1. INTRODUCTION

GYST Co. ("we", "us", "our") is committed to protecting the privacy and confidentiality of personal

information.

This Privacy Policy explains how we collect, use, store, and protect personal information in accordance

with applicable Canadian privacy laws.

By using our services or interacting with our business, you acknowledge and accept the practices

outlined in this policy.

2. INFORMATION WE COLLECT

We collect only the information necessary to provide our services.

Personal information

May include:

• Full name

• Email address

• Phone number

• Business name and role

• Billing information (e.g., address) when required for invoicing

Business + project information

May include:

• Brand/business details, offers, and messaging inputs

• Assets provided for service delivery (copy, images, logos)

• Account access details shared by the client for tools/platforms (e.g., social accounts, website

hosting, CRM)

Technical information

When you visit our website or interact with our systems, we may collect:

• IP address

• Device/browser information

• Website usage data

• Cookies and analytics data (if applicable)

At this time, we may set up business profiles and basic analytics (e.g., Google Business Profile and/or

Google Analytics) as part of marketing work. If implemented, these tools may collect usage data

through cookies or similar technologies.

3. HOW INFORMATION IS COLLECTED

Information may be collected through:

• Client onboarding forms (including intake forms hosted in GoHighLevel)

• Proposals, invoices, and service agreements

• Consultations and communications (email, messaging, calls)

• Secure forms or systems used for service delivery

• Approved third-party providers used to deliver services

4. PURPOSE OF COLLECTION

Information is used to:

• Deliver services (marketing systems, websites/funnels, automations, CRM implementation,

content/social management)

• Communicate with clients

• Manage projects, support, and service delivery

• Issue invoices, process payments, and keep business records

• Improve our services and client experience

• Comply with legal obligations

5. CONSENT

Consent is obtained for the collection, use, and disclosure of personal information except where

permitted or required by law.

Consent may be written, verbal, or implied depending on the situation.

You may withdraw consent at any time, subject to legal or contractual restrictions.

6. DISCLOSURE OF INFORMATION

We do not sell or rent personal information.

We may share information with:

• Service providers required to deliver services (e.g., website hosting, CRM providers,

email/SMS tools, analytics)

• Payment processors and accounting tools

• Professional advisors (e.g., legal, accounting) as needed

Third parties are expected to maintain confidentiality and appropriate safeguards.

7. SECURITY SAFEGUARDS

We use reasonable administrative, technical, and organizational safeguards to protect information,

which may include:

• Secure password practices and access controls

• Restricted permissions

• Secure storage for client files

• Limiting access to information on a need-to-know basis

8. RETENTION OF INFORMATION

We retain information only as long as necessary to provide services and to meet legal, tax, and business

record-keeping requirements.

When no longer required, information is securely deleted or anonymized where reasonable.

9. ACCURACY OF INFORMATION

We take reasonable steps to keep personal information accurate and current.

Clients are encouraged to notify us of any updates or changes.

10. ACCESS AND CORRECTIONS

You may request access to your personal information or request corrections.

Requests must be submitted in writing and may require identity verification.

11. COOKIES AND WEBSITE USE

Our website may use cookies or similar technologies to enhance user experience and analyze

performance.

You may adjust cookie settings through your browser preferences.

12. CROSS-BORDER DATA

Some tools used for service delivery may store or process data outside of Canada.

Where applicable, we take reasonable steps to ensure appropriate protections are in place.

13. ADDITIONAL DATA FOR REGULATED / FINANCIAL-INDUSTRY WORK

In the future, GYST Co. may work with clients in regulated industries (including financial services). If

so, additional information may be collected or handled in connection with those engagements, and may

be subject to additional contractual, regulatory, or confidentiality requirements.

14. UPDATES TO THIS POLICY

We may update this Privacy Policy periodically. The most current version will be available upon

request or through our standard documentation.

15. CONTACT INFORMATION

GYST Co.

Email: [email protected]

NOTES

• Specific tools may vary by client and project. This policy is written to stay general and flexible

while still explaining how information is handled.