1. Introduction
Orfolio (“we”, “our”, “us”) is an AI-powered website builder developed by Studio Orfolio Inc. It enables users to create and publish professional websites using artificial intelligence or ready-made templates. This Privacy Policy describes how we collect, use, store, and protect personal information in compliance with the Loi 25 du Québec and the Personal Information Protection and Electronic Documents Act (PIPEDA).
2. Information We Collect
We only collect information necessary to deliver, maintain, and improve our services.
- Project and Subscription Data — sites created, templates used, active plans, and payment history.
- Billing Information — transactions processed securely through Stripe Billing.
- Usage Data — connection logs, AI prompts, and activity in the builder.
3. Purpose of Collection
The personal information collected is used for the following purposes:
- Creating and managing your Orfolio account and workspace.
- Providing AI-based site generation, hosting, and design recommendations.
- Processing payments, invoicing, and subscription renewals.
- Offering technical support and client assistance.
- Ensuring platform performance, security, and regulatory compliance.
4. Legal Basis
We process personal data based on your informed consent and the execution of a service contract. No unnecessary data is collected or processed without a valid and explicit reason.
5. Data Hosting and Location
All personal data is hosted on Microsoft Azure Canada (Toronto Region). Azure complies with ISO 27001, SOC 2, and CSA STAR certifications, ensuring data sovereignty and legal protection under Canadian jurisdiction.
6. Security Measures
We implement robust security controls including:
- Encryption of passwords (bcrypt) and JWT tokens for authentication.
- Mandatory HTTPS connections across all domains.
- Access logs, intrusion monitoring, and secure backup policies.
- Limited personnel access under strict confidentiality agreements.
7. Data Retention
Personal data is retained only as long as necessary for service delivery. Accounts that remain inactive for 6 months and are not associated with an active subscription are securely deleted or anonymized, except where retention is required by law.
8. Rights of Access, Correction, and Deletion
In accordance with Law 25, all users have the right to:
- Access their personal data and request a copy.
- Request correction of incomplete or inaccurate information.
- Request permanent deletion (“right to be forgotten”).
- Withdraw consent at any time.
Requests can be made via email to rdpd@orfolio.com. Verification of identity may be required before processing.
9. Data Transfers Outside Quebec
Some AI features may involve processing by third-party providers such as OpenAI (GPT), Claude AI, or DeepSeek. These transfers are limited to the model chosen by the user and are governed by contractual clauses ensuring compliance with Law 25 and PIPEDA.
10. Privacy Contact and Complaints
The designated Responsible for Personal Data Protection (RPDP) ensures compliance with privacy obligations. Users may exercise their rights or file complaints by contacting:
Data Protection Officer – Studio Orfolio
Montréal, QC, Canada
Email: rdpd@orfolio.com
You may also contact the Commission d’accès à l’information du Québec (CAI) if you believe your rights under Law 25 have been infringed.