Privacy Policy
Effective date: 2026-06-05
Last updated: 2026-06-05
This page explains what personal information Thrive Creative Ltd. (“Thrive“, “we”, “us”) collects from visitors to thrivecreative.ltd, how we use it, who else sees it, and the rights you have over it under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta’s Personal Information Protection Act (PIPA).
We are based in Calgary, Alberta, Canada.
1. What information we collect
We collect personal information directly from you when you choose to share it, and automatically as your browser communicates with our website.
When you fill out a contact, lead, or booking form, we collect what you provide — typically:
- Your name
- Your email address
- Your phone number (optional, when you provide it)
- Your organization or company
- The message or question you wrote to us
- Any qualifier or context fields you completed
- The page you submitted from, and how you arrived at our site (referral URL and UTM campaign tags)
When you book a discovery call, we additionally collect:
- The time window you selected
- A copy of the meeting confirmation, and (later) whether the call was held, rescheduled, or cancelled
Automatically, every time you visit a page, our servers record:
- Your IP address
- The page URL you requested
- Your browser type and operating system (user agent)
- The referring URL (which site or search result sent you to us)
- The date and time of the request
We do not require or collect government identification, financial account information, social insurance numbers, or sensitive personal information (health, religion, ethnicity, sexual orientation, etc.).
2. How we use your information
We use the information we collect for the following purposes:
- To respond to your inquiry or message
- To schedule, confirm, and hold meetings you’ve booked with us
- To follow up on conversations we’ve already started
- To send transactional emails (booking confirmations, meeting reminders, replies to your questions)
- To send occasional updates about Thrive — only if you’ve opted in, and you can unsubscribe at any time
- To diagnose technical issues with the website
- To prevent and investigate security incidents (spam, abuse, fraud)
- To meet legal and tax record-keeping obligations
We do not sell your information, and we do not use it for cross-context behavioural advertising.
3. Who else sees your information
Some of the work above is done with the help of vendors and infrastructure partners (“processors“) who handle your information on our behalf. Each one has its own privacy practices, which their respective privacy policies describe in more detail.
| Service | What they receive | Where it’s processed |
|---|---|---|
| Amazon Web Services (AWS) | Everything — they host our website, our internal CRM, and our database | Canadian AWS region (Montreal, ca-central-1) |
| Microsoft 365 | Email content + sender/recipient addresses for transactional messages we send you (booking confirmations, replies) | Microsoft Canadian + US data centres |
| Zoom, Microsoft Teams, or Google Meet | The meeting room and participant info for sales calls we hold with you | United States |
| Google Analytics 4 | Anonymized site-usage data (pages visited, browser, approximate location). IP addresses are truncated by Google before storage. (Planned addition — not yet installed at the time this policy was published.) | United States |
We do not currently share your information with any other third parties. We do not sell it, rent it, or use it for advertising networks. If that changes, we will update this page before the change takes effect.
Twenty CRM, our customer-relationship-management tool, runs on our own infrastructure (twenty.thrivecreative.ltd). Data inside it stays within our hosting environment and is not transferred to a third-party Twenty service.
This policy will be updated to identify our email-marketing provider once it is confirmed.
4. International transfers
When we use processors based outside Canada — most commonly in the United States — your information is transferred to and processed there. This is permitted under PIPEDA and Alberta PIPA as long as the receiving party provides “comparable” protection. We rely on the contractual data-protection terms each processor publishes, and (where appropriate) the additional safeguards in our agreements with them.
5. How long we keep your information
We retain personal information only as long as we need it for the purposes above and for our record-keeping obligations.
| Information | Retention period |
|---|---|
| Inactive lead records (no further engagement after first contact) | 2 years, then deleted |
| Closed customer / engagement records | 7 years, for tax and accounting purposes |
| Booking history (held, cancelled, no-show records) | 3 years |
| Server access logs (IP, URL, timestamp) | 90 days |
| Email transactional logs (sent receipts, delivery status) | 1 year |
| Backup snapshots of all of the above | Rolling 30-day window, then overwritten |
After these windows, the information is permanently deleted from active systems and (after the backup cycle elapses) from backup.
6. Cookies and similar technologies
We use a small number of cookies and similar technologies:
- Strictly necessary cookies — required for the website to function (e.g., session, security tokens). These cannot be disabled.
- Analytics cookies — set by Google Analytics 4 (once installed). These help us understand how the site is used. You can opt out via Google’s opt-out browser add-on.
- We do not use advertising cookies, social-media tracking pixels, or session-replay tools.
Most browsers let you block, delete, or be notified about cookies through their settings. Blocking strictly-necessary cookies may break parts of the site (e.g., form submission).
7. Your rights
Under PIPEDA, Alberta PIPA, and similar Canadian privacy laws, you have the right to:
- Know what personal information we hold about you
- Access a copy of that information
- Correct information that is inaccurate or incomplete
- Withdraw consent for us to use your information going forward (subject to legal record-keeping obligations)
- Request deletion of your information from our active systems
- Lodge a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta
To exercise any of these rights, email privacy@thrivecreative.ltd. We will respond within 30 days. We may ask you to verify your identity before we provide or delete information, to protect against unauthorized access.
8. How we protect your information
We use commercially reasonable safeguards:
- HTTPS (TLS) for all traffic between your browser and our site
- Encrypted storage at rest for databases and backups
- Role-based access controls — only team members who need access have it
- Routine security monitoring, intrusion detection, and software patching
- Restricted, audited access to production infrastructure
No system is perfectly secure. If a security incident affects your personal information, we will notify you and the appropriate regulator as required by law.
9. Children
Our website and services are intended for businesses and adults. We do not knowingly collect personal information from children under 13. If you believe we have, please contact privacy@thrivecreative.ltd and we will delete it.
10. Changes to this policy
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page, and — for material changes — we will note the change prominently before it takes effect.
11. Contact us
For any privacy question, request, or complaint:
Email: privacy@thrivecreative.ltd
Postal mail:
Thrive Creative Ltd.
Unit G15, 260300 Writing Creek Cres
Balzac, Alberta T4A 0X8
Canada