Last updated: October 2, 2025

This Privacy Policy explains how Forge: Centre for Dignity-Driven Leadership (“Forge,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information when you use our website at learn.forgecentre.com and any related courses, tools, communities, and materials (collectively, the “Services”). It also describes your privacy rights and choices.

By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

Summary of our Privacy Policy

• We collect the minimum we need to run an effective learning platform.

• We don’t sell your personal information or share it for targeted advertising.

• We ask you not to post Personal Health Information; we are an education platform, not a clinic.

• You control your marketing preferences and many cookie settings.

• You can access and correct your information, and you have additional rights depending on where you live.

1) Who we are & scope

Forge is a Canadian organization based in Alberta. We provide online courses, tools, and community spaces that help people build dignity-driven leadership in workplaces and communities. This Policy applies to personal information we collect through the Services and through our communications with you (for example, email support).

This Policy does not apply to third-party websites or services that may be linked from our Services. Their privacy practices are their own.

2) Key definitions

• Personal information: Information about an identifiable individual (alone or combined with other information).
  
  

• PHI (personal health information): Health information as defined under applicable Canadian law (e.g., Ontario PHIPA).
  
  

• User Content: Content you upload or share via the Services (e.g., posts, assignments, messages).
  
  

• Customer: An organization (e.g., your employer) that purchases seats or otherwise provides you access to the Services.
  
  

3) What we collect

A. Information you provide directly

• Account & profile: name, email, password, role, organization, location (e.g., city/province), time zone, and any optional profile details you submit.
  
  

• Course activity: enrollments, progress, completion, reflections/assignments, certifications, surveys, and feedback.
  
  

• Community features: posts, comments, messages, reactions, and any files you upload.
  
  

• Support & communications: help requests, email or in-product messages, and content of your communications with us.
  
  

• Payment information: We receive limited billing information (e.g., amount, timestamp, last four digits) from our payment processor; we do not receive or store full credit-card numbers.
  
  

B. Information collected automatically

• Device & usage: IP address, device/browser type, operating system, pages viewed, time spent, referring/exit pages, crash reports, and similar usage data.
  
  

• Cookies & similar technologies: Cookies, local storage, and similar tools that help operate, secure, and measure the Services. See Section 10 (Cookies & tracking) for details.
  
  

C. Information from others

• Organization accounts (if a Customer, eg your employer, provides your access): we may receive your name, email, role, team, and seat assignment from your organization’s administrator.
  
  

• Learning records for organizations: where a Customer, eg your employer, sponsors your access, we may share back limited learning records (e.g., enrollment, progress, completion, hours) with that Customer to operate the Services and fulfill the Customer’s program requirements.
  
  

• Service providers & partners: we may receive analytics or anti-abuse signals from vendors operating on our behalf (see Section 6).
  
  

D. Special category notice – PHI

The Services are educational, not clinical. Please do not submit personal health information (PHI) to the Services. We are not a “health information custodian” under Ontario’s PHIPA. If you nevertheless submit PHI, we may process it only as needed to identify, isolate, and delete it from our systems, and we may ask you not to post such information again.

4) How we use personal information (purposes)

We use personal information to:

1. Provide and operate the Services (create accounts, enroll you in courses, enable community features, issue certificates).
   
   

2. Personalize and improve the Services (content recommendations, UX improvements, surveys, troubleshooting, analytics).
   
   

3. Secure the Services (fraud/abuse detection, debugging, logging, enforcing our Terms).
   
   

4. Communicate with you (account notices, service updates, transactional messages).
   
   

5. Marketing (consent-based) (newsletters, new course announcements, and events; you can opt out at any time).
   
   

6. Comply with law (legal requests, regulatory obligations, and to protect our rights and users).
   
   

7. Business continuity (backups, archiving, and disaster recovery).
   
   

8. Research & insights—using de-identified or aggregated information to understand engagement and outcomes and to improve program quality.
   
   

Where required (e.g., EEA/UK), our lawful bases include performance of a contract, legitimate interests (e.g., platform security and improvement), consent (e.g., marketing cookies/emails), and legal obligations.

5) No selling; no cross-context ads; AI model training stance

• We do not sell your personal information.
  
  

• We do not share personal information for cross-context behavioural advertising.
  
  

• We do not use your private User Content to train general-purpose AI models without your explicit, opt-in consent. We may use automated tools to detect spam or abuse.
  
  

6) How we disclose personal information

We disclose personal information only as described below:

• Service providers (processors): companies that host our platform, provide analytics, email delivery, customer support, payment processing, security, and similar services. They may access personal information only to perform services for us under contract and must protect it.
  
  

• Organization (Customer) access: if a Customer, eg your employer, sponsors your access, we may disclose your name, email, account status, and learning progress/completion metrics to the Customer’s administrators.
  
  

• Community visibility: posts and profile information you share in Community Features may be visible to other participants; please do not share sensitive information about yourself or others.
  
  

• Legal, safety, and compliance: where required or permitted by law, to comply with legal process, enforce our Terms, or protect our rights, users, or the public.
  
  

• Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and continued protection of personal information.
  
  

7) International transfers

We may store and process information in Canada, the United States, and other countries. These locations may have privacy laws different from those where you live. Where required, we implement appropriate safeguards for cross-border transfers (for example, contractual protections). By using the Services, you understand that your information may be processed in these locations.

8) Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, to meet legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. Retention periods vary by data type (e.g., transactional records and audit logs may be retained longer than forum posts). We delete or de-identify information when it is no longer needed.

9) Security

We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, least-privilege practices, vendor due diligence, and staff training. No security controls are perfect; we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

10) Cookies & tracking

We use:

• Strictly necessary cookies (essential platform operations such as authentication and security).

• Functional cookies (remembering preferences like time zone or progress in a course).

• Analytics cookies (to measure usage and improve performance).

You can manage cookies through your browser settings and, where available, our in-product cookie settings. Blocking cookies may impact some features. We do not use third-party advertising cookies for cross-site behavioural ads.

11) Your choices

• Account & profile: You can update certain account details in your profile.

• Communications: You can unsubscribe from marketing emails via the link in the message or by contacting us; we may still send transactional/service emails.

• Cookies: Adjust browser or in-product settings.

• Community: You can edit or delete your posts (subject to reasonable technical limits, backups, or legal requirements). Others may have seen or copied your content before removal.
  
  

12) Your rights

Your rights depend on your location. We will honour requests as required by applicable law and, where feasible, beyond legal minimums.

A. Canada (PIPEDA)

• Access & correction: Request access to and correction of your personal information.

• Withdraw consent: Where processing is based on consent (e.g., marketing), you may withdraw consent at any time.

B. Quebec residents (Law 25)

• Access & rectification of personal information.

• Data portability: Request a copy of certain personal information in a commonly used format where applicable.

• Person in charge of personal information: See Section 16 for contact details.

C. EEA/UK residents (GDPR)

• Rights: Access, rectification, erasure, restriction, portability, and objection (including to processing based on legitimate interests and to direct marketing).

• Automated decisions: We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

D. U.S. state privacy laws 

• Depending on your state, you may have rights to access, delete, correct, or opt-out of certain processing. We do not sell personal information or share it for cross-context behavioural advertising.

Exercising rights: Email [email protected]. We may need to verify your identity. If we cannot comply with your request, we will explain why, subject to legal restrictions.

Complaints: You may contact the Office of the Privacy Commissioner of Canada (OPC) or your provincial/territorial privacy regulator. EEA/UK users may contact their Data Protection Authority.

13) Children’s privacy

The Services are intended for adults. You must be 18 or older to create an account. We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us and we will take appropriate steps to delete it.

14) Community features & public areas

Content you post in Community Features may be visible to other participants. Do not share PHI or confidential information about yourself or others. While we may moderate or remove content that violates our Terms, we do not continuously monitor all activity.

15) Do not submit PHI; no clinical use

The Services are educational only. Do not submit personal health information (PHI) or use the Services to seek medical diagnosis, treatment, or legal advice. If you submit PHI, we may process it only to identify, isolate, and delete it. We are not a health information custodian under Ontario PHIPA and not a clinical service or crisis hotline. In an emergency, call your local emergency number.

16) Contact information & person in charge

• General & privacy requests: [email protected] or [email protected]

• Legal/copyright: [email protected]

• Mailing address: Forge: Centre for Dignity-Driven Leadership, [Insert physical mailing address]

Person in charge of personal information (Quebec Law 25): Privacy Officer, reachable at [email protected] (or by mail at the address above).

17) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., in-product notice or email). Changes take effect on the “Last updated” date above unless otherwise stated. Your continued use of the Services after changes take effect constitutes acceptance.

18) Language

This Policy is provided in English. If we provide translations, the English version controls to the extent of any conflict.