GDPR Compliance Statement

Last updated: June 25, 2026

Our Commitment

While brave sequoia operates primarily in Canada, we recognize that some visitors and clients may be protected under the European Union's General Data Protection Regulation. We are committed to respecting the privacy rights of all individuals and have implemented practices aligned with GDPR principles regardless of geographic location.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary to fulfill a service agreement with you
• Legal obligation: Processing is necessary to comply with the law
• Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

• Right to access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate or incomplete information
• Right to erasure: You can request deletion of your personal data under certain conditions
• Right to restrict processing: You can request that we limit how we use your data
• Right to data portability: You can request transfer of your data to another organization or directly to you
• Right to object: You can object to our processing of your personal data
• Rights related to automated decision-making: You have rights regarding automated processing and profiling

Data Processing Activities

We engage in the following data processing activities:

• Collection and storage of contact information submitted through inquiry forms
• Processing of client data necessary for service delivery and project management
• Technical logging of website visits for security and functionality purposes
• Communication management for customer support and service updates
• Record retention for warranty fulfillment and legal compliance

Data Sharing and Transfers

We do not sell or rent personal data to third parties. When data sharing is necessary for service delivery, we ensure:

• Third parties are bound by confidentiality and data protection agreements
• Data is transferred only to jurisdictions with adequate protection or under appropriate safeguards
• You are informed of such transfers where required by law
• Appropriate technical and organizational measures protect data during transfer

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

• Inquiry data: Three years from last contact
• Active client data: Duration of service relationship plus applicable warranty period
• Financial records: Seven years as required by tax law
• Technical logs: Ninety days unless needed for security investigation

After retention periods expire, data is securely deleted or anonymized.

Security Measures

We implement appropriate technical and organizational measures to protect personal data:

• Encryption of data in transit using industry-standard protocols
• Access controls limiting data access to authorized personnel only
• Regular security assessments and updates to protective measures
• Employee training on data protection obligations
• Incident response procedures for potential data breaches

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours of becoming aware
• Inform affected individuals without undue delay where required
• Provide clear information about the nature of the breach and recommended actions
• Document the breach and our response measures

Cookies and Tracking

We use cookies to enhance website functionality and analyze usage patterns. You can control cookie preferences through your browser settings. For detailed information, please review our Cookie Policy. We do not use cookies for automated decision-making or profiling that produces legal effects.

Children's Data

We do not knowingly collect or process data from individuals under the age of sixteen. If we become aware of such collection, we will take immediate steps to delete the information and terminate any associated accounts.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month, though this may be extended by two additional months for complex requests. We will inform you of any such extension within the initial one-month period.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Data Protection Officer

For questions regarding data protection or to exercise your rights, contact:

Data Protection Inquiries
brave sequoia
847 Granville Street
Vancouver, BC V6Z 1K3
Canada
[email protected]

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through website notice or direct communication to affected individuals. The date of the last update is indicated at the top of this document.