HomeHR AI ServicesFree ToolsBlogBook a Call →
Legal

Privacy Policy

Last updated: March 2026 · AskHill.fyi · Toronto, Ontario, Canada

PRIVACY POLICY

Version 1.0 | Effective Date: [INSERT DATE] | Last Updated: [INSERT DATE]

1. Who We Are and What This Policy Covers

AskHill.fyi is operated by [LEGAL ENTITY NAME], a company incorporated under the laws of [Ontario / Canada], with its principal place of business in Toronto, Ontario, Canada (\"AskHill.fyi\", \"we\", \"us\", or \"our\").

This Privacy Policy governs the collection, use, disclosure, and protection of personal information in connection with:

  • The AskHill.fyi website located at askhill.fyi and any subdomains thereof;
  • The free recruitment tools available on the platform (Boolean Generator, JD Compliance Checker, PTO Calculator, and all other tools listed at askhill.fyi/tools);
  • The paid subscription tiers (Solo and Team plans) for the AskHill.fyi recruitment platform;
  • Custom AI consulting engagements, including the CBA Intelligence Platform, Employee Relations Chatbot, and Hiring Process Audit and Redesign services;
  • Any communications, support interactions, discovery calls, or consulting intake processes conducted by or on behalf of AskHill.fyi.

    • By accessing or using any part of the Platform or Services, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. If you do not agree, you must not use the Platform or Services.

    Our plain-language commitment: We collect the minimum information necessary to deliver our services. We do not sell personal information. We do not use your documents to train general AI models. Every piece of information we hold exists to serve you, and you have the right to know what it is, correct it, and ask us to delete it.

    2. Information We Collect

    2.1 Information You Provide Directly

    We collect information you actively provide to us when you:

    Create an account or register

  • Full name and professional title
  • Work email address
  • Organization name and province or territory of operation
  • Industry sector (for compliance purposes and service customization)
  • Password (stored in hashed, salted form -- we never store plain-text passwords)

    • Subscribe to a paid plan

  • Billing contact name and email
  • Payment card information (processed exclusively by our payment processor, Stripe Inc.; we do not store full card numbers, CVV codes, or raw payment data on our systems)
  • Organization billing address (required for HST purposes)

    • Engage us for consulting services

  • Organization documents you upload or transmit to us, including collective bargaining agreements, letters of understanding, HR policy documents, employee handbooks, and benefits summaries
  • Information shared during discovery calls, intake forms, and onboarding sessions
  • Contact details for stakeholders at your organization who will participate in the engagement
  • Notes and correspondence relating to the engagement scope and deliverables

    • Contact us or request support

  • Name, email, and any information you include in your message
  • Support ticket content and attachments
  • Call or video meeting notes (with your knowledge)

    • 2.2 Information Collected Automatically

    When you access the Platform, our systems and third-party service providers automatically collect certain technical data:

  • IP address and derived approximate geographic location (country and province level only)
  • Browser type, version, and operating system
  • Device type and screen resolution
  • Pages visited, features accessed, and time spent on each
  • Referring URL and exit pages
  • Tool usage data, including which tools were used, how often, and session duration
  • Error logs and performance metrics

    • This information is collected to maintain and improve the Platform, identify technical issues, and understand how our tools are being used in aggregate. It is not used to build individual profiles for advertising purposes.

    2.3 Cookies and Similar Technologies

    We use cookies and similar tracking technologies on the Platform. These fall into three categories:

  • Essential cookies: Required for the Platform to function. They enable session management, authentication state, and security features. These cannot be disabled without breaking core functionality.
  • Analytics cookies: Help us understand usage patterns in aggregate. We use privacy-respecting analytics tools configured to anonymize IP addresses and not share individual data with third parties for advertising. You may opt out of analytics cookies through our cookie preference centre.
  • Functional cookies: Remember your preferences, such as language settings and tool configuration. Disabling these may reduce the quality of your experience.

    • We do not use advertising cookies, retargeting cookies, or any tracking technology designed to follow you across third-party websites for marketing purposes.

    You may manage cookie preferences through the cookie preference centre accessible in the Platform footer, or through your browser settings. Note that certain browsers\' Do Not Track signals are not universally honoured by third-party service providers; we disclose this transparently rather than make representations we cannot enforce.

    2.4 Information from Third Parties

    We receive limited information from the following third-party services:

  • Calendly: When you book a discovery call or onboarding session through our Calendly booking link, we receive your name, email address, and any information you include in the booking form. Calendly\'s privacy policy governs its own data practices.
  • Stripe: Our payment processor provides us with a tokenized representation of your payment method and confirmation of successful or failed transactions. Stripe\'s privacy policy and PCI DSS compliance standards govern how it handles your full payment data.
  • Email service provider: When you subscribe to communications or when we send transactional emails, our email delivery provider processes your email address and delivery metadata.

    • 3. How We Use Your Information

    We use personal information only for the purposes for which it was collected or for purposes consistent with those purposes, as required by PIPEDA. Specifically:

    Delivering the Platform and Services

  • Creating and maintaining your account
  • Processing your subscription and providing access to paid features
  • Delivering consulting engagement services, including building and operating your custom AI tool
  • Providing customer support and responding to inquiries

    • Operating and improving the Platform

  • Monitoring platform performance, identifying bugs, and preventing outages
  • Analyzing usage patterns in aggregate and de-identified form to improve tool design and feature prioritization
  • Conducting security monitoring to detect unauthorized access or abuse

    • Billing and administration

  • Processing payments and issuing receipts
  • Managing subscription renewals, upgrades, downgrades, and cancellations
  • Maintaining financial records as required by the Canada Revenue Agency (minimum 7 years)

    • Communications

  • Sending transactional emails necessary to deliver the service (account confirmation, password reset, subscription confirmations, billing receipts)
  • Sending service-related announcements, including material changes to these policies or to the Platform
  • Sending marketing and product update communications only where you have provided express opt-in consent; you may withdraw this consent at any time through the unsubscribe link in any such communication or by contacting us at privacy@askhill.fyi

    • Legal and compliance purposes

  • Meeting our obligations under PIPEDA, the Income Tax Act, HST remittance requirements, and other applicable Canadian law
  • Responding to valid legal process, court orders, or regulatory inquiries
  • Protecting the rights, property, and safety of AskHill.fyi, our clients, and the public

    • We do not use your personal information to make automated decisions that have legal or similarly significant effects on you without human review and an opportunity to contest the decision.

    4. PIPEDA Compliance: The Ten Fair Information Principles

    PIPEDA requires organizations to adhere to ten fair information principles. The following sets out how AskHill.fyi applies each principle:

    5. How We Use AI and How We Handle Your Documents

    5.1 Your Documents Are Yours

    When you provide AskHill.fyi with organizational documents for the purpose of building a custom AI tool -- including collective bargaining agreements, letters of understanding, HR policy documents, employee handbooks, or any other materials -- those documents remain your property at all times.

    We hold your documents as a data processor acting on your instructions. We do not claim any intellectual property rights over your documents.

    5.2 Document Isolation: Your Data Is Not Shared

    Each consulting client deployment is fully isolated. Your documents are used exclusively to build and operate your specific AI tool instance. They are not:

  • Shared with any other AskHill.fyi client or user
  • Used to train, fine-tune, or improve any general-purpose AI model
  • Incorporated into any shared knowledge base or platform-level dataset
  • Retained by AskHill.fyi for any purpose after your engagement concludes, beyond the retention periods set out in Section 7

    • The underlying AI infrastructure and model architecture used to power client tools belongs to AskHill.fyi and its technology providers. Your documents are inputs to your specific deployment only.

    5.3 AI Output Limitations and Human Review

    AI-generated outputs on the AskHill.fyi Platform, including but not limited to CBA interpretations, grievance risk scores, policy Q&A responses, recruitment tool outputs, and compliance assessments, carry inherent limitations:

  • AI outputs are generated based on patterns in training data and may contain errors, omissions, or misinterpretations
  • AI outputs do not account for all factual circumstances, contextual nuances, or recent legal developments not present in the training data
  • AI outputs in the context of collective bargaining agreements reflect the text of the agreement as ingested and do not substitute for the judgment of a qualified labour relations professional
  • AI outputs in the context of HR policies reflect the policies as ingested and may not account for amendments, verbal agreements, or organizational practices not reflected in the written policies

    • For any decision with material legal, financial, employment, or human rights consequences, AI outputs must be reviewed and validated by a qualified professional before the decision is taken. AskHill.fyi expressly disclaims all responsibility for outcomes arising from reliance on AI outputs without appropriate professional review.

    5.4 Audit Logging

    Questions asked of and responses generated by the CBA Intelligence Platform and Employee Relations Chatbot are logged for quality assurance, security monitoring, and the analytics features disclosed to clients as part of the service. Logs are retained for the duration of the engagement plus 12 months, after which they are deleted. Clients may request deletion of logs at any time by contacting privacy@askhill.fyi.

    6. How We Share and Disclose Information

    6.1 Service Providers (Sub-Processors)

    We share personal information with a limited number of third-party service providers who assist us in operating the Platform and delivering Services. These providers access personal information only to the extent necessary to perform their functions and are contractually bound to:

  • Process personal information only on our documented instructions
  • Implement appropriate security measures
  • Not disclose or use personal information for their own purposes
  • Delete or return personal information upon termination of their engagement

    • Current categories of sub-processors include: cloud hosting and infrastructure providers; payment processing (Stripe Inc.); email delivery services; analytics services (configured for privacy-respecting, anonymized use); video conferencing for discovery and onboarding calls; and customer support tooling.

    A current list of named sub-processors is available upon written request to privacy@askhill.fyi. We will notify you of material changes to this list with reasonable advance notice.

    6.2 Legal Requirements

    We may disclose personal information without your consent where required or authorized by law, including:

  • In response to a valid court order, subpoena, search warrant, or other legally compelled process
  • To comply with a legal obligation under Canadian federal or provincial law
  • To a government institution or law enforcement agency that has identified its lawful authority to obtain the information
  • Where we have reasonable grounds to believe the information relates to a breach of law that has been, is being, or is about to be committed
  • To prevent or investigate fraud, threat of harm to a person, or other emergency circumstance

    • Where we are legally permitted to do so, we will notify you before disclosing your personal information in response to legal process. Where prohibited from doing so, we will provide notice as soon as the prohibition is lifted.

    6.3 Business Transfers

    If AskHill.fyi is involved in a merger, acquisition, asset sale, restructuring, or similar transaction, personal information held by us may be transferred to the acquiring or successor entity as part of that transaction. In such circumstances, we will:

  • Provide you with notice of the transaction and the identity of the acquiring entity prior to transfer where reasonably practicable
  • Require the acquiring entity to honour the commitments in this Privacy Policy or provide you with notice of any material changes and the opportunity to withdraw consent before those changes take effect

    • 6.4 What We Will Never Do

  • Sell or license your personal information to data brokers, advertisers, or marketers
  • Share client consulting documents with any other client
  • Provide your information to third parties for their own marketing purposes
  • Disclose your information to foreign governments except where required by valid Canadian legal process

    • 7. Data Retention

    We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. The following retention schedule applies:

    You may request early deletion of your personal information at any time by contacting privacy@askhill.fyi. We will respond within thirty (30) days and will delete or de-identify your information except where retention is required by law or is necessary to resolve an outstanding dispute or enforce an agreement.

    8. Your Rights Under PIPEDA

    As an individual whose personal information is held by AskHill.fyi, you have the following rights:

    Right to Access

    You have the right to request access to the personal information we hold about you, information about the purposes for which it has been used, and information about any third parties to whom it has been disclosed. We will respond to access requests within thirty (30) calendar days of receipt, or notify you if additional time is required.

    Right to Correction

    If you believe personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct it. Where we decline to make a requested correction, we will provide written reasons and note your objection in the file.

    Right to Withdraw Consent

    You may withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide some or all Services to you. We will explain the implications before processing your withdrawal.

    Right to Deletion

    Subject to our legal retention obligations, you may request that we delete personal information we hold about you. We will process deletion requests within thirty (30) days except where retention is required by law.

    How to Exercise Your Rights

    Submit a written request to our Privacy Officer at privacy@askhill.fyi. We may ask you to verify your identity before processing your request. There is no fee for the first access request in any 12-month period. If your request is complex or numerous, we will provide an estimate of any fee before proceeding.

    Right to Complain

    If you are not satisfied with our response to a privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

  • Website: priv.gc.ca
  • Phone: 1-800-282-1376
  • Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

    • 9. Security

    9.1 Technical Safeguards

  • All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
  • Data stored on our servers is encrypted at rest using AES-256 or equivalent
  • Access to systems containing personal information is controlled by role-based access management and multi-factor authentication
  • Production systems are logically separated from development and testing environments
  • Regular security vulnerability assessments and penetration testing are conducted
  • AI model inputs and outputs are transmitted over encrypted channels

    • 9.2 Organizational Safeguards

  • All staff and contractors with access to personal information are bound by written confidentiality agreements
  • Access to personal information is restricted on a need-to-know basis
  • Staff receive privacy and security training upon engagement and annually thereafter
  • A data breach response plan is maintained and tested periodically

    • 9.3 Breach Notification

    In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm to individuals, AskHill.fyi will, as required by PIPEDA:

  • Notify affected individuals as soon as feasible after determining a reportable breach has occurred
  • Report the breach to the Office of the Privacy Commissioner of Canada
  • Maintain a record of all breaches of security safeguards, whether or not reportable

    • If you suspect that your account has been compromised or that your personal information has been subject to unauthorized access, contact us immediately at privacy@askhill.fyi.

    10. Cross-Border Data Transfers

    AskHill.fyi is a Canadian company and prefers to store and process personal information on servers located in Canada. However, some of our third-party service providers process data on servers located in the United States or other jurisdictions outside Canada.

    Where personal information is transferred outside Canada, we implement contractual safeguards to ensure it receives a comparable level of protection to that required under PIPEDA. However, we note transparently that personal information transferred to foreign jurisdictions may be subject to the laws of those jurisdictions, including laws that may permit access by foreign courts, law enforcement, or government authorities.

    If you wish to know which of our sub-processors process data outside Canada, you may request this information from privacy@askhill.fyi.

    11. Children\'s Privacy

    The AskHill.fyi Platform is intended for use by adults in a professional capacity, specifically HR professionals, labour relations practitioners, talent acquisition professionals, and organizational decision-makers. The Platform is not directed at, and we do not knowingly collect personal information from, individuals under the age of 18.

    If we become aware that we have inadvertently collected personal information from a person under 18, we will take reasonable steps to delete it promptly. If you believe we have collected information from a minor, contact us at privacy@askhill.fyi.

    12. Quebec Privacy Law (Law 25)

    For individuals in Quebec, the Act respecting the protection of personal information in the private sector, as amended by Law 25 (Bill 64), applies additional requirements. In particular:

  • You have the right to data portability: to receive personal information you have provided to us in a structured, commonly used, technological format
  • You have the right to de-indexation: to request that hyperlinks providing access to information that would cause harm to your reputation or privacy be de-indexed
  • AskHill.fyi is required to conduct privacy impact assessments for projects involving personal information, including AI tool implementations
  • Automated decision-making that could have significant impacts on you requires disclosure of your right to human review

    • Quebec residents may direct requests related to these additional rights to privacy@askhill.fyi.

    13. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the nature of our Services. We distinguish between material and non-material changes:

  • Material changes -- changes that affect your rights, the purposes for which we use your information, or the parties with whom we share it -- will be communicated by email to registered users at least 30 days before they take effect, and by prominent notice on the Platform. Your continued use of the Platform after the effective date constitutes acceptance of the revised policy. If you do not agree to material changes, you may close your account before the effective date.
  • Non-material changes -- such as clarifications of existing language, corrections of typographical errors, or administrative updates -- will be reflected in an updated document with a revised \"Last Updated\" date. We will not provide advance notice of non-material changes.

    • Prior versions of this Privacy Policy are archived and available upon request.

    14. Contact and Complaints

    If you have a concern about how we have handled your personal information and are not satisfied with our response, you may file a complaint with:

    Quebec residents may also file complaints with the Commission d\'acces a l\'information du Quebec at cai.gouv.qc.ca.

    AskHill.fyi Privacy Policy -- Version 1.0 -- [INSERT EFFECTIVE DATE]

    This document should be reviewed by a qualified Ontario technology and privacy lawyer before publication.

    Not legal advice. AskHill.fyi is not a law firm.