Privacy Policy

3. Information We Process in Client Engagements

In addition to information collected through our website and communications, mBolden may receive, create, or process information as part of client engagements.

This may include:

• business contact information
• stakeholder lists
• interview notes
• workshop outputs
• meeting notes
• survey responses
• organizational charts
• operating model materials
• strategy documents
• transformation plans
• project and governance materials
• recordings or transcripts, where applicable
• client-provided documents, data, presentations, and working materials
• other information reasonably required to deliver contracted services

Client engagement information is used only for the purpose of delivering the relevant services, supporting the client relationship, managing the engagement, and fulfilling contractual, legal, or business obligations.

Access to client engagement information is limited to mBolden team members, contractors, advisors, or service providers who need access to perform their work on the relevant client engagement or stream of work.

Client confidential information may also be governed by a client agreement, statement of work, master services agreement, non-disclosure agreement, or other written arrangement. Where there is a conflict between this Privacy Policy and a client agreement, the client agreement will generally govern the handling of client confidential information for that engagement.

mBolden does not publicly disclose client confidential information or use identifiable client information in marketing materials without appropriate permission.

4. How We Use Personal Information

mBolden uses personal information for the following purposes:

• to respond to inquiries
• to communicate with clients, prospective clients, suppliers, and partners
• to provide consulting, advisory, workshop, facilitation, speaking, and related services
• to manage client engagements
• to schedule meetings and consultations
• to register participants for events, webinars, workshops, or programs
• to send newsletters, updates, insights, event invitations, or other communications where permitted by law
• to manage subscriptions and email preferences
• to process payments and invoices
• to improve our website, services, communications, and client experience
• to administer surveys, forms, assessments, or feedback tools
• to analyze website performance and marketing effectiveness
• to maintain business records
• to protect the security, integrity, and confidentiality of our systems, client information, and business operations
• to comply with legal, regulatory, accounting, tax, contractual, and professional obligations
• for any other purpose disclosed at the time of collection or with your consent

We collect and use only the personal information reasonably necessary for the purposes described in this Privacy Policy or otherwise identified at the time of collection.

5. Consent

By providing personal information to mBolden, you consent to the collection, use, and disclosure of that information as described in this Privacy Policy, unless another form of consent is required by law.

You may withdraw consent at any time, subject to legal, contractual, or operational restrictions. If you withdraw consent, we may not be able to provide certain services, respond to certain requests, or continue certain communications.

To withdraw consent or update your preferences, contact privacy@mbolden.co.

6. Email Marketing and Communications

mBolden may send newsletters, event invitations, business updates, insights, or other commercial electronic messages where we have consent or are otherwise permitted to do so under applicable law.

Our email marketing may be managed through third-party email platforms, including Brevo.

You may unsubscribe from marketing emails at any time by using the unsubscribe link included in our emails or by contacting privacy@mbolden.co.

Transactional, service-related, or engagement-related communications may still be sent where necessary to manage an active business relationship, client engagement, event, contract, invoice, or other legitimate business matter.

7. Cookies, Analytics, and Website Tracking

mBolden’s website uses cookies and similar technologies to support website functionality, understand website performance, improve the user experience, and support marketing and analytics activities.

These technologies may collect information such as:

• IP address
• browser type
• device type
• operating system
• pages visited
• time spent on pages
• referring website or source
• interactions with website content or forms

We may use analytics, advertising, and tracking tools such as Google Analytics, LinkedIn Insight Tag, and similar tools to understand how visitors use our website and to assess the effectiveness of our content and marketing.

You can adjust your browser settings to block or delete cookies. Some website features may not function properly if cookies are disabled.

Where required by applicable law, we will seek consent for the use of certain cookies or tracking technologies.

8. Forms, Bookings, Events, and Surveys

mBolden may collect information through website forms, integrated contact forms, Google Forms, WordPress forms, Brevo forms, booking tools, event platforms, surveys, questionnaires, and similar tools.

We may use platforms such as Brevo, Google Workspace, WordPress, Luma, Notion, Stripe, and other service providers to support these activities.

Information submitted through these tools is used for the purpose for which it was collected, such as responding to inquiries, booking meetings, registering participants, delivering events, managing client engagements, collecting feedback, or providing services.

9. Payments and Billing

Where payments, invoices, bookkeeping, or accounting records are managed online, mBolden may use third-party payment, invoicing, bookkeeping, and accounting platforms such as Stripe, QuickBooks, or similar providers. Payment and billing information is processed by those providers according to their own security and privacy practices.

mBolden does not intentionally store full payment card details on its own systems.

We may retain billing records, invoices, receipts, and related business records as required for accounting, tax, legal, contractual, and business purposes.

10. Third-Party Service Providers

mBolden uses third-party service providers to support our website, operations, communications, payments, invoicing, bookkeeping, accounting, marketing, events, collaboration, document storage, analytics, and client service delivery.

These providers may include categories such as:

• website hosting and website management providers
• form and booking tools
• email marketing and CRM platforms
• payment processors
• invoicing, accounting, and bookkeeping platforms
• event platforms
• survey and feedback tools
• document storage and collaboration platforms
• analytics and marketing tools
• AI-enabled tools and productivity platforms
• professional advisors, contractors, and consultants
• cloud-based business software providers

We provide service providers with access to personal information only where reasonably necessary for them to perform services for mBolden or support a client engagement.

We expect service providers to use appropriate safeguards and to handle personal information in accordance with applicable law and their contractual or platform obligations.

11. Use of AI-Enabled Tools

mBolden may use AI-enabled tools to support productivity, research, drafting, analysis, note-taking, summarization, content development, and consulting workflows.

Where AI-enabled tools are used, mBolden takes steps to use business-grade or corporate-grade accounts where appropriate and to limit the personal information or confidential information shared with such tools.

mBolden does not intentionally use client confidential information in public or unmanaged AI tools in a way that would compromise confidentiality.

AI-enabled outputs are reviewed by mBolden before being used in client-facing work. AI tools support our work but do not replace professional judgment, client context, or human review.

Where a client agreement includes specific restrictions on the use of AI tools, mBolden will follow the applicable contractual requirements.

12. Disclosure of Personal Information

mBolden does not sell personal information.

We may disclose personal information:

• to service providers who support our business operations
• to contractors, advisors, or team members who need the information to perform work for mBolden or a client engagement
• to payment processors, invoicing platforms, bookkeeping platforms, and accounting platforms for payment, billing, invoicing, bookkeeping, tax, and accounting purposes
• to email, event, booking, form, CRM, or analytics providers
• to professional advisors, such as legal, accounting, insurance, or business advisors
• where required by law, regulation, subpoena, court order, or legal process
• to protect mBolden’s rights, safety, property, systems, clients, or business interests
• in connection with a business transaction, such as a merger, reorganization, financing, sale, or transfer of all or part of the business
• with your consent
• as otherwise permitted or required by applicable law

13. International Processing and Storage

mBolden is based in Canada, but some of our service providers may process or store information in Canada, the United States, the European Union, the United Kingdom, or other jurisdictions.

As a result, personal information may be subject to the laws of the jurisdictions where it is processed or stored, including lawful access by courts, regulators, law enforcement, or government authorities in those jurisdictions.

By providing personal information to mBolden, you understand that your information may be processed or stored outside your province, territory, state, or country of residence.

14. Safeguards and Security

mBolden uses reasonable physical, administrative, organizational, and technological safeguards designed to protect personal information and client information against unauthorized access, use, disclosure, alteration, loss, or destruction.

These safeguards may include:

• use of corporate business accounts
• access controls
• limited access to client files based on role and need
• secure cloud-based document storage
• password protection and authentication controls
• confidentiality obligations for team members and contractors
• vendor selection and review practices
• restricted sharing of client materials
• secure collaboration practices
• internal practices for handling client information
• review of access to client-specific folders and workspaces
• reasonable steps to protect information during transmission, storage, and use

mBolden uses a corporate Google Workspace account and client files are stored in a controlled drive environment with limited access for relevant members of the team who need access to perform work for that client or stream of work.

No method of transmission or storage is completely secure. While mBolden takes reasonable steps to protect personal information and client information, we cannot guarantee absolute security.

15. Privacy and Security Incidents

If mBolden becomes aware of a privacy or security incident involving personal information, we will take steps to assess, contain, and respond to the incident.

Where required by applicable law, we will notify affected individuals, clients, regulators, or other relevant parties.

We may also take steps to investigate the incident, reduce potential harm, restore security, and improve our practices.

16. Retention of Personal Information and Client Information

mBolden retains personal information and client information for as long as reasonably necessary to fulfill the purposes for which it was collected, deliver services, manage client relationships, maintain business records, comply with legal, tax, accounting, contractual, and regulatory obligations, resolve disputes, and support legitimate business purposes.

Client engagement materials are generally retained unless and until a client requests deletion, subject to legal, contractual, tax, accounting, backup, archival, dispute resolution, or legitimate business requirements.

If you would like to request deletion of personal information or client information, contact privacy@mbolden.co. We will review the request and respond in accordance with applicable law and any relevant contractual obligations.

17. Your Rights and Choices

Subject to applicable law, you may have the right to:

• request access to personal information we hold about you
• request correction of inaccurate or incomplete personal information
• withdraw consent where consent is the basis for processing
• unsubscribe from marketing communications
• ask questions about our privacy practices
• request deletion of personal information, where applicable
• challenge mBolden’s compliance with this Privacy Policy or applicable privacy law

To make a request, contact privacy@mbolden.co.

We may need to verify your identity before responding to certain requests. We will respond within a reasonable time and in accordance with applicable law.

18. Accuracy of Information

mBolden relies on individuals, clients, and service providers to provide accurate and up-to-date information.

If your personal information changes or you believe information we hold about you is inaccurate, please contact privacy@mbolden.co so we can update it where appropriate.

19. Children’s Privacy

mBolden’s website and services are intended for business and professional audiences. We do not knowingly collect personal information from children through our website.

If we become aware that we have collected personal information from a child without appropriate consent, we will take reasonable steps to delete the information.

20. Links to Third-Party Websites

Our website, emails, or materials may contain links to third-party websites, platforms, or resources.

This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices, security practices, or content of third-party websites or platforms.

We encourage you to review the privacy policies of any third-party websites or services you use.

21. Changes to this Privacy Policy

mBolden may update this Privacy Policy from time to time to reflect changes in our practices, services, technology, legal requirements, or business operations.

When we update this Privacy Policy, we will revise the “Last Updated” date at the top of the policy.

Your continued use of our website or services after an updated Privacy Policy is posted means you accept the updated policy, subject to applicable law.

22. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or mBolden’s privacy practices, contact:

mBolden Privacy Contact
privacy@mbolden.co