Privacy Policy

1. Introduction

Factor-Based ("Factor-Based," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website at factorbased.com (the "Website") and use our equity research subscription services (the "Services").

This Privacy Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and applicable provincial privacy legislation. By using our Website and Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

• Create an account: Name, email address, and authentication credentials (managed through Clerk, our authentication provider)
• Subscribe to our Services: Payment information (credit card details processed and stored by Stripe; we do not store your full credit card number)
• Contact us: Name, email address, and any information included in your correspondence
• Provide feedback: Any information you submit through surveys, feedback forms, or feature requests

2.2 Information Collected Automatically

When you access our Website, we may automatically collect:

• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution
• Usage data: Pages visited, time spent on pages, click patterns, features used, documents downloaded, and navigation paths
• Cookies and similar technologies: As described in our Use of Cookies policy
• Referral data: The website or source that referred you to our Website

2.3 Information from Third Parties

We may receive information from:

• Clerk: Authentication and identity verification data
• Stripe: Payment status, subscription status, and transaction history (but not full payment card numbers)

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Delivery

• To create and manage your account
• To process subscription payments and manage billing
• To provide access to research content, portfolio data, and documents
• To send transactional communications (subscription confirmations, billing receipts, rebalancing alerts)

3.2 Service Improvement

• To analyze usage patterns and optimize the Website and Services
• To develop new features and improve existing ones
• To conduct internal research and analytics

3.3 Communications

• To respond to your inquiries and support requests
• To send important updates about the Services (e.g., changes to terms, security alerts)
• To send marketing communications, where you have consented to receive them, in compliance with CASL

3.4 Legal and Security

• To comply with legal obligations and respond to lawful requests
• To protect the security and integrity of our Services
• To enforce our Terms of Use and prevent fraud or misuse

4. Consent

In accordance with PIPEDA, we rely on the following forms of consent:

• Express consent: For the collection and use of sensitive information such as payment details, and for marketing communications (as required by CASL)
• Implied consent: For information reasonably necessary to provide the Services you have requested, such as processing your account registration and subscription

You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us at the address provided below. Withdrawing consent for information necessary to provide the Services may result in our inability to continue providing those Services to you.

5. Disclosure of Information

We may share your personal information with the following parties:

• Service providers: Clerk (authentication), Stripe (payment processing), and hosting providers who assist in operating our Website and Services. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Legal requirements: When required by law, regulation, legal process, or governmental request, including requests from Canadian regulatory or law enforcement authorities
• Business transfers: In connection with a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.
• With your consent: In any other circumstances where you have provided express consent

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Storage and Transfer

Our Website is hosted on servers located in Canada. However, some of our service providers (including Clerk and Stripe) may process and store data in the United States or other jurisdictions outside of Canada. Where your personal information is transferred outside of Canada, we ensure that appropriate safeguards are in place, including contractual protections, to ensure your information receives a comparable level of protection as required under PIPEDA.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Account information: Retained for the duration of your account and for a reasonable period afterward to fulfill legal obligations (typically up to 7 years for tax and financial records)
• Payment and transaction records: Retained as required by applicable tax and financial reporting laws
• Usage data: Retained in aggregated or anonymized form for analytics purposes
• Communication records: Retained for the period necessary to resolve your inquiry, plus any additional period required by law

When personal information is no longer required, it is securely destroyed, erased, or anonymized.

8. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication through Clerk with multi-factor authentication support
• PCI-DSS compliant payment processing through Stripe
• Regular security assessments and monitoring
• Access controls limiting employee access to personal information on a need-to-know basis

While we take reasonable steps to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights Under PIPEDA

Under PIPEDA, you have the following rights with respect to your personal information:

• Access: You have the right to request access to the personal information we hold about you
• Correction: You have the right to request correction of inaccurate or incomplete personal information
• Withdrawal of consent: You have the right to withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
• Complaint: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days, as required by PIPEDA.

10. Commercial Electronic Messages (CASL)

In compliance with Canada's Anti-Spam Legislation (CASL), we will only send you commercial electronic messages (such as marketing emails or newsletters) if you have provided your express consent. Each commercial message will include:

• Clear identification of Factor-Based as the sender
• Valid contact information for Factor-Based
• A simple and readily accessible unsubscribe mechanism

You may unsubscribe from commercial messages at any time by clicking the "unsubscribe" link in any email or by contacting us directly. We will process your unsubscribe request within 10 business days. Note that even after opting out of marketing communications, you will continue to receive transactional messages related to your account and subscription (e.g., billing confirmations, security alerts, and service updates).

11. Children's Privacy

Our Services are not intended for individuals under the age of 18 or the age of majority in their province or territory of residence. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly.

12. Third-Party Links

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be communicated via email to active subscribers or by posting a prominent notice on the Website. We encourage you to review this Privacy Policy periodically. The "Last Updated" date at the top of this page indicates when the most recent changes were made.

14. Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise your privacy rights, or want to file a complaint, please contact our Privacy Officer at: