Introduction
RiseMentor (“RiseMentor Inc.,” “we,” “our,” “us”) operates a Canadian subscription platform that pairs emerging leaders with vetted mentors and offers goal-tracking analytics, resource libraries, and live-coaching events. This Privacy Policy explains how personal information is collected, used, retained, and disclosed when mentees, mentors, corporate sponsors, or visitors interact with our website, mobile app, or support channels.
Privacy Policy (collection, processing, storage)
• Information we collect
(a) Profile data — name, email, province, professional title, industry, preferred language, multi-factor authentication seed, sign-in IP logs.
(b) Mentorship records — match history, session notes (added by user consent), progress milestones, uploaded assignments, feedback ratings.
(c) Community content — forum posts, event RSVPs, poll responses, peer endorsements.
(d) Payment data — tokenised card reference, billing postal code, GST/HST allocation, transaction history.
(e) Organisational data (for sponsor plans) — company name, business number, license allocation, participant roster, aggregate engagement metrics.
(f) Telemetry — browser build, mobile OS, feature clicks, session duration, crash traces.
(g) Support artefacts — chat transcripts, call recordings, screen-share files.
• Purposes
– create and manage user accounts and mentor matches;
– schedule meetings, send reminders, and generate goal dashboards;
– process subscription fees and issue CRA-compliant invoices;
– analyse de-identified aggregates to improve matching algorithms and curriculum design;
– enforce our Code of Conduct, investigate misuse, and comply with legal duties.
• Retention
Mentorship transcripts and progress logs are kept for the life of the account plus seven years for audit and accreditation verification. Financial and tax records follow CRA retention rules (minimum seven years). Encrypted backups purge on a rolling 35-day cycle.
• Access & correction
Authenticated users may review or update profile and mentorship data at any time via Settings → Profile or by emailing privacy@risementor.com.
• Consent
We seek express consent at registration and whenever you purchase a plan, connect a calendar, or upload session notes. Implied consent applies to operational logs essential for security. Withdrawal requests are honoured unless legal or contractual obligations require continued processing; we will outline any impact on service before completion.
• Accountability
A designated Privacy Officer conducts annual compliance reviews, trains staff, and responds to privacy inquiries within 30 days.
GDPR
Although RiseMentor focuses on Canada, some mentors or mentees may reside in the European Economic Area (EEA). Where the EU General Data Protection Regulation (GDPR) applies, we act as controller for account and billing data and processor for mentorship materials you upload. Processing bases: performance of a contract (Art. 6 (1)(b)), legitimate interest in platform security and service optimisation (Art. 6 (1)(f)), and legal obligation (Art. 6 (1)(c)). EEA residents may request access, rectification, erasure, restriction, portability, or objection via dpo@risementor.com and may lodge complaints with their supervisory authority.
Cookie Policy
4.1. Types of cookies
• Essential — session tokens, CSRF guards, and load-balancer cookies required for secure login.
• Preference — stores language, notification settings, dark-mode toggle.
• Analytics — first-party Matomo cookies with IP truncation that measure feature adoption and page latency.
• Marketing — optional cookies announcing new mentoring tracks or partner offers; never used for third-party ad networks.
4.2. How to disable cookies
Most browsers allow you to delete or block cookies. Essential cookies are mandatory for console access; disabling them prevents login. Preference and analytics cookies can be declined via our banner or by enabling “Do Not Track.” Marketing cookies load only after explicit opt-in and can be revoked under Account → Privacy.
Transfer to Third Parties
We do not sell personal information. Disclosures occur only to:
• Canadian cloud providers hosting encrypted data in Toronto and Montréal;
• PCI-DSS Level 1 payment processors;
• Accreditation partners that validate certificates (only when you request validation);
• Legal counsel, regulators, or courts when compelled by law or to defend claims;
• Law-enforcement agencies where disclosure is necessary to investigate fraud or protect public safety.
All vendors sign Data Processing Agreements mandating safeguards equal to PIPEDA and, where applicable, EU Standard Contractual Clauses.
Data-Security Measures
• AES-256-GCM encryption at rest with tenant-specific keys stored in FIPS 140-2 Level 3 Hardware Security Modules.
• TLS 1.3 with Perfect Forward Secrecy for data in transit.
• Zero-trust segmentation isolating each sponsor workspace.
• Role-based access control enforced by hardware-backed multi-factor authentication.
• Hourly incremental and nightly full backups replicated across two Canadian regions (RPO 15 min, RTO 4 h).
• Continuous vulnerability scanning, quarterly penetration tests, and annual SOC 2 Type II audit.
• Incident-response plan that notifies affected users within 72 hours of a confirmed breach and provides remediation updates.
Effective Date
This Privacy Policy is effective as of 18 June 2025 and supersedes all earlier versions. Material updates will be announced by email and in-app notice at least 30 days before they take effect.