Baseline Controls News Resources Glossary About
Free Assessment
Home / Privacy Policy

Privacy Policy

How we handle your data and protect your privacy.

Effective date: February 9, 2026
Last updated: March 10, 2026

About This Policy

The website cybersecuritycanada.ca (the "Website") is operated by Cyber Unit Security Inc., operating as Cybersecurity Canada ("we," "our," or "us"), a Canadian corporation. This privacy policy explains what information is collected when you visit our Website, how that information is used, and the choices available to you. This policy should be read in conjunction with our Terms of Use.

We are committed to complying with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and all applicable provincial privacy legislation. As a Canadian resource, we hold ourselves to the same privacy standards we encourage businesses to follow.

Information We Do Not Collect

We want to be explicit about what we do not do:

  • We do not collect your name, email address, phone number, or any personally identifiable information
  • We do not have user accounts, login systems, or registration forms
  • We do not have contact forms, newsletter sign-ups, or email capture of any kind
  • We do not sell, rent, or share any data with third parties for marketing purposes
  • We do not use advertising cookies or retargeting pixels
  • We do not track you across other websites

Cybersecurity Assessment Data

Our free cybersecurity assessment tool is the core feature of this website. It is important to understand how it handles your data:

  • All processing is client-side. Your answers to the 50 assessment questions are processed entirely within your web browser using JavaScript. No assessment data is ever transmitted to our servers or any third-party service.
  • Progress is saved locally. Your in-progress answers are saved to your browser's local storage so you can resume if you accidentally close the page. This data stays on your device — it is never transmitted to our servers. It is automatically deleted after 48 hours or when you complete the assessment, whichever comes first.
  • Results disappear when you're done. Once you complete the assessment or the 48-hour window expires, your saved progress is permanently deleted. No assessment data persists beyond that point.
  • Print is local. The "Print Results" feature uses your browser's built-in print function. The printed document is generated locally and never passes through our servers.

We designed the assessment to keep your data on your device. Progress is saved locally only to prevent accidental loss, and is automatically deleted after completion or 48 hours.

Website Analytics

We use Google Analytics 4 (GA4) to understand how visitors interact with our website. This helps us improve the site's content and usability. Google Analytics collects:

  • Technical information: Browser type and version, operating system, screen resolution, and device type (desktop, mobile, tablet)
  • Usage information: Pages visited, time spent on pages, how you arrived at our site (search engine, direct link, referral), and general navigation patterns
  • Approximate location: City-level geographic data derived from your IP address. Your full IP address is anonymized by Google before storage.

Google Analytics does not collect your name, email, or other personally identifiable information through our implementation. We have not enabled any Google advertising features, remarketing, or demographic reporting.

Google processes this data in accordance with the Google Privacy Policy. Data may be processed on servers located outside of Canada, including in the United States.

Opting Out of Analytics

You have several options to prevent analytics data collection:

  • Install the Google Analytics Opt-out Browser Add-on
  • Use a privacy-focused browser or extension that blocks tracking scripts (such as uBlock Origin or Brave browser)
  • Disable JavaScript in your browser (note: the assessment tool requires JavaScript to function)

Cookies

Cookies are small text files stored on your device by your web browser. Our website uses the following cookies:

Analytics Cookies (Google Analytics)

  • _ga — Distinguishes unique visitors. Expires after 1 month.
  • _ga_[ID] — Maintains session state. Expires after 1 month.

These cookies contain randomly generated identifiers and do not store any personal information.

No Other Cookies

We do not use cookies for advertising, social media integration, personalization, or any purpose beyond basic analytics. We do not use any cookie consent management platform because our cookie use is limited to analytics only.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Instructions are available for Chrome, Firefox, Safari, and Edge. Blocking analytics cookies will not affect your ability to use this website or the assessment tool.

Hosting and Infrastructure

This website is hosted on Amazon Web Services (AWS) through AWS Amplify, with the origin server located in Canada (ca-central-1, Montreal). Content is delivered through Amazon CloudFront, a global content delivery network with edge locations across Canada, meaning pages are typically served from a location close to you.

AWS may collect standard server logs including your IP address, browser type, and the pages you request. These logs are used for security monitoring and performance optimization. No personal information is stored on our servers — this is a static website with no database or user accounts. AWS processes data in accordance with the AWS Privacy Notice.

We use HTTPS (TLS encryption) on all pages to protect data in transit between your browser and our servers.

Third-Party Links

Our website contains links to external websites, including:

  • Canadian Centre for Cyber Security (cyber.gc.ca)
  • Get Cyber Safe (getcybersafe.gc.ca)
  • Other Government of Canada resources
  • Google Fonts (fonts.googleapis.com) for typography

When you click an external link, you leave our website and are subject to the privacy policy of the destination site. We are not responsible for the privacy practices or content of external websites. All external links open in a new tab so you don't lose your place on our site.

Google Fonts

We load fonts (Inter and JetBrains Mono) from Google Fonts. When you visit our site, your browser makes a request to Google's servers to download these font files. Google may collect your IP address and browser information as part of this request. See Google Fonts Privacy for details.

Your Rights Under Canadian Privacy Law

Under PIPEDA, you have the right to:

  • Know what personal information we hold about you. In our case, we hold none — the assessment runs entirely in your browser and we have no user accounts or data collection forms.
  • Access your personal information. Since we do not collect or store personal information, there is nothing to access or provide.
  • Request correction or deletion. There is no stored personal data to correct or delete.
  • Withdraw consent. You can opt out of analytics at any time using the methods described above.
  • File a complaint. If you believe your privacy rights have been violated, you may file a complaint with the Office of the Privacy Commissioner of Canada.

Data Retention

Since we do not collect personal information directly, our data retention is limited to:

  • Google Analytics data: Retained for 14 months, after which it is automatically deleted by Google. We have configured the shortest available retention period.
  • Server logs (AWS): Standard web server logs are retained for security purposes and are automatically purged according to AWS default policies.

Security

We take reasonable measures to protect this website and your browsing experience:

  • HTTPS encryption on all pages
  • Security headers including Content Security Policy, HSTS, and X-Frame-Options
  • No collection or storage of sensitive personal data
  • Regular review of third-party dependencies

Children's Privacy

This website is designed for Canadian business owners, managers, and IT professionals. It is not directed at children under the age of 13. We do not knowingly collect any personal information from children. If you believe a child has somehow provided personal information through this website, please contact us and we will investigate promptly.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

If we make significant changes that affect how data is collected or used, we will make the updated policy prominently accessible from the homepage.

Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, contact us at:

Email: [enable JavaScript to see email]

We aim to respond to all privacy inquiries within 30 days, as required by PIPEDA.