who we are

InLight InSight Inc. ("Company," "we," "us," or "our") operates the website inlightinsight.com (the "Site") built and hosted on the GoHighLevel™ platform.

2 Scope of This Policy

This Policy explains how we collect, use, disclose, transfer, and protect your personal information, as well as the rights and choices available to you. We have designed this Policy to comply with, and where possible exceed, the requirements of:

• Canada: the Personal Information Protection and Electronic Documents Act (PIPEDA), substantially similar provincial laws, Québec's Law 25, Alberta and British Columbia Personal Information Protection Acts, and Canada's Anti-Spam Law (CASL)

• United States: the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and other enacted state privacy laws, as well as the federal Children's Online Privacy Protection Act (COPPA)

• European Economic Area and United Kingdom: the General Data Protection Regulation (GDPR) and UK GDPR

• Other jurisdictions: any other applicable international privacy standards

Where laws conflict, the higher level of protection applies unless expressly stated otherwise.

3 Information We Collect

3.1 Information You Provide

We collect information that you directly provide to us, including:

• Name, postal address, email address, and telephone number

• Account credentials and security information

• Marketing preferences and communication choices

• Payment details (processed via PCI-DSS-compliant payment processors)

• Survey responses, support inquiries, and feedback

• User-generated content and communications

3.2 Information Collected Automatically

When you visit our Site, we automatically collect certain technical information, including:

• IP address and device identifiers

• Browser type and operating system

• Referring URLs, pages viewed, and links clicked

• Session duration and crash data

• Information collected through cookies, pixels, and similar tracking technologies

3.3 Sensitive Information

During business coaching sessions, discussions may involve personal challenges related to health, financial matters, or family situations. We collect such sensitive information only when you voluntarily share it during coaching sessions and only to the extent necessary to provide effective coaching services. We handle all sensitive information with heightened confidentiality protections.

3.4 Information Processed Through GoHighLevel

Our website and client management systems are powered by GoHighLevel™, which processes the following types of information on our behalf:

• Website visitor data, including IP addresses, browsing behavior, and form submissions

• Client account information, including names, contact details, and preferences

• Communication history, including emails and SMS messages sent through our system

• Appointment and scheduling data

• Marketing campaign interactions, including email opens, link clicks, and opt-outs

GoHighLevel acts as our data processor and handles this information in accordance with our instructions and applicable privacy laws. GoHighLevel maintains servers in the United States and implements security measures consistent with industry standards.

3.5 Artificial Intelligence and Automated Processing

We may use artificial intelligence or automated tools to transcribe coaching sessions and generate summaries. These tools process your information in accordance with our service provider agreements and do not use your information to train their models.

4 How We Use Personal Information

We use your personal information for the following purposes:

• To provide, operate, and maintain the Site and related services

• To create, administer, and secure user accounts

• To fulfill purchases, subscriptions, and other transactions

• To personalize content, offers, and advertising

• To communicate with you, including sending account notices and marketing communications (with your consent where required)

• To conduct analytics, research, and product development

• To detect, prevent, and investigate fraud, abuse, and security incidents

• To comply with our legal obligations and enforce our Terms and Conditions (available at https://inlightinsight.com/terms-conditions)

4.1 Legal Bases for Processing (GDPR and Similar Laws)

We process your personal information based on the following legal grounds:

• Consent: when you have given us permission to process your information for a specific purpose

• Contract performance: when processing is necessary to fulfill our contractual obligations to you

• Legitimate interests: when we have a legitimate business interest, such as maintaining security or marketing to existing customers

• Legal obligation: when we must process your information to comply with applicable laws

• Vital interests: when processing is necessary to protect someone's life or safety

4.2 Email and SMS Communications

We use GoHighLevel™ to send the following types of communications:

• Transactional messages, including appointment confirmations and account updates

• Marketing communications, including newsletters and promotional offers (only with your consent or where permitted under applicable law)

• Service-related notifications

You can unsubscribe from marketing messages at any time using the unsubscribe link in every email, by contacting us at [email protected], or by replying STOP to SMS messages.

5. Sharing and Disclosure

We never sell your personal information for monetary consideration. We share your information only in the following circumstances:

5.1 Service Providers

We share your information with trusted service providers who assist us in operating our business:

• GoHighLevel™: our primary platform provider for website hosting, CRM, email and SMS marketing, analytics, and appointment scheduling. GoHighLevel processes personal information on our behalf under a data processing agreement and is bound by strict confidentiality obligations. For GoHighLevel's privacy practices, visit https://www.gohighlevel.com/privacy-policy

• Video conferencing providers: Zoom and Google Meet for coaching sessions

• Messaging platforms: WhatsApp and Telegram for client communication

• Payment processors: Stripe, Wise, and other PCI-DSS-compliant payment processors

• Cloud storage: Google Drive, GoHighLevel, and Notion for client resources and session recordings

• Analytics: Google Analytics for website usage analysis

All service providers are bound by confidentiality and data processing agreements and process personal information only as instructed by us.

5.2 Legal and Regulatory Requirements

We may disclose your information when required to:

• Comply with legal obligations, court orders, or regulatory requirements

• Protect our rights, property, or safety, or that of our users or the public

• Enforce our Terms and Conditions or other agreements

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor organization. We will notify you of any such transfer and the choices you may have.

5.4 With Your Consent

We may share your information with other parties when you have given us your explicit consent to do so.

6. International Transfers

Your personal information may be processed in the following jurisdictions:

• United States: Our primary platform provider, GoHighLevel™, maintains servers in the United States. GoHighLevel complies with applicable data protection requirements and implements appropriate safeguards.

• Canada: InLight InSight Inc. is based in Canada, where some client information may be stored.

• Other jurisdictions: Additional service providers, such as Zoom for video conferencing, may process information in various countries.

When we transfer information outside Canada to countries without equivalent privacy protections, we rely on Standard Contractual Clauses, contractual commitments from service providers, or other recognized transfer mechanisms under applicable law.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request access to and obtain a copy of the personal information we hold about you

• Correction: request correction of inaccurate or incomplete information

• Deletion: request deletion (erasure) of your personal information

• Portability: request transfer of your information to another organization

• Restriction or objection: restrict or object to certain processing activities, including targeted advertising

• Opt-out of sales or sharing: opt out of the "sale" or "sharing" of personal information under applicable U.S. state laws

• Withdraw consent: withdraw your consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the applicable statutory deadline (for example, 30 days under PIPEDA and GDPR, or 45 days under the CCPA/CPRA).

You also have the right to lodge a complaint with your local data protection authority, such as the Office of the Privacy Commissioner of Canada, the California Privacy Protection Agency, or your EU or UK supervisory authority.

8. Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience and analyze Site usage. The types of cookies we use include:

Essential Cookies

These cookies are necessary for the Site to function properly and cannot be disabled. They enable:

• Session management and security

• GoHighLevel platform functionality

Analytics Cookies

These cookies help us understand how visitors use our Site:

• GoHighLevel analytics to track visitor behavior and improve Site performance (see https://www.gohighlevel.com/cookies-policy)

Marketing Cookies

These cookies allow us to measure the effectiveness of our marketing campaigns:

• GoHighLevel tracking for email campaign performance

• Retargeting pixels for personalized advertising

Managing Cookies

You can control cookies through your browser settings. Please note that disabling essential cookies may affect Site functionality.

Opt-Out Options

• Email marketing: use the unsubscribe link in every email

• Interest-based advertising: visit YourAdChoices.com or the NAI opt-out page

• Global Privacy Control: we honor Global Privacy Control (GPC) signals where technically feasible

For more information about cookies, visit www.aboutcookies.org.

9. Do Not Track and Opt-Out Mechanisms

Our Site does not respond to traditional "Do Not Track" browser headers. However, California and other U.S. visitors can exercise their opt-out rights under the CCPA/CPRA by submitting a request through our online form at https://inlightinsight.com/contact or by emailing us at [email protected].

10. Data Retention and Security

10.1 Data Retention
We retain your personal information for the following periods:

• Client account data: duration of our engagement plus 7 years (to meet tax and accounting requirements)

• Marketing communications: until you unsubscribe or after 3 years of inactivity

• Session recordings: 1 year following program completion (or as stated in our Coaching Agreement)

• Payment records: 7 years (to meet tax requirements)

• Website analytics: 26 months (or as configured in our analytics platform)

After retention periods expire, we securely delete or anonymize your personal information.

10.2 Security Measures

We implement administrative, technical, and physical safeguards to protect your personal information, aligned with industry standards such as ISO 27001 and NIST SP 800-53. However, no system is completely secure, and you acknowledge that transmission of information over the internet carries inherent risks.

10.3 Third-Party Security

Our platform provider, GoHighLevel™, implements industry-standard security measures, including:

• Encryption in transit using TLS/SSL protocols

• Encryption at rest for stored data

• Access controls and multi-factor authentication

• Regular security audits and vulnerability assessments

• Backup and disaster recovery procedures

For more details on GoHighLevel's security practices, visit https://www.gohighlevel.com/privacy-and-security.

11. Children's Privacy

Our Site is not directed to children under 13 years of age (in the United States) or under the age of digital consent in your jurisdiction (16 years under GDPR). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

12. Third-Party Links and Services

Our Site may contain links to external websites and services that we do not control. We are not responsible for the privacy practices of these third-party sites. We encourage you to review the privacy policy of every website you visit.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable laws. When we make changes, we will update the "Effective Date" at the top of this Policy.

If we make material changes, we will notify you by email or through a prominent notice on our Site at least 30 days before the changes take effect. Your continued use of our services after the effective date constitutes your acceptance of the updated Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Eva Alexandre

InLight InSight Inc.

Email: [email protected]

Mailing Address: 467 Dunbar Crt, Kelowna, BC, V1P 1T5, Canada