Last updated: May 6, 2026
1. Who we are
Forward IT Thinking is the consulting brand of FIT Automate, a Canadian business based in Ontario. We help small and mid-sized businesses adopt practical, governed AI through three services: AI Readiness Audit, Intelligent Automation, and AI Enablement.
This policy covers personal information we collect through our website, email, scheduling tools, and during consulting engagements.
2. Person responsible for privacy
Under PIPEDA and Quebec Law 25, we have a designated person responsible for personal information:
John Bewley, Privacy Officer
jb@forwarditthinking.com
+1 (647) 699-9289
Send privacy questions, access requests, complaints, or consent withdrawals to that address. We respond within 30 days.
3. What we collect
Information you give us directly
- Name, email, phone, company, role, and anything you write in a contact form, chat, or meeting request.
- Project details you share during discovery calls, audits, or engagements.
- Billing details if you become a client, handled by our payment processor. We do not store full card numbers.
Information collected automatically when you visit the site
- IP address, approximate location, browser, device, operating system, referring URL, pages viewed, and time on page.
- Cookie identifiers and analytics events. See section 7.
Information from third parties
- Calendar and meeting metadata if you book through our scheduling tool.
- Enrichment data such as company size or industry from CRM tools, only attached to a business contact you have already given us.
We do not knowingly collect information from anyone under 16. If you think a minor has submitted information, email us and we will delete it.
4. Why we use it
We use personal information to:
- Reply to your inquiry and book meetings.
- Deliver and invoice consulting work.
- Run and improve the website.
- Send service updates to active clients.
- Send marketing emails only to people who opted in or have an existing business relationship under CASL.
- Detect abuse, secure systems, and meet legal or tax obligations.
We do not sell personal information. We do not use it for automated decisions that produce legal or similarly significant effects on you. If that ever changes, we will tell you in advance and give you a way to ask for human review, as Law 25 requires.
5. Legal basis under PIPEDA and Law 25
We rely on:
- Consent, express for marketing email and optional cookies; implied for replying to an inquiry you sent us.
- Contract, to deliver work you have engaged us for.
- Legitimate business interest, including basic site analytics, fraud prevention, and securing our systems, balanced against your privacy.
- Legal obligation, including tax records and responding to lawful requests.
You can withdraw consent at any time by emailing info@forwarditthinking.com. Withdrawal does not affect processing already done, and may stop us from continuing a service.
6. Who we share it with
We share personal information only with service providers who need it to run our business. Current categories and providers:
| Purpose | Provider | Location of processing |
|---|---|---|
| Website hosting | Vercel | United States |
| CDN, security, DNS | Cloudflare | Global, including US/EU edge |
| CRM and forms | HubSpot | United States |
| Database and auth | Supabase | Canada / United States |
| Email delivery | Resend | United States |
| Analytics | Vercel Analytics, Cloudflare Analytics | United States |
| Scheduling | HubSpot, Microsoft 365 Calendar | United States |
| Workflow automation | n8n, self-hosted | Canada |
| Productivity | Microsoft 365, including SharePoint, Teams, OneDrive, and Outlook | Canada / United States |
Each provider is bound by a contract that requires confidentiality and reasonable safeguards. The current list of providers is available on request.
We may also share information when required by law, to enforce an agreement, or to protect rights, property, or safety.
7. Cookies and tracking
We use:
- Strictly necessary cookies to load the site, remember your consent choice, and prevent abuse. Always on.
- Analytics cookies to count visits and see which pages help. Off by default, on only if you accept.
You set your preference in the cookie banner the first time you visit. To change that choice for now, clear this site's cookies in your browser and the banner will reappear on your next visit. See the Cookie Policy for more detail.
8. Email and CASL
We send commercial email under CASL. That means:
- We email you only if you opted in, or if we have an existing business relationship with you.
- For inquiries, the existing business relationship window is 24 months. For purchases, it is 18 months. Each time we hear from you, the window refreshes.
- Every commercial email identifies us, gives our contact details, and includes a one-click unsubscribe.
- Unsubscribes are honoured within 10 business days.
To opt out, click unsubscribe in any email or write to info@forwarditthinking.com.
9. Cross-border transfers
Some of our providers process data in the United States and other countries. Those countries may have weaker privacy protections than Canada or Quebec. Before using a provider that transfers personal information outside Quebec, we assess the privacy implications, as Law 25 requires, and rely on contractual safeguards.
If you are in Quebec and want details of our transfer impact assessments, email jb@forwarditthinking.com.
10. How long we keep it
| Data | Retention |
|---|---|
| Website inquiry that goes nowhere | 24 months, then deleted |
| Active client records | Duration of engagement plus 7 years for tax and limitation periods |
| Marketing list | Until you unsubscribe, plus 3 years for proof of consent under CASL |
| Server logs | 90 days |
| Analytics events | 14 months |
| Backups | Rolling 30 days |
When retention ends, we delete or anonymize the data.
11. Security
We protect personal information with reasonable safeguards: access controls, MFA, encryption in transit through TLS and at rest where the provider supports it, least-privilege access, vendor reviews, and incident response procedures.
No system is perfectly secure. If a breach creates a real risk of significant harm, we will notify you and the relevant regulator as PIPEDA and Law 25 require.
12. Your rights
Wherever you are, you can ask us to:
- Confirm what personal information we hold about you.
- Give you a copy.
- Correct anything wrong or incomplete.
- Delete information we no longer need.
- Stop marketing emails.
If you are in Quebec, Law 25 also gives you:
- The right to portability, meaning the right to receive your data in a structured, common, machine-readable format where technically feasible.
- The right to de-indexing or cessation of dissemination of information that causes serious injury and is not justified by public interest.
- The right to be told before any decision based solely on automated processing affects you, and to ask for human review.
To exercise any right, email jb@forwarditthinking.com from the address on file, or with enough detail for us to identify you. We respond within 30 days. There is no fee unless the request is excessive or repetitive, and we will tell you the cost first.
13. Complaints
If we do not resolve a privacy concern, you can complain to:
- Office of the Privacy Commissioner of Canada: 1-800-282-1376
- Commission d'acces a l'information du Quebec, if you are in Quebec: 1-888-528-7741
You can also seek remedies in court.
14. Changes to this policy
We may update this policy. We will change the "Last updated" date and, for material changes, post a notice on the site or email active clients before the change takes effect.
15. Contact
info@forwarditthinking.com
Forward IT Thinking, Privacy Officer, Ontario, Canada
