Privacy Policy
Last updated: January 8, 2025
The Private List Inc. ("Company," "we," "us," or "our") operates The Private List platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile applications, and services (collectively, the "Platform").
1. Introduction
We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy applies to all users of our Platform, including investors, company representatives, and visitors.
By using our Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian Anti-Spam Legislation (CASL), and other applicable privacy laws.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Email address
- Authentication data (session tokens, OAuth provider data if using social login)
2.2 Investor Profile Information
If you register as an investor, we collect:
| Information | Purpose |
|---|---|
| Full name | Identification and event communications |
| Phone number | Event coordination and communications |
| Investor type | Qualification and event matching |
| Firm/Organization name | Professional verification |
| Job title | Professional verification |
| Assets under management (AUM) | Accreditation qualification |
| Investment preferences | Event and company matching |
| Accredited investor status | Legal compliance |
| LinkedIn profile (optional) | Professional verification |
2.3 Company Information
If you register a company, we collect:
- Company name, type (public/private), and industry
- Company description and website URL
- Company logo
- For private companies: funding stage, amount seeking
- For public companies: stock exchange, ticker symbol, market capitalization
2.4 Company Representative Information
For company representatives, we collect:
- Full name and job title
- Email address and phone number
- LinkedIn profile (optional)
2.5 Event Registration Data
When you register for events, we collect:
- Registration status and timestamps
- Confirmation status and timestamps
- Waitlist position (if applicable)
- Attendance records
2.6 Technical and Device Information
We automatically collect:
- IP address
- Browser type and version
- Device type and operating system
- Device tokens for push notifications (mobile app only)
- Usage data and interaction logs
2.7 Communications
We collect information from your communications with us, including emails, contact form submissions, and support requests.
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Account Management
- Create and manage your account
- Authenticate your identity
- Process your applications (investor or company)
3.2 Event Services
- Process event registrations and confirmations
- Manage waitlists and attendance
- Send event reminders and updates
- Coordinate event logistics
3.3 Communications
- Send transactional emails (registration confirmations, reminders)
- Respond to your inquiries and support requests
- Send push notifications (with your consent)
- Notify you of new events and opportunities
3.4 Platform Improvement
- Analyze usage patterns to improve our services
- Debug and fix technical issues
- Develop new features and functionality
3.5 Legal and Compliance
- Verify accredited investor status
- Comply with applicable laws and regulations
- Enforce our Terms of Use
- Protect against fraud and unauthorized access
4. Information Sharing
We do not sell your personal information. We may share your information in the following circumstances:
4.1 With Presenting Companies
When you register for an event, your investor profile information may be shared with the companies presenting at that event. This enables meaningful connections between investors and companies. You consent to this sharing when you register for an event.
4.2 Service Providers
We work with trusted service providers who assist us in operating the Platform:
- Hosting providers: To store and serve our Platform
- Email services: To send transactional and notification emails
- Push notification services: To deliver mobile notifications (Apple Push Notification service)
- Analytics providers: To understand Platform usage
These providers are contractually obligated to protect your information and may only use it for the services they provide to us.
4.3 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes or government requests
- Enforce our Terms of Use
- Protect the rights, property, or safety of our users or others
- Detect and prevent fraud or security issues
4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
5. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations
- Resolve disputes and enforce agreements
Retention Periods
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 3 years |
| Event attendance records | 5 years |
| Transaction records | 7 years (legal requirement) |
| Analytics data | 2 years (aggregated thereafter) |
| Device tokens | Until logout or app uninstall |
| Session data | 30 days of inactivity |
When you delete your account, we will delete or anonymize your personal information, except where retention is required by law or for legitimate business purposes.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
Technical Safeguards
- HTTPS encryption for all data in transit
- Encryption of sensitive data at rest
- Secure session management and authentication
- Regular security assessments and updates
- Rate limiting and intrusion detection
Organizational Measures
- Role-based access control for employees
- Employee training on data protection
- Incident response procedures
- Regular review of security practices
Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach.
7. Your Rights
You have the following rights regarding your personal information:
7.1 Access
You can request a copy of the personal information we hold about you. You can also view and update much of your information through your account dashboard.
7.2 Correction
You can request correction of inaccurate or incomplete information. You can update your profile information directly through the Platform.
7.3 Deletion
You can request deletion of your account and personal information. Note that some information may be retained as required by law or for legitimate business purposes.
7.4 Opt-Out
You can opt out of:
- Marketing communications (unsubscribe link in emails)
- Push notifications (through device settings or app)
Note: You cannot opt out of transactional communications necessary for your account or event registrations.
7.5 Data Portability
You can request a copy of your data in a structured, commonly used format for transfer to another service.
7.6 Withdraw Consent
Where we process your information based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.
To exercise any of these rights, please contact us at privacy@theprivatelist.io. We will respond to your request within 30 days.
9. Push Notifications
If you use our mobile application, you may opt in to receive push notifications. When enabled, we collect:
- Device token: A unique identifier provided by Apple Push Notification service (APNs) to deliver notifications to your device
- Device ID: To identify your specific device
- Platform type: iOS or Android
Types of Push Notifications
- Event confirmation reminders (48 hours before events)
- Day-of event reminders
- Registration confirmations
- Waitlist promotions
- Account status updates
- New company listings (for investors)
Managing Push Notifications
You can disable push notifications at any time through your device settings or by logging out of the mobile app. When you disable notifications or uninstall the app, we deactivate your device token.
10. Children's Privacy
Our Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@theprivatelist.io, and we will take steps to delete such information.
11. International Transfers
Your information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers and service providers are located.
When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information, including contractual obligations on our service providers.
12. Policy Updates
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last updated" date at the top of this policy
- We will notify registered users via email for significant changes
- We may display a notice on the Platform
Your continued use of the Platform after any changes indicates your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
For general inquiries, you may also contact us at hello@theprivatelist.io or through our Contact page.