Privacy Framework

How Eaulorix handles the details you share when exploring investment awareness pathways and educational resources tailored for the Canadian financial landscape.

Active from February 2026
01

Information Intake Architecture

What We Record During Your Journey

When someone registers for webinars on portfolio diversification or requests downloadable guides about risk assessment methodologies, certain identifying elements naturally surface. Names and contact coordinates emerge at registration checkpoints. You type them into forms designed to facilitate communication about upcoming educational sessions or follow-up materials related to investment literacy.

Identity Elements

Full names and preferred contact addresses appear when you subscribe to quarterly market insight newsletters or RSVP for virtual workshops scheduled throughout early 2026.

Communication Coordinates

Email addresses and phone numbers become visible when dialogue begins—whether you're asking about upcoming courses on ETF fundamentals or inquiring about resource availability for retirement planning frameworks.

Interaction Patterns

Which articles you read, which videos you watch to completion, and which tools you experiment with all generate behavioral traces that help refine future content offerings.

Device Characteristics

Browser configurations, screen dimensions, and operating system details arrive automatically during each site visit, shaping how educational interfaces render across tablets, phones, and desktops.

Geographic signals tied to Canadian regions help contextualize content—tax-advantaged account discussions reference TFSA and RRSP structures familiar to Calgary residents rather than foreign equivalents. Yet no granular street-level tracking occurs beyond the postal information you voluntarily provide during correspondence.

Occasionally, enrichment happens when you link external accounts—importing transaction histories from brokerage platforms for portfolio analysis exercises, for instance. That intake remains strictly optional and occurs only after explicit permission.

02

Operational Dependencies

Why These Details Matter to Core Functions

Every piece of captured information serves a functional necessity within the educational infrastructure. Nothing gets stored arbitrarily.

  • Course enrollment systems require names and email addresses to generate access credentials for the April 2026 "Building Balanced Portfolios" series, ensuring the right participants receive login links and session reminders.
  • Personalized learning pathways adapt based on prior module completions—someone who finished beginner bond basics sees intermediate fixed-income strategies suggested next, creating logical progression without manual curation.
  • Communication infrastructure depends on accurate contact coordinates to deliver monthly investment awareness bulletins, announce new calculator tools, or alert subscribers when archived webinar recordings become available.
  • Platform stability monitoring relies on device and browser metadata to diagnose interface glitches affecting mobile users attempting to access interactive budget planners on smaller screens.
  • Quality improvement initiatives analyze aggregate engagement metrics—discovering that video tutorials about dividend reinvestment plans consistently get rewatched suggests those concepts deserve expanded treatment in future materials.

When inquiries arrive requesting clarification on fee structures for robo-advisory services—a common question among Canadians exploring automated investing—that correspondence creates a record linking your email to the support ticket. Response quality improves because context persists; repeated exchanges don't require re-explaining your initial question.

Financial literacy assessments occasionally incorporate demographic slices (age brackets, investment experience levels) to benchmark knowledge gaps across different learner populations. Aggregated insights reveal which topics need stronger foundational coverage, but individual quiz scores remain tied only to anonymized user IDs unless you explicitly request personalized feedback.

03

External Disclosure Boundaries

When Information Leaves Internal Systems

Limited circumstances trigger outbound data movement beyond Eaulorix infrastructure. These scenarios follow defined protocols rather than occurring haphazardly.

Email delivery services handle newsletter dispatch—your address travels to a third-party messaging platform that physically transmits educational content to your inbox. Those vendors operate under strict processor agreements prohibiting them from leveraging subscriber lists for unrelated marketing or selling contact databases to brokers.

Video hosting infrastructure stores recorded workshop sessions. When you stream a presentation about RESP contribution strategies for children's education savings, playback occurs through embedded players fetching content from specialized media servers. Viewing analytics flow back to help gauge which segments resonate most, but identifiable viewer details don't persist in those external systems beyond temporary session logs.

Payment processors enter the picture when premium educational materials require purchase—a comprehensive guide to tax-loss harvesting techniques, perhaps. Transaction completion involves sharing billing details with financial intermediaries that facilitate secure credit card charges. Eaulorix never sees full card numbers; only tokenized confirmations and billing addresses sufficient for receipt generation.

Legal compulsion represents another disclosure trigger. Canadian regulatory authorities investigating financial fraud schemes might subpoena user records if illicit actors misused educational resources while conducting pump-and-dump stock promotions. Compliance with lawful demands doesn't require prior notification, though such incidents remain exceedingly rare given the purely educational nature of platform activities.

Corporate restructuring scenarios—acquisitions, mergers, asset sales—could transfer user databases to successor entities. Any such transition would occur only if acquiring parties committed to maintaining equivalent privacy protections and honoring existing user preferences regarding communication and data handling.

Last external audit of processor agreements completed December 2025

04

Protection Mechanisms & Limitations

Security Posture and Inherent Vulnerabilities

Multiple defensive layers shield stored information from unauthorized exposure, though no system achieves absolute invulnerability.

Transport Encryption

All connections between your device and Eaulorix servers enforce TLS 1.3 protocols, encrypting data in transit to prevent interception during transmission across public networks. Certificate pinning adds another verification step confirming you're genuinely communicating with legitimate infrastructure rather than imposter sites.

Storage Safeguards

Database encryption at rest scrambles stored records using AES-256 algorithms, rendering raw data meaningless if physical storage media gets stolen. Access controls enforce role-based permissions—only personnel handling support inquiries can view contact details, while content teams see anonymized engagement metrics.

Intrusion Monitoring

Automated systems continuously scan for anomalous access patterns—sudden attempts to extract large user lists from unusual geographic locations trigger immediate alerts and temporary lockdowns until human security staff investigate potential breaches.

Persistent Risks

Despite precautions, sophisticated attacks leveraging zero-day exploits could compromise systems before patches deploy. Insider threats from rogue employees bypassing safeguards remain theoretically possible. Credential phishing targeting users directly sits outside organizational control—if attackers trick you into revealing login details through fake emails impersonating Eaulorix, those stolen credentials enable unauthorized account access regardless of platform security measures.

Regular penetration testing by external security firms occurs quarterly, simulating attack scenarios to identify weaknesses before malicious actors discover them. Vulnerability disclosures prompt rapid remediation, typically patching critical flaws within 48 hours of identification.

05

User Agency & Retention Logic

Control Mechanisms and Data Lifecycle

Several pathways exist for exercising influence over how your information gets handled and how long it persists within organizational systems.

Available actions span the following capabilities, though some limitations apply based on legal obligations and operational requirements:

Access Requests

Submit inquiries to obtain copies of all stored information tied to your account—complete records arrive within 30 days, formatted as machine-readable JSON files or human-friendly PDF summaries depending on preference.

Correction Procedures

Outdated email addresses or misspelled names can be updated directly through account settings. More complex amendments—disputing inaccurate notes in support ticket histories—require contacting the privacy team with supporting documentation.

Deletion Mechanics

Account closure triggers systematic purging of identifiable details within 90 days. Aggregate analytics derived from your past behavior persist indefinitely but get fully anonymized such that reconstruction of individual identities becomes technically infeasible.

Processing Objections

Opt-out mechanisms let you halt non-essential uses—preventing personalized content recommendations while still receiving transactional emails about webinar registrations you've already confirmed, for instance.

Portability Options

Export your learning history, saved articles, and custom portfolio configurations to transfer elsewhere. Structured data packages facilitate migration to competitor platforms if you decide alternative investment education resources better suit your needs.

Automated Decision Review

When algorithms determine which advanced modules to suggest based on quiz performance, you can request human review of those recommendations to understand the reasoning and challenge potentially flawed logic.

Retention durations vary by data category. Active user profiles remain intact indefinitely during ongoing engagement. After 24 months of complete inactivity—no logins, no email opens, no resource downloads—accounts enter dormant status prompting a reactivation email. Continued silence beyond 36 months triggers automatic archival, moving records to cold storage where they await eventual deletion unless legal holds apply.

Support correspondence gets retained for seven years per Canadian business record-keeping standards, even after account deletion. Transaction histories related to purchased materials persist similarly due to tax audit requirements. Aggregate performance metrics contributing to research studies may survive longer still, though always stripped of personally identifying markers.

Security incident logs capturing failed login attempts or suspicious access patterns stick around for five years to support forensic investigations and pattern analysis identifying emerging threat vectors.

Reaching the Privacy Team

Questions about how your information gets handled, requests to exercise control rights, or concerns about potential misuse should flow through dedicated privacy channels staffed by specialists trained in Canadian data protection frameworks.

Written Correspondence

Formal requests requiring documentation should be mailed to:

Privacy Office
Eaulorix
444 Manitou Rd SE
Calgary, AB T2G 4C4
Canada

Digital Inquiries

Email privacy-related questions directly to:

contact@eaulorix.com

Include "Privacy Request" in the subject line to ensure proper routing to compliance staff rather than general customer support queues.

Phone Contact

For urgent matters requiring immediate attention—suspected account breaches, for example—call:

+1 604 655 6793

Privacy specialists are available Monday through Friday, 9 AM to 5 PM Mountain Time.

If responses from Eaulorix fail to resolve concerns adequately, escalation options exist through the Office of the Privacy Commissioner of Canada, which investigates complaints about organizational data handling practices and enforces federal privacy legislation.