Winback Labs
Legal

Privacy Policy

Last updated: April 22, 2026 · Effective date: April 22, 2026

This Privacy Policy explains how Winback Labs Inc.(“Winback Labs,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our website at winbacklabs.com and related subdomains (the “Site”).

We are a Canadian corporation based at 107 Balliol Street, Toronto, Ontario M4S 1C2, Canada. We are committed to handling your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Ontario law, and applicable laws in the jurisdictions where our Site visitors are located.

If you do not agree with this Privacy Policy, please do not use the Site.

1. What We Collect

Information you give us directly

  • Contact form submissions. When you fill out our contact form, we collect your name, email address, and the subject and content of your message.
  • Calendly bookings. When you book a call with us via Calendly, Calendly collects your name, email address, the time you chose, and any information you provide in the booking form. We receive this information through Calendly.
  • Email correspondence. When you email us, we receive your email address, name (if provided), and the content of your message.
  • Newsletter or content downloads (if applicable). If you sign up for anything we offer via email, you provide your name and email address.

Information we collect automatically

  • Analytics data. We use Google Analytics 4 to understand how visitors use the Site. Google Analytics collects information about your visit — pages viewed, time spent, approximate geographic location (based on IP, which is anonymized before storage), device and browser type, and referring website. This data is aggregated and does not identify you personally to us.
  • Cookies and similar technologies. The Site uses cookies — small text files stored on your device — for analytics purposes. See Section 7 for details.

Information we do not collect

  • We do not use marketing tracking pixels (e.g., Facebook Pixel, LinkedIn Insight Tag) on the Site.
  • We do not collect payment or financial information through the Site. Payments for our services, when applicable, are processed through third-party providers under a separate engagement agreement (see Section 4).
  • We do not knowingly collect information from children under 16. See Section 10.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiries — when you fill out the contact form or book a call, we use your information to reply, schedule, and have the conversation you requested
  • To provide our services — where a business relationship forms, we use your information to deliver the services described in the engagement agreement
  • To send you information you've requested — e.g., the benchmark study, book information, or other content you've asked for
  • To improve our Site — aggregated analytics data helps us understand what content is useful and where to improve
  • To comply with legal obligations — e.g., tax and corporate record-keeping, responding to lawful requests from authorities

We do not sell your personal information. We do not use it for third-party advertising or to profile you for marketing purposes beyond our direct communication with you.

3. Legal Basis for Processing (for EU/UK Visitors)

If you are in the European Economic Area or the United Kingdom, our legal basis for processing your personal information is:

  • Consent — when you voluntarily submit information (e.g., contact form, newsletter signup)
  • Legitimate interests — for Site analytics and improving the Site, where those interests are not overridden by your rights
  • Performance of a contract — when processing is necessary to deliver services you've engaged us for
  • Legal obligation — where we're required by law to keep or disclose information

You can withdraw consent at any time by contacting us at the address in Section 12.

4. How We Share Your Information

We share personal information only in the following circumstances:

With service providers who help us operate the Site and our business

These third parties process information on our behalf under contractual confidentiality and data-protection obligations:

ProviderPurposeData Shared
Google (Analytics, Workspace/Gmail)Site analytics; receiving emails and form submissionsAnalytics data; email content; contact details
CalendlyBooking callsName, email, booking details
Wise (and potentially Stripe in the future)Payment processing under signed engagement agreementsBilling information provided by clients
Website host (e.g., Vercel or equivalent)Hosting the SiteTechnical data (IP, browser) necessary to deliver the Site

Each of these providers has its own privacy policy. We encourage you to review them.

When required by law

We may disclose personal information if required to do so by law, court order, or a lawful request from a government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

In a business transaction

If Winback Labs is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. Any successor entity will be bound by this Privacy Policy unless you are notified of changes.

5. International Data Transfers

Some of our service providers (notably Google, Calendly, and Wise) are located in the United States or other countries outside Canada. When we share your personal information with them, it may be stored and processed outside Canada. Those jurisdictions may have data-protection laws that differ from Canada's.

Where required, we rely on contractual safeguards (such as Standard Contractual Clauses) and our service providers' compliance commitments to protect your information.

6. Data Retention

We keep personal information only as long as we need it for the purposes described in this Privacy Policy, or as required by law.

  • Contact form and email inquiries — retained in our Gmail inbox for as long as reasonably necessary to support ongoing communication, typically up to 3 years after last contact, then deleted on a rolling basis
  • Calendly booking records — retained per Calendly's retention policy; we export and keep relevant records for our own files only as long as needed
  • Analytics data — Google Analytics data is retained for up to 14 months by default in our configuration
  • Client records — where a business relationship forms, we retain records as required by the engagement agreement and Canadian tax/corporate law (typically 7 years after the engagement ends)

If you ask us to delete your information and we have no legal basis to keep it, we will do so.

7. Cookies and Similar Technologies

A cookie is a small file stored on your device that helps a website recognize return visits and measure usage.

What cookies we use

  • Analytics cookies (Google Analytics 4). These help us understand how visitors interact with the Site. Google Analytics sets cookies like _ga and _ga_* that last up to 2 years. IP addresses are anonymized before Google stores them in our configuration.

We do not use:

  • Marketing cookies (e.g., Facebook Pixel, LinkedIn Insight Tag, Google Ads remarketing)
  • Third-party advertising cookies
  • Cross-site tracking cookies beyond what Google Analytics uses for aggregate analytics

Your choices

Analytics cookies are set when you load the Site. You can control them in the following ways:

  • Browser settings. Most browsers let you block or delete cookies, or browse in a private/incognito mode that limits them. Blocking cookies may affect how the Site functions for you but will not prevent you from reading content or booking a call.
  • Google Analytics opt-out. You can opt out of Google Analytics tracking across all sites by installing Google's Browser Add-on.
  • Do Not Track. The Site honours browser “Do Not Track” signals where technically possible.

If you are visiting from a region with specific cookie-consent requirements (such as the EU or UK) and you would prefer we not collect analytics data about your visit, please use one of the opt-out options above. You can also contact us at the email in Section 12 and we will remove any analytics data associated with your visit where we are able to identify it.

8. How We Protect Your Information

We take reasonable technical and organizational measures to protect personal information against loss, theft, and unauthorized access, disclosure, or modification. These include:

  • Using reputable service providers with their own security programs (Google, Calendly, Wise, Vercel or equivalent host)
  • Restricting access to personal information to people who need it to do their jobs
  • Using secure (HTTPS) connections for all Site traffic
  • Maintaining reasonable administrative and technical safeguards

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach that materially affects your information, we will notify you and relevant authorities as required by law.

9. Your Rights

You have rights regarding your personal information. Depending on where you are, these include:

Under Canadian law (PIPEDA)

  • Access — you can ask what personal information we hold about you
  • Correction — you can ask us to correct inaccurate information
  • Withdraw consent — you can ask us to stop using your information (subject to legal or contractual obligations)
  • Complain — you can complain to us or to the Office of the Privacy Commissioner of Canada

Under EU/UK law (GDPR)

In addition to the above: rights to erasure (“right to be forgotten”), restriction of processing, data portability, and to object to processing based on legitimate interests.

Under California law (CCPA/CPRA)

If you are a California resident, you have rights to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising.

How to exercise these rights

Contact us at the address or email in Section 12. We will respond within the time required by applicable law (typically 30 days). We may ask you to verify your identity before acting on certain requests.

10. Children

The Site is intended for business users and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child, contact us and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we'll update the “Last updated” date at the top. If we make material changes, we'll flag them on the Site and, where appropriate, notify you by email. Your continued use of the Site after changes are posted means you accept the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your personal information, contact us at:

Winback Labs Inc.
Attn: Privacy
107 Balliol Street
Toronto, Ontario M4S 1C2
Canada

Email: dan@winbacklabs.com

We aim to respond to all inquiries within 30 days.

If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (for Canadian residents), the Information Commissioner's Office (UK), your EU member state's data protection authority, or the California Privacy Protection Agency (for California residents), as applicable.