Privacy Policy
Effective Date: June 2, 2026 Last Updated: June 2, 2026
1. Introduction
Jacques Amzallag ("MarketingIQ", "we", "us", "our") operates the MarketingIQ software application, accessible at marketing-iq.vercel.app and at marketingiq.ca (the "Service"). MarketingIQ is a software-as-a-service platform that helps property and casualty insurance brokers in Quebec manage their marketing files, quote workflows, and client communications.
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information. It applies to the personal information of the individuals who sign up for and use MarketingIQ ("Users"), and to the personal information that Users entrust to us about the natural persons in their books of business (the "Broker Clients" of those Users).
This Privacy Policy is governed by:
- The Act respecting the protection of personal information in the private sector (Quebec, also known as "Law 25" or "Loi 25"); and
- The Personal Information Protection and Electronic Documents Act (Canada, "PIPEDA"), where applicable.
If any provision of this Privacy Policy is inconsistent with applicable law, the law prevails.
2. Person in Charge of Personal Information Protection
In accordance with Law 25, we have designated a person responsible for the protection of personal information (sometimes called the Privacy Officer or Data Protection Officer):
- Name: Jacques Amzallag
- Title: Person in Charge of Personal Information Protection
- Email: privacy@marketingiq.ca
- Mailing address: 4001 Crémazie East, unit 100, Montréal, Québec, H1Z 2L2, Canada
You may contact this person at any time to exercise the rights described in section 9 below, to ask a question about this Privacy Policy, or to file a complaint about how we handle personal information.
3. The Two Roles in Our Service
MarketingIQ acts in two distinct roles depending on whose personal information is involved:
3.1 We are a controller of Users' personal information. When you sign up for MarketingIQ as an insurance broker or a member of a brokerage team, we directly collect personal information about you (your name, email, login credentials, billing information, usage data). We determine how and why we collect and use that information. We are responsible for it.
3.2 We are a service provider ("mandataire") for Broker Clients' personal information. When you, as a User, upload or enter information about your own clients — names, contact details, vehicles insured, business operations, claims history, and any other personal information relevant to a marketing file — you are the controller of that information under Law 25, and we process it on your behalf. We follow your instructions and process that information only to provide the Service to you.
Our obligations to Broker Clients are different from our obligations to Users. The Broker Client's primary relationship is with the brokerage that collected their information. If you are a Broker Client and want to exercise rights over information held about you, contact the brokerage that serves you first.
4. Information We Collect
4.1 Information you provide directly when you sign up and use the Service
- Account information: first name, last name, email address, hashed password.
- Workspace information: workspace name, plan tier, billing information (handled by our payment processor — see section 6), preferred language.
- Profile information: any optional fields you choose to fill in (job title, phone, preferred display name).
4.2 Information about Broker Clients that Users upload
When you use MarketingIQ to manage your insurance marketing files, you upload personal information about your own clients and prospects, which may include:
- Names, contact information (email, phone, address), language preferences.
- Business names and operational details (for commercial clients).
- Coverage requirements, claims history, prior insurer information.
- Quotes received from insurers and binding outcomes.
- Notes you write about the client and their file.
We do not collect this information directly from your clients; you provide it to us on their behalf as their broker.
4.3 Information we collect automatically
- Technical data: IP address, browser type, device type, operating system, time zone, language preference.
- Usage data: pages visited, features used, timestamps of actions, frequency and duration of sessions.
- Cookies and similar technologies: see our separate Cookie Policy at /legal/cookies.
4.4 Information from third parties
If you sign in using a third-party identity provider (currently we do not support this, but may in the future), we receive your name, email, and a verified-account marker from that provider.
5. Why We Collect Your Information (Purposes)
We collect, use, and process personal information only for the following purposes:
5.1 To provide and operate the Service. Creating and maintaining your account, hosting your workspace data, processing your marketing files, sending invitations to teammates, and enabling AI-powered features for paid plans.
5.2 To bill you for paid plans. Processing payments via our payment processor, issuing receipts, managing subscriptions and renewals.
5.3 To communicate with you about the Service. Sending transactional emails (invitation links, password reset, security alerts, billing receipts, breach notifications). We do not send marketing emails unless you have opted in.
5.4 To provide customer support. Responding to your questions, troubleshooting issues, and improving our support over time.
5.5 To improve the Service. Analyzing aggregated and de-identified usage patterns to understand what features work, what doesn't, and what to build next. We do not analyze the content of your marketing files for product-improvement purposes; only de-identified usage signals (button clicks, page views, error rates).
5.6 To comply with legal obligations. Including responding to lawful government requests, complying with tax and accounting laws, and meeting our obligations under Law 25 and other privacy laws.
5.7 To detect, prevent, and respond to abuse. Including detecting fraudulent accounts, abuse of the Service, and breaches of our Terms of Service.
We do not use Users' or Broker Clients' personal information for any other purpose without your prior consent.
6. How We Share Your Information
We do not sell personal information. We share personal information only in the following circumstances:
6.1 With service providers (sub-processors). We use third-party services to operate MarketingIQ. Each sub-processor has signed a Data Processing Agreement with us and is bound by contractual obligations to protect personal information. A complete and current list of our sub-processors is available at /legal/subprocessors.
6.2 With other members of your workspace. If you are a User, other Users who are members of your workspace may see the data within that workspace, scoped by their role (owner, member). You control who you invite.
6.3 With your insurers and other parties at your direction. If you use MarketingIQ to communicate with an insurer (for example, by attaching a quote request as a PDF), the personal information you choose to include in that communication is shared with that insurer at your direction.
6.4 With law enforcement and regulators. Only when required by a valid legal process (subpoena, court order, regulatory demand). We will notify you of any such request unless legally prohibited from doing so.
6.5 In connection with a business transfer. If MarketingIQ is acquired, merged, or sold (in whole or in part), personal information may be transferred as part of that transaction. We will notify you in advance of any such transfer, and you will have the option to delete your account before the transfer takes effect.
7. Cross-Border Transfers
Some of our sub-processors are located outside Quebec. In particular:
- Anthropic, PBC (United States) — provides the AI inference that powers AI features.
- Vercel, Inc. (United States) — hosts the application runtime.
- Resend, Inc. (United States) — sends transactional emails on our behalf.
- Supabase, Inc. (United States parent; data physically stored in Canada at the Montreal AWS region "ca-central-1") — hosts our database.
In accordance with Law 25 section 17, before transferring personal information outside Quebec, we conduct a Privacy Impact Assessment (also known as a Transfer Impact Assessment) for each cross-border transfer. The assessment evaluates:
- The sensitivity of the information;
- The purposes for which it is to be used;
- The protection measures, including contractual ones, that would apply to it;
- The legal framework applicable in the receiving jurisdiction, including the protection of personal information.
Our assessments concluded that the information transferred receives an adequate level of protection. Each receiving sub-processor has signed a Data Processing Agreement with us that imposes contractual safeguards including encryption in transit and at rest, breach notification, restricted access, and prohibitions on using the data for the sub-processor's own purposes.
You may request a summary of our Transfer Impact Assessments by emailing privacy@marketingiq.ca.
8. How Long We Keep Your Information
We retain personal information only as long as is necessary for the purposes described in this Policy, plus any period required by law.
| Category | Retention period |
|---|---|
| Account information (Users) | While your account is active, plus 30 days after deletion request |
| Marketing file information (Broker Clients) | While the workspace is active, plus a configurable retention period (default 7 years) set by the User in accordance with their insurance regulatory recordkeeping obligations |
| Billing records | 7 years from the date of the transaction (Quebec and Canadian tax law) |
| Activity logs | 2 years |
| Backups | Purged within 90 days of the deletion of the primary record |
| AI inference logs (with our sub-processor) | 30 days (default), reducing to zero data retention once we qualify for Anthropic's Zero Data Retention agreement |
After the applicable retention period, information is securely deleted or irreversibly anonymized.
9. Your Rights Under Law 25
If you are a User, you have the following rights with respect to personal information about you that we hold:
9.1 Right to be informed. You have the right to know what personal information we hold about you, where we got it, how it is used, who it has been shared with, and how long it is retained. This Privacy Policy is part of how we exercise this obligation.
9.2 Right of access. You have the right to obtain a copy of the personal information we hold about you.
9.3 Right to rectification. You have the right to have inaccurate, incomplete, or ambiguous personal information about you corrected.
9.4 Right to deletion ("right to be forgotten"). You have the right to request the deletion of personal information about you that we hold, subject to legal retention obligations.
9.5 Right to withdraw consent. Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
9.6 Right to data portability (effective September 2024 under Law 25). You have the right to receive personal information about you in a structured, commonly used, machine-readable format, and to have us transmit that information to another party of your choosing, when technically feasible. MarketingIQ provides a workspace export feature that allows you to download all the data in your workspace as a single JSON file.
9.7 Right concerning automated decisions. Where we make a decision about you based exclusively on automated processing of your personal information, you have the right to be informed of that fact, to obtain the principal factors and parameters of the decision, and to have your observations taken into account by a person able to review the decision. MarketingIQ does not currently make any decisions about you based exclusively on automated processing.
9.8 Right to deindexing. You have the right, in certain circumstances, to require us to cease disseminating personal information about you or to deindex any link attached to your name that provides access to personal information by a technological means. This right is most relevant to publishers of online content; MarketingIQ does not generally publish content about Users.
9.9 How to exercise your rights. To exercise any of these rights, contact our Privacy Officer at privacy@marketingiq.ca or use the privacy request form at /contact/privacy. We will respond within 30 days. We may need to verify your identity before responding, to protect your personal information from improper disclosure.
There is no charge for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
If you are dissatisfied with our response, you have the right to file a complaint with the Commission d'accès à l'information du Québec (see section 14).
10. AI Features
We offer optional AI-powered features in paid plans (the "AI Features"). When you use an AI Feature, the information you submit to that feature is sent to our AI sub-processor, Anthropic, for inference and is returned as an AI-generated response.
We disclose the following with respect to the AI Features:
- AI is used to: parse uploaded insurance quotes and applications, compare quotes side-by-side, generate summaries of client files, and narrate analytics dashboards.
- AI does not make decisions about you or your clients. AI Features produce outputs that you review and decide whether to act upon.
- Anthropic does not train its models on our customer data. Under our Data Processing Agreement with Anthropic, our inputs and outputs are not used to train or fine-tune any AI model.
- Inference logs. By default, Anthropic retains API inference logs for up to 30 days for abuse-detection purposes. We are working toward a Zero Data Retention agreement with Anthropic that will reduce this to zero.
- You may opt out of AI Features at any time by disabling them in your workspace settings.
11. Cookies and Similar Technologies
We use a small number of strictly necessary cookies to operate the Service (authentication, language preference, active workspace selection). We do not use third-party analytics or advertising cookies by default. For full details, see our Cookie Policy at /legal/cookies.
12. Security Measures
We implement reasonable technical, administrative, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. These include:
- Encryption in transit (TLS 1.2 or higher) for all data exchanged with the Service.
- Encryption at rest for all data stored in our database and backups.
- Role-based access controls within the Service (owner / member roles per workspace).
- Audit logging of significant actions within the Service.
- Restricted administrative access to the production environment, requiring multi-factor authentication.
- Periodic review of access by sub-processors.
In the event of a confidentiality incident (data breach), we will notify the Commission d'accès à l'information du Québec and affected individuals in accordance with section 3.5 of Law 25, where the incident presents a risk of serious injury.
13. Children's Privacy
The Service is intended for use by insurance professionals in a business context and is not directed to children. We do not knowingly collect personal information from individuals under 14 years of age (the age of consent for personal information in Quebec). If you become aware that we have inadvertently collected personal information from a child, please notify us and we will delete it.
Note that Broker Clients may include children if they are named on a household policy. Such information is uploaded by you as the User; you are the controller of that information and are responsible for any required parental consent.
14. Filing a Complaint
If you believe we have violated this Privacy Policy or applicable privacy law, please contact our Privacy Officer first at privacy@marketingiq.ca. We will investigate and respond.
If you are not satisfied with our response, you may file a complaint with the Quebec privacy commissioner:
Commission d'accès à l'information du Québec 525, boulevard René-Lévesque Est, 2e étage, bureau 2.36 Québec (Québec) G1R 5S9 Telephone: 418 528-7741 (Quebec City) / 514 873-4196 (Montreal) Toll-free: 1 888 528-7741 Website: https://www.cai.gouv.qc.ca
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email or by a banner in the Service at least 30 days before the change takes effect, and we will update the "Last Updated" date at the top of this Policy. Your continued use of the Service after the effective date of a change constitutes acceptance of the updated Policy.
16. Contact
Questions about this Privacy Policy, requests to exercise privacy rights, or other privacy-related communications:
- Email: privacy@marketingiq.ca
- Mailing address: 4001 Crémazie East, unit 100, Montréal, Québec, H1Z 2L2, Canada
- Privacy request form: /contact/privacy
For general questions about MarketingIQ that are not privacy-related, contact support@marketingiq.ca.
This Privacy Policy was last updated on June 2, 2026. Previous versions of this Privacy Policy are available on request.