Privacy Policy

Effective July 10, 2026

This Privacy Policy describes how Visionary Vectors Inc. ("we", "us", "our") collects, uses, and discloses your personal information when you use the Vexis IA Maturity Assessment ("the Service") at vexis.visionaryvectors.ca.

By using the Service you agree to the collection and use of information in accordance with this Policy.

1. Information we collect

1.1 Account information

When you sign up we collect your name, email address, and (if you sign in with Google) your Google profile name, email, and avatar URL.

1.2 Organization profile

To contextualize your assessment, we ask for your company name, country, internal audit team size, years your IA function has operated, headquarters region, and industry sector. This information is visible to administrators of the Service.

1.3 Assessment responses

Your answers to each survey question, including any free-text "Other — please specify" inputs you provide, and the maturity scores computed from those answers.

1.4 Technical information

Standard server logs (IP address, browser type, page requests) used for security and to operate the Service. We do not use third-party advertising cookies.

1.5 Conversation transcripts (admin-uploaded)

For certain participants an administrator of the Service may upload a conversation transcript (for example, a discovery-call transcript or meeting notes) on your behalf so that survey answers can be pre-filled from that conversation. Transcripts are uploaded only by administrators — you are never asked to upload one yourself. When a transcript is uploaded we store the original text plus, for each survey question the transcript addresses, the short supporting snippet Claude quoted when it inferred your answer. You can see the snippet and who uploaded the transcript by hovering the sparkle indicator that appears on any pre-filled question, and you can change any pre-filled answer at any time.

2. How we use your information

  • To provide and operate the assessment service.
  • To generate your maturity report and computed scores.
  • To allow administrators to view, analyze, and export aggregated participant data (filtered or grouped by demographic dimensions).
  • To send you transactional emails (email confirmation, password reset).
  • To extract survey answers from any conversation transcript an administrator uploads on your behalf. Extraction is performed by Anthropic’s Claude Sonnet model in a single request per transcript; extracted answers are stored in your assessment responses and marked as transcript-sourced.
  • To improve the Service and detect abuse.

3. How we share your information

We do not sell your personal information. We share information only with the following service providers, who process it on our behalf:

  • Supabase — database, authentication, and storage hosting (region: Canada Central).
  • Vercel — web application hosting and serverless execution.
  • Google — if you sign in with Google, your authentication is handled by Google in accordance with their privacy policy.
  • Anthropic— when an administrator uploads a conversation transcript for you, we send the transcript and the survey questions to Anthropic’s Claude API so it can identify supported answers. Anthropic processes the request on our behalf and does not train its models on this data.

We may disclose information if required by law, to enforce our terms, or to protect our rights, property, or safety.

4. Data retention

We retain your account and assessment data for as long as your account is active. You may request deletion of your account and all associated data by emailing cdk@visionaryvectors.ca; we will action requests within 30 days.

Any conversation transcript uploaded on your behalf is stored encrypted for a maximum of thirty (30) days after upload and is then automatically deleted. After deletion we keep only the short supporting snippets attached to your pre-filled answers plus a minimal audit record noting that a transcript was uploaded, by whom, and when — the original transcript text is gone.

5. Your rights

Depending on your jurisdiction (including under PIPEDA in Canada, GDPR in the EU/UK, and similar regimes elsewhere), you may have the right to access, correct, port, or delete your personal information. You can exercise these rights by emailing cdk@visionaryvectors.ca.

6. Security

We use industry-standard measures — including encryption in transit (HTTPS / TLS), row-level security on the database, and OAuth-based authentication — to protect your information. No system is perfectly secure; we cannot guarantee absolute security but we make reasonable efforts to safeguard your data.

7. Children

The Service is intended for use by professionals. We do not knowingly collect personal information from anyone under the age of 16.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and via the Service. The effective date at the top of this page reflects the latest revision.

9. Contact

Questions about this Privacy Policy? Contact us at cdk@visionaryvectors.ca.