Privacy Policy

Node Ventures Inc. ("Node Ventures", "we", "us", "our") is committed to protecting the privacy of individuals who interact with the Node Ventures Portal (the "Portal"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

By using the Portal, you consent to the practices described in this policy.

We collect personal information that you voluntarily provide, including:

• Account information: name, email address, and authentication credentials.
• Expert profile data: professional title, bio, LinkedIn URL, expertise tags, availability, hourly rate, profile photo, and CV/résumé.
• Usage data: pages visited, actions taken within the Portal, and browser/device information collected through standard server logs.
• Communications: messages you send to us or through the Portal.

We do not knowingly collect personal information from individuals under 18 years of age.

We use personal information to:

• Create and manage your account.
• Process expert verification applications and facilitate matching.
• Track expert contributions and calculate credits (Phase 2 onwards).
• Provide investor portfolio visibility to authorised investors.
• Send transactional emails (verification status updates, interview booking confirmations, and similar operational notices).
• Improve Portal functionality and user experience.
• Meet legal and regulatory obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

The Portal uses the following third-party services, each of which has its own privacy policy:

• Google Firebase Authentication — for account creation and sign-in. See Firebase Privacy.
• Google Cloud Storage — for secure storage of uploaded documents (profile photos, CVs, and deal-room files). Data is stored in Canada where available.
• Google Cloud SQL — for structured data storage.
• Resend — for transactional email delivery. See Resend Privacy.

We enter into data processing agreements with these providers as required and take reasonable steps to ensure they maintain appropriate safeguards.

Your data is stored on servers located in Google Cloud infrastructure, with a preferred region of Canada (northamerica-northeast2). We implement industry-standard security measures including:

• Encrypted data in transit (TLS) and at rest.
• Role-based access controls limiting who can access personal data.
• Short-lived signed URLs for document access (documents are not publicly accessible).
• Audit logs for sensitive actions.

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to using commercially reasonable measures to protect your information.

Documents you upload (profile photos, CVs, and future deal-room files) are stored in Google Cloud Storage under a private, access-controlled namespace. Access requires a short-lived signed URL generated by our servers after verifying your authorisation. Documents are never publicly accessible.

Under PIPEDA, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw consent, subject to legal or contractual restrictions.
• Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

The Portal uses a single session cookie (nvp_session) to maintain your authenticated session. This cookie is HttpOnly, Secure, and SameSite=Lax. We do not use advertising cookies, third-party trackers, or analytics cookies beyond standard server-side request logs.

We retain your personal information for as long as your account is active or as needed to fulfil the purposes described in this policy. When you request account deletion, we will remove or anonymise your data within 30 days, except where retention is required by law or legitimate business need (e.g., financial records, audit logs).

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the Portal. The effective date at the top of this page reflects when the current version took effect.

For privacy-related inquiries, requests, or complaints, contact our Privacy Officer:

You may also view our Terms of Use.