Newsletter image

Subscribe to our Newsletter

Join 10k+ people to get notified about new posts, news and updates.

Do not worry we don't spam!

Choose language

Français Français English English Español Español
Select theme:
  • Home
  • Privacy policy

Privacy policy

Effective since November 5, 2025 — Compliant with Quebec Law 25 and Canadian privacy regulations.

1. Introduction

Orfolio ("we", "our") is an AI-powered website builder developed by Studio Orfolio Inc. It enables users to create and publish professional websites using artificial intelligence or ready-made templates. This privacy policy explains how we collect, use, store, and protect personal information in compliance with Quebec Law 25 and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information we collect

We only collect the information necessary to provide, maintain, and improve our services.

  • Project and subscription data — created sites, templates used, active plans, and payment history.
  • Billing information — transactions securely processed via Stripe Billing.
  • Usage data — login logs, AI requests, and activity in the builder.

3. Purposes of collection

Personal information collected is used for the following purposes:

  • Create and manage your Orfolio account and workspace.
  • Provide AI site generation, hosting, and design recommendations.
  • Process payments, billing, and subscription renewals.
  • Provide technical support and customer assistance.
  • Ensure platform performance, security, and regulatory compliance.

4. Legal basis

We process personal data based on your informed consent and the performance of a service contract. No unnecessary data is collected or processed without valid, explicit reasons.

5. Hosting and data location

All personal data is hosted on Microsoft Azure Canada (Toronto region). Azure is compliant with ISO 27001, SOC 2, and CSA STAR certifications, ensuring data sovereignty and legal protection under Canadian jurisdiction.

6. Security measures

We implement robust security controls including:

  • Password encryption (bcrypt) and JWT tokens for authentication.
  • Mandatory HTTPS connections across all domains.
  • Access logs, intrusion monitoring, and secure backup policies.
  • Limited staff access under strict confidentiality agreements.

7. Data retention

Personal data is retained only as long as necessary to provide the service. Accounts inactive for 6 months and not linked to an active subscription are securely deleted or anonymized unless retention is required by law.

8. Rights of access, correction, and deletion

In accordance with Law 25, all users have the right to:

  • Access their personal data and request a copy.
  • Request correction of incomplete or inaccurate information.
  • Request permanent deletion (“right to be forgotten”).
  • Withdraw consent at any time.

Requests can be made by email at rdpd@orfolio.com. Identity verification may be required before processing.

9. Data transfers outside Quebec

Some AI features may involve processing by third-party providers such as OpenAI (GPT), Claude AI, or DeepSeek. These transfers are limited to the model selected by the user and governed by contractual clauses ensuring compliance with Law 25 and PIPEDA.

10. Privacy contact and complaints

The designated Personal Data Protection Officer (PDPO) ensures compliance with privacy obligations. Users can exercise their rights or file complaints by contacting:

Data Protection Officer – Studio Orfolio
Montreal, QC, Canada
Email: rdpd@orfolio.com

You may also contact the Commission d'accès à l'information du Québec (CAI) if you believe your rights under Law 25 have been violated.

Last update: November 5, 2025