Dynamic Needs Analysis (“DNA”) Privacy Policy
- Effective Date This Privacy Policy is effective as of June 24th, 2025 and applies to the DNA website, https://dynamicneedsanalysis.com, our web and mobile applications, and any related services we provide (collectively, the “Services”).
- Who We Are Dynamic Needs Analysis Inc. (“DNA,” “we,” “us,” or “our”) is a Canadian software company headquartered at:
- Contacting Us
- Email (privacy requests): privacy@dynamicneedsanalysis.com
- Data Protection Officer: Robert McCurdy (robert@dynamicneedsanalysis.com)
- Key Definitions
- Information We Collect
- Why We Collect Your Data
- To deliver the Services – create and maintain your account, generate needs-analysis reports, automated compliance documents, dashboards, and AI guidance.
- To improve and secure the platform – analytics, debugging, fraud prevention, capacity planning.
- To process transactions – subscription billing and license management.
- To communicate with you – service announcements, security alerts, marketing (with opt-out).
- To develop new features – training non-identifiable, aggregated data to enhance AI models and advisor insights.
- Legal obligations – tax records, regulatory audits, enforcement of our Terms of Service.
- Cookies & Similar Technologies
- How We Share Personal Data
- Data Residency
- Data Retention
- Account Data – retained while your subscription is active plus 90 days for audit, dispute, and tax purposes.
- AI Inputs/Outputs – retained for 90 days to provide context history and improve model quality, then de-identified or deleted.
- Marketing Consent Records – 5 years (legal burden of proof).
- System Logs – up to 24 months for security, diagnostics.
- Your Privacy Rights
- Children’s Privacy
- Security Measures
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Multi-factor authentication for internal admin access
- Role-based access controls & annual access reviews
- Routine penetration testing and vulnerability scans
- Third-Party Links
- Changes to This Policy
- Contact Us
1075 West Georgia Street, Suite 1810, Vancouver, BC V6E 3C9, Canada
Under the General Data Protection Regulation (“GDPR”) we are the data controller for personal data we collect from, or about, users of our Services. For the California Consumer Privacy Act (“CCPA”) we are a business; for Canada’s PIPEDA we are an organization.| Term | Meaning |
|---|---|
| Personal Data / Personal Information (“PII”) | Any information that can reasonably identify, relate to, describe, or be linked to an individual. |
| User / Data Subject | An individual advisor, client, or website visitor whose data is processed by DNA. |
| Processor / Service Provider | A third-party that processes data on DNA’s behalf. |
| Account | The secure profile an advisor or organization creates to access the Services. |
(Capitalized terms not defined here have the meanings given in applicable privacy laws.)
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, postal address, email, phone, IP address, unique device IDs | Provided by you; collected automatically |
| Advisor-Generated Data | Case notes, compliance checklists, needs-analysis inputs, uploaded client documents | You or your organization |
| Payment Data | Cardholder name, last 4 digits, expiry date (handled by PCI-certified processor) | You; processor |
| Usage Data | Browser type, pages viewed, session duration, referring URL | Collected automatically |
| Location Data | Approximate geolocation via IP; precise GPS only if you enable mobile location services | Collected automatically / with consent |
| AI Inputs & Outputs | Prompts you enter into the AI Advisor feature and the resulting responses | You; generated by the model |
Special Categories: DNA does not intentionally request or require sensitive data (e.g., health data, racial or ethnic origin). If you believe such data has been uploaded inadvertently, contact us to request deletion.
Legal Bases (GDPR). We rely on one or more of: (a) performance of a contract; (b) legitimate interests; (c) your consent (e.g., marketing, precise geolocation); (d) compliance with legal duties.
| Key Point | DNA Practice |
|---|---|
| Purpose | We use cookies only to authenticate users, maintain secure sessions, and protect the platform from fraud or malicious activity. |
| Type of cookies | All cookies placed by DNA are strictly necessary (“essential”) first-party session cookies. We do not set analytics, advertising, or social-media cookies. |
| Opt-out | Because these cookies are essential to log in and use the Services, they cannot be disabled individually. If you block or delete them in your browser, the platform will not function. |
| Cookie notice page | DNA does not maintain a separate cookie-preference centre, since no optional cookies are used. |
We periodically review cookie usage to ensure we remain limited to essential authentication purposes only. If our practice changes, we will update this section and notify users in advance.
| Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud hosting & infrastructure | Data storage, back-ups, security monitoring | ISO 27001 / SOC 2 certified |
| Payment processors | Subscription billing | PCI-DSS compliance; DNA never stores full card data |
| Service providers | Analytics, email delivery, customer support | Data-processing agreements |
| Affiliates & successors | Corporate restructuring, merger or acquisition | Contractual privacy assurances |
| Regulators / law enforcement | Legal compliance, fraud investigation | Verified, lawful requests only |
| Advisor-selected integrations | CRM, carrier illustration tools, etc. | Controlled by the advisor via account settings |
We do not sell your Personal Information. If that ever changes, we will provide advance notice and a right to opt-out.
DNA hosts all application servers, databases, and encrypted back-ups exclusively in Canadian data centres. We do not transfer or remotely access your personal information from outside Canada.
If, in the future, we contemplate cross-border processing, we will (a) update this Policy, (b) obtain any required consents, and (c) ensure equivalent protection through Canadian adequacy findings or contractual safeguards.
You may request earlier deletion where permitted (see Section 11).
Under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial statutes, you have the right to:
| Right | What it means | How to exercise |
|---|---|---|
| Access | Obtain a copy of the personal information DNA holds about you. | Email privacy@dynamicneedsanalysis.com with “Access Request” in the subject line. |
| Correction | Challenge the accuracy or completeness of your information and have it amended. | Specify the data to be corrected and provide supporting documentation. |
| Withdrawal of consent | Withdraw consent to optional processing where consent was the legal basis (e.g., marketing emails). | Use the unsubscribe link in marketing messages or contact us at the address above. |
| Accountability & complaints | Raise concerns about DNA’s privacy practices. | Contact our Privacy Officer first. If unresolved, you may complain to the Office of the Privacy Commissioner of Canada. |
We respond to verified requests within 30 days unless an extension is permitted by law. Exercising your rights is free of charge; however, we may charge a reasonable fee for copies of large data sets, as allowed by PIPEDA.
DNA is designed for professional financial advisors and is not directed to anyone under 13. We do not knowingly collect children’s data. If you believe a child has provided us PII, contact us for removal.
No security measure is perfect; we cannot guarantee absolute security, but we follow industry best practices and continuously enhance our defences.
The Services may contain links to sites we do not control. DNA is not responsible for the privacy or security of those sites. Review the privacy policy of every third‑party service you use.
We may update this Privacy Policy to reflect changes in law, technology, or our practices. Material changes will be announced via email or an in‑app banner at least 30 days before they take effect. Your continued use of the Services after the effective date constitutes acceptance.
For any questions, concerns, or complaints regarding this Policy or our privacy practices, please contact our DPO at privacy@dynamicneedsanalysis.com or mail us at the address in Section 2.
Disclaimer
This Privacy Policy template is provided for informational purposes only and does not constitute legal advice. DNA should review the draft with qualified counsel to ensure compliance with all applicable laws and regulations before publication.