Privacy Policy

Introduction

Wicked Problem Solving Inc. ("WPS", "we", "us", or "our") is a Canadian corporation organized under the laws of Ontario, Canada. We are committed to protecting the privacy and personal information of individuals who visit our website, purchase our courses or services, register for events, subscribe to communications, or otherwise interact with us (collectively, the "Services").

This Privacy Policy describes how we collect, use, store, disclose, transfer, and protect personal information in accordance with applicable privacy laws, including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), where applicable
• The EU General Data Protection Regulation (GDPR) and UK GDPR, where applicable

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. The Information We Collect

We collect personal information in order to provide, operate, and improve our Services. The nature of the information collected depends on how you interact with us.

Information You Provide Directly

When you register, purchase a course, subscribe to our communications, or contact us, we may collect:

• Your name
• Email address
• Billing and mailing address
• Telephone number (if provided)
• Account login credentials
• Company information (for business purchases)

If you make a purchase, payment information is collected and processed by our third-party payment processor (e.g., Stripe). We do not store full credit card numbers on our own servers.

Automatically Collected Information

When you access our website or online learning platform, we automatically collect certain technical and usage information, including:

• IP address
• Browser type and device information
• Operating system
• Pages visited and time spent
• Referring URLs
• Course engagement and usage analytics

This information is collected through cookies and similar technologies and is used to improve functionality, security, and user experience.

Marketing and Communications Data

If you subscribe to our newsletter or marketing communications, we collect information about your preferences and interactions with our emails — such as open rates and link clicks — to tailor communications appropriately.

2. How We Use Personal Information

We use personal information only for legitimate business purposes, including:

• Providing access to purchased courses and Services
• Processing payments and fulfilling transactions
• Communicating regarding accounts, updates, and customer support
• Improving and optimizing our website and course offerings
• Personalizing content and marketing communications (where lawful consent has been obtained)
• Analyzing behavioral data to segment and target marketing communications
• Preventing fraud and protecting security
• Complying with legal and regulatory obligations

We do not sell personal information.

Where required by law (including GDPR), we rely on one or more lawful bases for processing, including consent, contractual necessity, legal obligation, and legitimate business interests. Our legitimate interests include improving our Services, protecting against fraud, and marketing to existing customers in ways they would reasonably expect.

Automated Decision-Making and Profiling

We may use automated tools, including our email marketing platform (Klaviyo), to analyze your interactions with our communications and website in order to personalize content and messaging. This may constitute profiling under applicable law. If you are located in the EU or UK, you have the right to object to automated processing that produces significant legal or similarly significant effects on you. To exercise this right, please contact us using the information in Section 13.

3. Disclosure of Your Information

Service Providers

We may share personal information with third-party vendors and service providers who perform services on our behalf, including payment processing, email marketing, learning management, cloud infrastructure, and workflow automation. These parties are authorized to use your personal information only as necessary to provide their services to us and are bound by contractual obligations consistent with this Privacy Policy.

Our current primary service providers include:

• Shopify Inc. (commerce infrastructure)
• LearnWorlds Ltd. (learning management system)
• Klaviyo, Inc. (email marketing services)
• Stripe, Inc. (payment processing)
• Zapier, Inc. (workflow automation)
• Amazon Web Services (cloud infrastructure)

We encourage you to review the privacy policies of these providers, which govern their independent handling of your data.

Advertising and Analytics Platforms

We may share certain information — such as email addresses or browsing data — with advertising and analytics platforms (including Meta, Google, and LinkedIn) to facilitate targeted or look-alike advertising and to measure the effectiveness of our marketing efforts. You may opt out of personalized advertising through your account settings on those platforms or via industry opt-out tools at optout.aboutads.info or optout.networkadvertising.org.

Opting out of personalized advertising does not mean you will stop seeing ads from WPS; it means they will not be personalized based on your data.

Legal Requests

We will not disclose personal information to law enforcement or other government officials without a subpoena, court order, or substantially similar legal process, unless we believe in good faith that disclosure is necessary to: (i) prevent imminent physical harm or financial loss; (ii) report suspected illegal activity; or (iii) comply with a regulator's request regarding applicable law.

Business Transactions

In the event that Wicked Problem Solving Inc. undergoes a merger, acquisition, reorganization, or asset sale, personal information may be transferred as part of that transaction. We will take reasonable steps to ensure that any acquiring entity adheres to this Privacy Policy with respect to your personal information. You will receive prior notice of any material change in ownership or use of your personal information.

4. Marketing Consent & Electronic Communications

Where you have opted in to receive communications, we may send promotional or educational emails relating to our courses, events, and offerings.

We comply with:

• Canada's Anti-Spam Legislation (CASL)
• The U.S. CAN-SPAM Act
• GDPR consent requirements

You may withdraw consent at any time by using the unsubscribe link included in our communications or by contacting us directly. Withdrawal of marketing consent does not affect transactional or service-related communications.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure functionality, analyze usage, and improve performance. Cookies we use may include:

• Essential cookies — required for site functionality and secure access
• Analytics cookies — used to understand site performance and traffic patterns
• Functional cookies — remember your preferences across sessions
• Marketing cookies — used for targeted advertising (where consent is provided)

You may manage cookie preferences through your browser settings or our site-based consent tool.

Do Not Track

Our website recognizes browser "Do Not Track" signals where technically feasible. You may also manage tracking preferences through your browser settings or our cookie consent tool.

6. Storage & Transfer of Your Information

Your personal information is stored on secure servers operated by our service providers. Depending on the Services you use, your data may be hosted by providers in Canada, the United States, or other jurisdictions.

As a result, your personal information may be transferred across borders and may be subject to the laws of the jurisdiction in which it is processed, including lawful access by courts or government authorities.

GDPR and UK GDPR Safeguards

Where personal data is transferred outside the European Economic Area or the United Kingdom, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Contractual commitments with service providers
• Certifications or compliance with recognized international security standards

Further details may be provided upon request.

7. Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy:

• Where you have consented to processing, until consent is withdrawn
• For the duration of a contractual relationship
• Where required to comply with statutory or accounting obligations
• Where necessary to resolve disputes or enforce agreements

When personal information is no longer required, it is securely deleted, anonymized, or destroyed in accordance with applicable legal requirements.

8. Security of Your Information

We implement reasonable physical, technical, procedural, and administrative safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. These safeguards include:

• Encryption of data in transit (SSL/TLS)
• Secure hosting environments
• Access controls and authentication protocols
• Role-based internal access restrictions
• Use of PCI-DSS compliant payment processors
• Monitoring systems to detect potential vulnerabilities

Despite these measures, no method of transmission over the Internet or method of electronic storage is entirely secure. While we strive to protect personal information using commercially acceptable means, we cannot guarantee absolute security.

9. Your Privacy Rights

Canadian Residents (PIPEDA)

You may request access to personal information we hold about you and request correction of inaccuracies. You may also withdraw consent, subject to legal or contractual restrictions. If you are not satisfied with our response to a privacy concern, you have the right to escalate your complaint to the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.

California Residents (CCPA / CPRA)

You have the right to:

• Request disclosure of personal information collected about you in the past 12 months
• Request deletion of your personal information
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information for cross-context behavioral advertising (we do not sell personal information)
• Limit use and disclosure of sensitive personal information
• Be free from discrimination for exercising your rights

European Union / UK Residents (GDPR)

You have the right to:

• Access personal data we hold about you
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with your local Data Protection Authority

How to Submit a Request

To exercise any of the rights described in this section, please submit a written request to hello@wickedproblemsolving.com with the subject line "Privacy Rights Request." Please include sufficient information to verify your identity.

We will acknowledge receipt within 10 business days and provide a substantive response within 45 days, or notify you in writing if additional time is required under applicable law. We will not discriminate against you for exercising your privacy rights.

10. Children's Privacy

Our Services are not directed to individuals under the age of 13, or the applicable minimum age under the laws of your jurisdiction. We do not knowingly collect personal information from minors. If we learn that we have collected information from a child below the applicable age threshold, we will delete it promptly.

Parents or guardians who believe we have inadvertently collected their child's personal information may contact us at hello@wickedproblemsolving.com.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or business practices. Updates will be posted with a revised effective date. We will not retroactively reduce your rights under this Privacy Policy without your explicit consent.

For material changes, we will provide reasonable notice via email or a prominent notice on our website prior to the change taking effect.