Privacy Policy

Effective Date: April 27, 2026 

Last Updated: April 27, 2026 

  • Introduction And Scope
  • Data Controller
  • Categories Of Data Collected
  • Purposes And Legal Bases
  • Disclosure Of Personal Data
  • Cookies And Tracking
  • International data Transfer
  • Data Retention
  • Data Security
  • Your Privacy Rights
  • Children's Privacy
  • Jurisdiction-Specific Disclosures
  • Contact On Data Protection
  • Changes To This Policy

1. INTRODUCTION AND SCOPE

dipoleDIAMOND Limited (“Company”, “we”, “us”, or “our”), operating the NotGeneric platform at https://notgeneric.ca (the “Platform”), is committed to protecting the privacy and personal data of all individuals who interact with our Platform and services. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and shared, how we protect it, and the choices available to you.

This Policy applies to all visitors, users, waitlist registrants, prospective and existing clients, and any person who accesses or provides information through the Platform, irrespective of their geographic location. The .ca domain of this Platform is a technical identifier for our organization and is not intended to suggest any limitation of the Platform’s availability to users in any particular country or region.

This Policy should be read in conjunction with our Terms of Use. Terms not defined herein carry the meaning ascribed in the Terms of Use.

2. DATA CONTROLLER

For the purposes of applicable data protection laws, the data controller responsible for personal data collected through the Platform is:

dipoleDIAMOND Limited

Where we process personal data on behalf of business clients under a service agreement, we may act as a data processor. In such cases, the applicable service agreement and any accompanying data processing addendum shall govern.

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Data You Provide Directly

We collect personal data that you voluntarily provide when you:

  • Contact us via forms, email, or other communication channels – which may include your name, email address, job title, company name, and message content;
  • Request a quote or consultation; including business requirements, organizational information, and contact details;
  • Register on a waitlist (e.g., ProgReps) including your name and email address;
  • Submit surveys or feedback; including your responses and any identifiable information you choose to share.

3.2 Data Collected Automatically

When you access the Platform, we and our service providers may automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps;
  • Device information: device identifiers, hardware model, and screen resolution;
  • Usage data: clickstream data, navigation paths, session duration, and feature interactions;
  • Cookie and tracking data: as described in Section 6 below.

3.3 Data From Third-Party Sources

We may receive data about you from third-party platforms, including:

  • Microsoft services (where applicable to our integration-based products), subject to Microsoft’s own privacy terms;
  • Analytics providers that aggregate usage information;
  • Referral sources or business partners, where you have consented to the sharing of your data.

3.4 Sensitive Data

We do not intentionally collect sensitive personal data (such as health data, financial account details, biometric data, or government identification numbers). Please refrain from submitting such data through the Platform.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

We process personal data only for specified, explicit, and legitimate purposes. The following table summarizes our processing activities:

Purpose Legal Basis
Responding to enquiries and providing requested information. Performance of a contract or pre-contractual steps; legitimate interests.
Providing, managing, and improving our services and products. Performance of contract; legitimate interests.
Sending transactional communications (confirmations, updates, support). Performance of contract; legitimate interests.
Marketing and promotional communications about our services. Your consent (where required); legitimate interests (where permitted).
Platform analytics, performance monitoring, and improvement. Legitimate interests in operating and improving our business.
Compliance with legal obligations. Legal obligation.
Prevention of fraud, abuse, and security threats. Legitimate interests; legal obligation.

We will not process your personal data in a manner incompatible with these stated purposes without providing prior notice and, where required, obtaining your consent.

5. DISCLOSURE OF PERSONAL DATA

5.1 Service Providers and Sub-Processors

We engage third-party service providers to assist with the operation of our business and Platform. These providers process personal data on our behalf and are contractually bound to process data only as instructed by us and to maintain appropriate security standards. Categories include:

  • Cloud hosting and infrastructure providers;
  • Email delivery and communication platforms;
  • Analytics and monitoring services;
  • Payment processing providers (if applicable);
  • Customer relationship management (CRM) tools;
  • Microsoft platform and ecosystem services.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, financing, or sale of all or a portion of our assets, personal data held by us may be transferred to a third party as part of that transaction. We will notify affected users before their personal data is transferred and becomes subject to a different privacy policy, to the extent required by applicable law.

5.3 Legal and Regulatory Disclosure

We may disclose personal data where we in good faith believe disclosure is required to:

  • (a) comply with applicable law, regulation, legal process, or enforceable governmental request;
  • (b) enforce or investigate potential violations of our Terms;
  • (c) detect, prevent, or address fraud, security, or technical issues;
  • (d) protect the rights, property, or safety of the Company, our clients, or the public.

5.4 No Sale of Personal Data

We do not sell, rent, or trade personal data to third parties for their independent commercial use. Where we are subject to privacy laws that define “sale” broadly (including data sharing for cross-context behavioral advertising), we do not engage in such activities.

6. COOKIES AND TRACKING TECHNOLOGIES

The Platform uses cookies and similar technologies (e.g., web beacons, pixels, local storage) to facilitate functionality, analyze usage, and improve your experience. Cookies may be set by us (“first-party cookies”) or by third parties whose services are embedded in our Platform (“third-party cookies”).

6.1 Types of Cookies We Use

Required Strictly Necessary Cookies

Required for the Platform to operate. These cannot be disabled without affecting core functionality.

Analytics Performance and Analytics Cookies

Collect aggregated information about how visitors use the Platform (e.g., pages visited, time spent). Used to improve Platform performance.

Functional Functionality Cookies

Remember your preferences and settings to provide a personalized experience.

Consent Required Marketing and Targeting Cookies

Used to track visitors across websites to serve relevant advertising. These are set only with your consent.

6.2 Your Choices

Where required by applicable law, we will seek your consent before placing non-essential cookies. You may withdraw consent or manage cookie preferences at any time through your browser settings or our consent management mechanism (where available). Please note that disabling certain cookies may affect the functionality of the Platform.

7. INTERNATIONAL DATA TRANSFERS

As a global service provider, we and our service providers may transfer, store, and process personal data in countries other than the country from which you access the Platform. Such countries may have data protection laws that differ from those in your jurisdiction.

Where transfers occur across jurisdictions that require specific safeguards (such as the European Economic Area, the United Kingdom, or other jurisdictions with data transfer restrictions), we implement appropriate safeguards, which may include:

Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant supervisory authorities;
Adequacy decisions where applicable;
Binding corporate rules or other recognized transfer mechanisms.
You may request more information about the safeguards governing international transfers of your personal data by contacting us at the address set out in Section 13.

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Retention periods vary depending on the nature of the data and the context of collection:

Enquiry & Contact Data
Up to 3 years

Retained for the duration of the relationship and up to three (3) years after the last interaction, unless a longer period is required by law.

Client Engagement Data
Per service agreement

Retained for the duration of the applicable service agreement and for a period thereafter as required by applicable commercial and tax laws.

Waitlist Data
Until launch or withdrawal

Retained until the relevant product launches or until you withdraw from the waitlist, whichever is sooner.

Analytics & Log Data
Up to 12 months

Typically retained in identifiable form for no longer than twelve (12) months, thereafter anonymized or deleted.

When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention procedures.

9. DATA SECURITY

We implement technical, administrative, and organizational security measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

Encryption in Transit Encryption of data in transit using industry-standard TLS protocols.
Access Controls Authentication mechanisms limiting data access to authorized personnel only.
Security Assessments Regular security assessments and vulnerability monitoring.
Employee Training Employee training on data protection and confidentiality obligations.
Vendor Due Diligence Vendor due diligence and contractual security requirements.
No method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal data, and by using the Platform you acknowledge the inherent risks of electronic data transmission. In the event of a data breach requiring notification under applicable law, we will comply with our notification obligations.

10. YOUR PRIVACY RIGHTS

Depending on your jurisdiction and the applicable legal framework, you may have some or all of the following rights with respect to your personal data:

01
Right of Access Request confirmation of whether we process your personal data and obtain a copy thereof.
02
Right to Rectification Request correction of inaccurate or incomplete personal data.
03
Right to Erasure Request deletion of your personal data (“Right to be Forgotten”), subject to our legal obligations and legitimate interests.
04
Right to Restriction of Processing Request that we limit processing of your data in certain circumstances.
05
Right to Data Portability Receive your personal data in a structured, machine-readable format and transmit it to another controller, where technically feasible.
06
Right to Object Object to processing based on legitimate interests or for direct marketing purposes.
07
Right to Withdraw Consent Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
08
Right Against Automated Decision-Making Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects, except where permitted by law.
09
Right to Lodge a Complaint File a complaint with your applicable data protection supervisory authority.
To exercise any of these rights, please contact us as set out in Section 13. We will respond in accordance with applicable law and may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

Please note that these rights are not absolute and may be subject to exceptions or limitations under applicable law.

11. CHILDREN'S PRIVACY

This Platform is not directed to individuals under the age of 18.

We do not knowingly collect personal data from minors. If you believe we have inadvertently collected personal data from a minor, please contact us immediately using the details in Section 13, and we will take steps to delete such information without undue delay.

12. JURISDICTION-SPECIFIC DISCLOSURES

🇪🇺
GDPR / UK GDPR EEA & United Kingdom

If you are located in the EEA or the UK, the General Data Protection Regulation (GDPR) or the UK GDPR (as applicable) governs our processing of your personal data. Our legal bases for processing are set out in Section 4. You have the rights described in Section 10 and may lodge a complaint with your national supervisory authority.

🇺🇸
CCPA / CPRA & State Laws United States

California residents may have additional rights under the CCPA as amended by the CPRA, including the right to know, delete, opt out of sale/sharing, and non-discrimination. We do not sell your personal information. Residents of other US states (including Virginia CDPA, Colorado CPA, and others) may have additional rights under applicable state privacy laws, which we will honor to the extent required by law.

🇳🇬
NDPA 2023 / NDPR 2019 Nigeria

dipoleDIAMOND Limited is incorporated in Nigeria and subject to the Nigeria Data Protection Act 2023 (NDPA) and Nigeria Data Protection Regulation 2019 (NDPR), administered by the Nigeria Data Protection Commission (NDPC). Nigerian residents have rights of access, rectification, erasure, objection, and portability, and may direct complaints to the NDPC. The Company maintains appropriate data processing agreements with sub-processors operating in or from Nigeria.

🌐
All Jurisdictions Other Regions

We comply with applicable data protection and privacy laws to the extent required in all jurisdictions where we operate. If you have questions about rights available to you in a jurisdiction not covered above, please contact us using the details in Section 13.

13. CONTACT AND DATA PROTECTION ENQUIRIES

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our data protection team:

dipoleDIAMOND Limited Operating as NotGeneric
https://notgeneric.ca privacy@dipolediamond.com
We endeavour to respond to all legitimate privacy enquiries within 30 days, or within such shorter period as may be required by applicable law.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, notify you by email or by a prominent notice on the Platform prior to the change becoming effective.

Policy Updates Material changes will be communicated via email or a prominent notice on the Platform before they take effect.
Your Continued Use Continued use of the Platform following an updated Policy constitutes your acknowledgment of those changes. If you do not agree to the revised Policy, please discontinue use of the Platform.
This Privacy Policy was drafted and reviewed to reflect internationally recognized data protection standards, including GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.