Privacy Policy

Last updated: May 22, 2026

Who we are

SQALogic Technologies, Inc. ("SQALogic", "we", "us", "our") is a Canadian company specialized in software quality assurance services and quality engineering diagnostics. We are incorporated in Canada with offices at 235 Peel Street, Suite 1809, Montreal, Quebec H3C 0P8, Canada.

This privacy policy explains how we collect, use, share, and protect personal information when you:

• Engage SQALogic's consulting, training, or quality assurance services
• Complete the CareLogic diagnostic at carelogic.sqalogic.com (or related domains)
• Visit our websites (sqalogic.com, sqalogic.ca, carelogic.sqalogic.com)
• Communicate with us by email, phone, or other channels

This policy applies to all personal information we collect about identified or identifiable individuals, regardless of channel.

Privacy Officer

In accordance with the *Act respecting the protection of personal information in the private sector* (Quebec, as amended by Law 25), we have designated a Privacy Officer responsible for our compliance with privacy law and for handling requests from individuals about their personal information.

Privacy Officer: David Milette, Chief Technology Evangelist Email: privacy@sqalogic.com Mail: SQALogic Technologies, Inc., Attn: Privacy Officer, 235 Peel Street, Suite 1809, Montreal, QC H3C 0P8, Canada Phone: +1 (866) 772-5642

You may contact the Privacy Officer directly with any privacy question, complaint, or to exercise the rights described below.

What personal information we collect

From SQALogic service customers and prospects

When you engage SQALogic for consulting, training, or quality assurance services, we collect:

• Business contact information (name, title, employer, email, phone, mailing address)
• Information about your organization's quality assurance needs and infrastructure
• Service delivery information (engagement notes, deliverables, communications)
• Billing information (invoicing, payment processing — payment card data is processed by our payment provider, not stored by SQALogic)

From CareLogic diagnostic respondents

When you complete the CareLogic quality engineering diagnostic, we collect:

• Contact information you provide at the contact gate (name, email, employer, role, optionally phone)
• Your answers to the diagnostic questions
• Diagnostic metadata (session token, language preference, completion timestamp)
• Whether you consent to follow-up communication and annual reassessment reminders

The diagnostic does not collect sensitive personal information (health, financial, biometric, etc.). All diagnostic answers describe your organization's quality engineering practice, not you as an individual.

From CareLogic 1:1 consultation participants

If you accept the optional 1:1 deep-dive consultation following your diagnostic, and you provide consent at the time of booking, we additionally collect:

• A recording of the consultation conducted via video conferencing (Microsoft Teams or Zoom)
• An automated transcript generated from the recording
• Structured insights derived from the transcript by automated processing (see "Automated decision-making (CareLogic)" below)
• The names, roles, and statements of any individuals who participate in the consultation

Recording the consultation is optional. You will be asked for explicit consent at the time of booking, with disclosure of the purpose (Final Report generation), retention period, and AI processing involved. If you decline recording, we will conduct the consultation with manual note-taking by the SQALogic consultant instead, and you will receive the Final Report based on those notes.

Recording captures the statements of all participants. If other individuals from your organization will participate in the consultation, you are responsible for informing them in advance and ensuring they are comfortable with the recording. Any participant may request that the recording be stopped at any point during the consultation, with no impact on their access to the Final Report.

From website visitors

When you visit our websites, we automatically collect:

• IP address and approximate geographic location derived from it
• Browser type, operating system, and device information
• Pages visited, time spent, referring URL
• Cookies and similar technologies (see "Cookies and tracking" below)

From people who contact us

When you contact us by email, phone, the contact form, or social media, we collect the information you provide plus contact details so we can respond.

Why we collect personal information

We collect personal information only for specific, identified purposes:

For service customers:

• To deliver the services you've engaged us for
• To bill you and process payments
• To maintain the customer relationship (account management, support, communications)
• To meet our contractual and legal obligations

For CareLogic respondents:

• To deliver your Pulse Report
• To enable optional 1:1 deep-dive consultations
• To send anniversary reminders (only if you've consented)
• To improve the diagnostic through anonymized cohort analysis (see "Cohort anonymization" below)

For website visitors:

• To operate, secure, and improve our websites
• To analyze how visitors use our sites
• To comply with legal obligations

For all contacts:

• To respond to your inquiry
• To send commercial communications if you've consented
• To comply with applicable law (anti-spam, tax, accounting, etc.)

Legal basis for collecting personal information

In Quebec, we collect personal information based on:

• Your manifest, free, and informed consent (for marketing communications, CareLogic participation, anniversary reminders)
• The performance of a contract you've entered into with us (for service delivery, billing)
• Our legitimate interest in operating, securing, and improving our business (for website operations, fraud prevention, internal analytics)
• Compliance with legal obligations (for tax, accounting, anti-spam laws)

For individuals in the European Economic Area, the legal bases align with Articles 6 and 9 of the GDPR (consent, contract, legitimate interest, legal obligation).

Automated decision-making (CareLogic)

The CareLogic diagnostic uses automated processing to generate your Pulse Report. Specifically:

• Your answers are scored against a rubric to produce composite and pillar-level scores
• Pattern-matching identifies "urgent findings" and "contradiction patterns" based on combinations of your answers
• A Pulse Report is automatically generated using these results

The Pulse Report is informational. It is not used to make decisions that produce legal or similarly significant effects on you. Any subsequent engagement decisions (consulting services, follow-up offers) involve human review and the optional 1:1 deep-dive conversation.

You may request a human review of your Pulse Report by contacting the Privacy Officer.

For diagnostic respondents who accept the optional 1:1 deep-dive consultation, the post-consultation Final Report is generated using a large language model (LLM). The LLM processes the following inputs to produce a polished report:

• The structured findings from your Pulse Report
• The structured findings from the consultant's preparation document (Agent Brief)
• If you consented to consultation recording: structured insights extracted from the meeting transcript through an automated processing step, and selected transcript excerpts including verbatim quotes attributed to participants
• If you declined consultation recording: notes taken manually by the SQALogic consultant during the meeting

A SQALogic consultant reviews the LLM output before delivery to you. The LLM provider operates under contractual terms that prohibit training on your data and limit data retention to the duration necessary for the inference request. The current LLM provider is identified in the "Who we share personal information with" section below.

The Final Report is a deliverable. It is not used to make decisions that produce legal or similarly significant effects on you, and any subsequent engagement decisions involve human review. A SQALogic consultant reviews the Final Report before delivery — this human review is part of every Final Report. If you believe the Final Report contains a factual error or misrepresents something from your consultation, contact the consultant who conducted your 1:1 or the Privacy Officer; we will review the concern and issue a correction where warranted.

Cohort anonymization (CareLogic)

To improve CareLogic and to publish aggregate market insights, we anonymize completed diagnostic responses and combine them into cohorts. Before any cohort analysis:

• Direct identifiers (name, email, phone, employer name) are removed
• We apply k-anonymity (k≥5): any combination of attributes shared by fewer than 5 respondents is suppressed or generalized
• Free-text fields are reviewed for inadvertent personal information and redacted

Anonymized cohort data is used for:

• Internal analytics on diagnostic patterns
• Market research publications and benchmarks
• Improvements to the diagnostic and the Pulse Report

If you don't want your anonymized responses included in cohort analysis, contact the Privacy Officer.

Who we share personal information with

We share personal information only as needed for the purposes described in this policy, and only with the following categories of recipients:

Service providers we engage to operate our business:

• Cloud hosting and infrastructure providers
• Email and communications providers (Microsoft 365 for our company email; transactional email service for CareLogic emails)
• Calendar and booking systems (Microsoft Bookings for 1:1 scheduling)
• Customer relationship management (Odoo Enterprise Cloud)
• AI inference providers (currently Anthropic Claude via Amazon Bedrock) for automated Final Report generation following 1:1 consultations
• Payment processors
• Analytics providers

These service providers are bound by contracts requiring them to protect personal information consistent with this policy.

Other parties when legally required:

• Law enforcement, regulators, or courts when required by valid legal process
• Professional advisors (lawyers, accountants, auditors) under confidentiality obligations
• Acquirers in the context of a business sale, merger, or restructuring (subject to confidentiality)

We do not sell personal information. We do not share it with advertisers, data brokers, or marketing networks unrelated to our own services.

Where personal information is stored and processed

Personal information is primarily stored and processed in Canada. Some service providers we use (notably Microsoft for email, calendars, and bookings) may store data in the United States or other countries.

When we transfer personal information outside Quebec, we:

• Conduct a privacy impact assessment as required by Law 25
• Ensure the receiving party provides equivalent protection through contract and technical safeguards
• Inform you, in this policy, of the categories of transfers occurring

How long we keep personal information

We keep personal information only as long as necessary for the purposes for which we collected it:

You may request earlier deletion of identifying information at any time (see "Your rights" below). Some information may need to be retained longer to meet legal obligations.

Security measures

We protect personal information with safeguards proportionate to its sensitivity:

• Encryption in transit (TLS) for all communications with our websites and services
• Encryption at rest for stored personal data
• Access controls limiting personal information to authorized personnel with a need to know
• Multi-factor authentication for systems containing personal information
• Regular backups in encrypted, geographically separated storage
• Network firewalls and intrusion detection
• Vendor security assessments for third-party processors
• Security incident response procedures with a 48-hour breach notification commitment

No security measure provides absolute protection. We continuously improve our practices and respond promptly to identified vulnerabilities.

Your rights

Under Law 25 (Quebec), PIPEDA (Canada federal), and other applicable privacy laws, you have the following rights:

Right to access. You may request a copy of the personal information we hold about you.

Right to rectification. You may request correction of inaccurate or incomplete personal information.

Right to deletion. You may request deletion of your personal information, subject to legal retention obligations.

Right to portability. You may request your personal information in a structured, commonly used, machine-readable format.

Right to withdraw consent. You may withdraw consent for processing based on consent (marketing communications, CareLogic participation, anniversary reminders) at any time. Withdrawal does not affect processing before withdrawal.

Right to object. You may object to processing based on legitimate interest.

Right to file a complaint. You may file a complaint with the Commission d'accès à l'information du Québec or the Office of the Privacy Commissioner of Canada.

For individuals in the European Economic Area, the equivalent rights under GDPR Articles 15–22 apply.

How to exercise your rights

To exercise any of these rights, contact the Privacy Officer:

• Email: privacy@sqalogic.com
• Mail: SQALogic Technologies, Inc., Attn: Privacy Officer, 235 Peel Street, Suite 1809, Montreal, QC H3C 0P8, Canada
• Phone: +1 (866) 772-5642

We will respond within 30 days. Verification of identity may be required. If we cannot meet a request, we will explain why.

You may unsubscribe from CareLogic emails using the link in any email or by contacting the Privacy Officer. Unsubscribing from CareLogic emails does not affect other communications you may have with SQALogic.

Breach notification

If we identify a security breach involving your personal information that creates a real risk of serious injury, we will:

• Notify you without undue delay, no later than 48 hours after becoming aware of the breach
• Notify the Commission d'accès à l'information du Québec as required by Law 25
• Provide information about the nature of the breach, likely consequences, and measures we're taking
• Maintain a confidential register of all breaches as required by law

Cookies and tracking

Our websites use cookies and similar technologies to operate and improve the site. Categories:

Strictly necessary. Required for the site to function (session management, security, language preference). These cannot be disabled.

Analytics. Help us understand how visitors use the site (anonymized aggregate). You can opt out through your browser settings.

Marketing. None currently. If we introduce marketing cookies in the future, we will request your consent first.

You can manage cookie preferences through your browser settings. Disabling necessary cookies may prevent parts of our sites from functioning.

Children's privacy

Our services are intended for business and professional use. We do not knowingly collect personal information from individuals under 16 years of age. If you become aware that a minor has provided us with personal information, please contact the Privacy Officer and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced on our website and, for active service customers and CareLogic respondents, by email at least 30 days before taking effect. The "Last updated" date at the top of this policy reflects the most recent revision.

Contact

For any questions about this policy or our privacy practices:

SQALogic Technologies, Inc. Attn: Privacy Officer 235 Peel Street, Suite 1809 Montreal, QC H3C 0P8, Canada

Email: privacy@sqalogic.com (privacy-specific) General inquiries: info@sqalogic.com Phone: +1 (866) 772-5642

To file a complaint with the Quebec privacy regulator:

Commission d'accès à l'information du Québec cai.gouv.qc.ca | 1-888-528-7741

To file a complaint with the federal Canadian privacy regulator:

Office of the Privacy Commissioner of Canada priv.gc.ca | 1-800-282-1376