This Privacy Policy governs the collection, use, and disclosure of Personal Information by ASC Creative Ltd. in connection with the MeetingGenius service. It applies to Subscribers and their Authorized Users and, where indicated, to individual residents and owners whose Personal Information is stored within the Service.

1. ABOUT THIS POLICY

ASC Creative Ltd. (“we”, “us”, “Company”) operates MeetingGenius, a software-as-a-service platform for property management and meeting administration. This Privacy Policy explains how we collect, use, store, disclose, and protect Personal Information in connection with the Service.

This Policy applies to: (a) Subscribers and their Authorized Users who register for and use the Service; and (b) individual residents and owners whose Personal Information is uploaded to the Service by a Subscriber. The Subscriber organization acts as the primary responsible party for Personal Information it collects from residents and owners; the Company acts as a service provider processing that information on the Subscriber’s behalf.

For British Columbia Subscribers, this Policy is designed to comply with the Personal Information Protection Act, S.B.C. 2003, c. 63 (“BC PIPA”). For all Subscribers, this Policy is designed to comply with the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”). Where BC PIPA and PIPEDA differ, we apply the stricter standard.

ONTARIO SUBSCRIBERS — ADDITIONAL PROVISIONS:

Ontario Subscribers: Ontario does not have a substantially-similar provincial private-sector privacy law. PIPEDA applies directly to Ontario-based Subscribers in the course of commercial activities. References to BC PIPA in this Policy do not create obligations for Ontario Subscribers beyond those imposed by PIPEDA.

2. PRIVACY OFFICER

The Company has designated a Privacy Officer responsible for overseeing compliance with this Policy and applicable privacy legislation. All privacy inquiries, access requests, correction requests, and complaints should be directed to:

Privacy Officer, ASC Creative Ltd.

Email: privacy@asccreative.com

Website: meetinggenius.ca/privacy

We will acknowledge receipt of written privacy inquiries within five (5) business days and respond substantively within thirty (30) days, or as required by applicable law.

3. WHAT PERSONAL INFORMATION WE COLLECT

3.1 Information Collected from Subscribers and Authorized Users

When a Subscriber registers for the Service or an Authorized User accesses the Service, we may collect:

Name, job title, and professional role
Business email address and telephone number
Organization name, address, and province of operation
Billing information (processed by our payment processor; we do not store full payment card numbers)
Login credentials (username and encrypted password)
IP address and device information at the time of account creation and login
Usage data, including features accessed, session duration, and interaction logs

3.2 Personal Information of Residents and Owners Uploaded by Subscribers

Subscribers may upload to the Service Personal Information relating to strata lot owners, condominium unit owners, co-operative members, and residents. This may include:

Full name and unit or lot number
Postal address, email address, and telephone number
Correspondence and communication history
Meeting attendance and voting records
Financial information such as levy contributions or arrears status

The Subscriber is responsible for ensuring it has lawfully collected this information and has obtained any required consents before uploading it to the Service. The Company processes this information solely as a service provider acting on the Subscriber’s instructions.

3.3 Information Generated Through the Service

The Service automatically generates certain records through its operation, including:

AI-assisted meeting minutes, agenda items, and task records
Audit logs of system events and user actions
Session and authentication logs

4. HOW WE USE PERSONAL INFORMATION

We use Personal Information only for the purposes for which it was collected or for consistent purposes, including:

Providing, maintaining, and improving the Service
Processing subscription payments and managing billing
Communicating with Subscribers regarding the Service, including support, updates, and policy changes
Generating AI-assisted meeting records and governance outputs on behalf of Subscribers
Complying with applicable laws, regulations, and court orders
Detecting, investigating, and preventing fraud, security incidents, and unauthorized access
Aggregating and anonymizing data for product analytics and improvement (no individual is identifiable from aggregated outputs)

We do not sell, rent, or trade Personal Information to third parties for their own marketing or commercial purposes.

5. LEGAL BASIS FOR PROCESSING

We collect and use Personal Information on the following bases:

Consent: where you have provided express consent, including by clicking ‘I Agree’ during registration or by enabling optional features such as Public LLM processing
Contractual necessity: to perform our obligations under the End User License Agreement and Subscription Agreement
Legal obligation: to comply with applicable laws, including PIPEDA, BC PIPA, the BC Strata Property Act, and the Ontario Condominium Act
Legitimate interests: for security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your privacy rights

6. DISCLOSURE OF PERSONAL INFORMATION

6.1 Service Providers

We share Personal Information with trusted third-party service providers who assist us in operating the Service, subject to contractual obligations to protect Personal Information. These include:

Cloud infrastructure provider (servers located in Canada)
Our payment processor – subject to their privacy policy)
SendGrid / Twilio (transactional email delivery)
AI inference providers where a Subscriber has elected to enable Public LLM processing (see Section 7)

A current list of our sub-processors is maintained at meetinggenius.ca/sub-processors.

6.2 Legal Disclosure

We may disclose Personal Information where required by applicable law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of the Company, its Subscribers, or the public.

6.3 Business Transfers

If the Company is involved in a merger, acquisition, or sale of all or substantially all of its assets, Personal Information may be transferred as part of that transaction. Subscribers will be notified of any such transfer and any resulting change to this Policy.

7. ARTIFICIAL INTELLIGENCE AND LLM PROCESSING

7.1 Private LLM (Default)

By default, AI-assisted features within the Service are powered by a private, self-hosted language model operating exclusively on servers located in Canada. Personal Information processed by the Private LLM does not leave our Canadian infrastructure.

7.2 Public LLM (Subscriber Election)

Subscribers may elect, through the Service’s administrative settings, to enable processing through third-party Public LLM providers such as OpenAI or Google Gemini. Where a Subscriber enables this feature:

Content including meeting agenda text, governance documents, and uploaded regulatory materials may be transmitted to third-party AI providers outside Canada
Personal Information of individual residents and owners (names, contact details, unit numbers) is never transmitted to Public LLM providers and remains on our Canadian servers at all times
The Subscriber is responsible for ensuring that enabling Public LLM processing complies with their own privacy obligations to residents and owners
We do not control the data retention or privacy practices of third-party LLM providers; Subscribers should review those providers’ policies before enabling this feature

The Subscriber’s election to enable Public LLM processing constitutes informed consent to the cross-border transfer of Content as described in this Section.

8. CANADIAN DATA HOSTING

All Personal Information and Content uploaded to the Service is stored on servers located exclusively in Canada. We do not transfer Personal Information outside Canada except: (a) where a Subscriber has explicitly enabled Public LLM processing as described in Section 7.2; or (b) where required by law.

Canada has been recognized by the European Commission as providing adequate protection for personal data under the European Union’s General Data Protection Regulation (GDPR) for organizations subject to PIPEDA. Subscribers transferring data to us from outside Canada should assess whether such transfers comply with the laws of their own jurisdiction.

9. DATA RETENTION

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable legal obligations, or as required by the End User License Agreement.

Specifically:

Subscriber account data: retained for the duration of the Subscription Term plus seven (7) years following termination, in accordance with record-keeping obligations under applicable strata and condominium legislation
Resident and owner Personal Information uploaded by Subscribers: retained for the same period as Subscriber account data
Payment records: retained for seven (7) years for tax and accounting purposes
Security and audit logs: retained for twelve (12) months

Following the applicable retention period, Personal Information is securely deleted or anonymized. Subscribers may request export of their data prior to deletion by contacting support@asccreative.com.

ONTARIO SUBSCRIBERS — ADDITIONAL PROVISIONS:

Ontario Subscribers: The Ontario Condominium Act, 1998, s. 55 and Ontario Regulation 48/01 impose specific retention obligations on condominium corporations. The Company’s seven (7)-year retention commitment satisfies or exceeds these requirements for most record categories. Ontario Subscribers remain independently responsible for ensuring compliance with all applicable retention obligations under the Ontario Condo Act.

10. SECURITY

We implement commercially reasonable technical and organizational measures to protect Personal Information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit using TLS 1.2 or higher
Encryption of data at rest
Role-based access controls limiting employee access to Personal Information
Secure authentication mechanisms including multi-factor authentication options
Periodic security assessments and monitoring

No method of electronic transmission or storage is completely secure. In the event of a Security Incident affecting your Personal Information, we will notify you as required under Section 11.

11. DATA BREACH NOTIFICATION

If we discover a Security Incident that poses a real risk of significant harm to individuals, we will:

Notify affected Subscribers in writing within seventy-two (72) hours of discovering the incident, where feasible
Provide a description of the nature of the incident, the categories of Personal Information affected, the likely consequences, and the steps taken to address it
Report the incident to the Office of the Information and Privacy Commissioner for British Columbia, the Office of the Privacy Commissioner of Canada, or other applicable regulatory authorities, as required by law

Subscribers are independently responsible for notifying affected residents and owners and fulfilling their own regulatory reporting obligations under applicable law.

12. YOUR RIGHTS

12.1 Access and Correction

Subscribers and Authorized Users may request access to the Personal Information we hold about them, and may request correction of inaccurate or incomplete information, by contacting our Privacy Officer at privacy@asccreative.com. We will respond within thirty (30) days.

For Personal Information of residents and owners held within the Service, such requests should be directed to the Subscriber organization, which is responsible for facilitating access and correction requests from its residents and owners. The Company will cooperate with Subscribers in responding to such requests.

12.2 Withdrawal of Consent

Where our processing of Personal Information is based on consent, you may withdraw consent at any time by contacting privacy@asccreative.com. Withdrawal of consent may affect your ability to use certain features of the Service.

12.3 Complaints

If you believe your privacy rights have been violated, you may make a complaint to our Privacy Officer. If your complaint is not resolved to your satisfaction, you may also contact:

Office of the Information and Privacy Commissioner for British Columbia: oipc.bc.ca
Office of the Privacy Commissioner of Canada: priv.gc.ca

ONTARIO SUBSCRIBERS — ADDITIONAL PROVISIONS:

Ontario Subscribers: Privacy complaints relating to Ontario-based organizations should be directed to the Office of the Privacy Commissioner of Canada. The OIPC BC has no jurisdiction over Ontario-based organizations. Ontario condominium corporations uncertain about their own PIPEDA obligations should seek independent legal advice.

13. COOKIES AND TRACKING TECHNOLOGIES

Our use of cookies and similar tracking technologies is described in our Cookie Policy, available at meetinggenius.ca/cookies. The Cookie Policy forms part of this Privacy Policy.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated to Subscribers by email at least thirty (30) days before taking effect. The current version of this Policy is always available at meetinggenius.ca/privacy. Your continued use of the Service after a change takes effect constitutes acceptance of the updated Policy.

15. CONTACT US

For any questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact:

Privacy Officer, ASC Creative Ltd.

Email: privacy@asccreative.com

Website: meetinggenius.ca/privacy