Last updated: January 20, 2026
In this policy (hereinafter the "Policy"), "we", "our" and "us" refer to Amélio inc. (hereinafter "Amélio").
We are committed to collecting, using, disclosing, retaining and destroying the Personal Information of the users of our services, regardless of the nature of its medium and regardless of the form in which it is accessible, in accordance with the Policy.
This Policy applies in two contexts:
We use cookies on our website. By using our website or our service, you consent to the use of cookies. Our website incorporates privacy controls that affect how we will process your Personal Information. Using the privacy controls, you can specify whether you wish to receive direct marketing communications and limit the publication of your information. You can access the privacy controls through each marketing email we send. No marketing communication is sent to the employees of client organizations, unless they have voluntarily subscribed to our marketing communications through our website.
This policy also aims to disclose the roles and responsibilities of Amélio's staff members from the collection through to the destruction of your Personal Information.
If you have any questions regarding your Personal Information and, after reading the Policy, those questions remain, you may contact Amélio's officer in charge of the protection of Personal Information at the following email address: [email protected].
In this Policy, the following terms mean:
By accepting Amélio's services, you grant us your consent with respect to your Personal Information in accordance with this Policy.
By using our website or our service, you consent to the collection of your Personal Information and to the use of cookies.
Where required, Amélio relies on various legal bases for the processing of personal information, including in particular consent, the performance of a contract, compliance with legal obligations or legitimate interests, in accordance with applicable laws.
In this section, we have set out:
We may process data concerning your use of our website and our services (hereinafter "Usage Data"). The usage data may include your IP address, geographic location, browser type and version, operating system, referral source, length of visit, pages viewed and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analyzing the use of the site and services. The legal basis for this processing is our legitimate interest, namely the monitoring and improvement of our website and our services.
We may process the data of your website user account (hereinafter "Account Data"). The account data may include your name, occupation, age, email address and certain other demographic attributes. The source of the account data is: you or your employer. The account data may be processed for the purpose of operating our website, providing our services, ensuring the security of our website and our services, maintaining backups of our databases and communicating with you. The legal basis for these operations is: our legitimate interests, namely the proper administration of our website and our business, OR the performance of a contract between you, or your employer, and us. We may take steps, at your request, to enter into such a contract.
We may process your information included in your personal profile on our website (hereinafter "Profile Data"). The profile data may include your name, telephone number, email address, profile photos, gender, date of birth and employment details. The profile data may be processed for the purpose of enabling and monitoring your use of our website and our services. The legal basis for this processing is: our legitimate interests, namely the proper administration of our website and our business, OR the performance of a contract between you, or your employer, and us.
We may process your personal data that is provided in connection with the use of our services (hereinafter "Service Data"). The service data may include details about employees' employment. The source of the service data is: you or your employer. The service data may be processed for the purpose of providing our services, ensuring the security of our website and our services, maintaining backups of our databases and communicating with you. For data processed on behalf of our clients, processing is carried out according to the specific instructions of each client. The legal basis for this processing is the performance of a contract between you, or your employer, and us.
We may process information relating to our client relationships, including client contact information (hereinafter "Client Relationship Data"). The client relationship data may include your name, your employer, your title or position, your contact details and the information contained in the communications between us and you or your employer. The source of the client relationship data is: you or your employer. The client relationship data may be processed for the purpose of managing our client relationships, communicating with clients, keeping records of these communications and promoting our products and services to clients. The legal basis for this processing is our legitimate interest, namely the proper management of our client relationships.
We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website (hereinafter "Transaction Data"). The transaction data may include your contact details, your card details and the transaction details. The source of the transaction data is: you and/or our payment service provider.
We may process the information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (hereinafter "Notification Data"). The notification data may be processed for the purpose of sending you the corresponding notifications and/or newsletters. The legal basis for this processing is consent.
Please do not provide us with the Personal Information of another person, unless we invite you to do so and only on the condition that you have obtained that other person's consent to the disclosure of their Personal Information.
We want you to understand with whom we share the Personal Information that we collect about you or when you use Amélio's services. Accordingly, Amélio shares your Personal Information with the following persons:
These providers may include, but are not limited to, cloud infrastructure providers (for example, Microsoft Azure and Amazon Web Services), application and network security and protection service providers (for example, Cloudflare), as well as third-party system integration providers when the client organization chooses to enable these features (for example, GetKnit, for integration with human resources information systems).
When Amélio discloses personal information to such processors, appropriate contractual, technical and organizational measures are put in place to ensure the confidentiality, security and compliance of the processing of personal information, in accordance with applicable laws.
Financial transactions relating to our website and our services may be processed by our payment service provider Stripe. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding such payments and handling complaints and queries relating to these payments and refunds. You can find information about the privacy policies and practices of the payment service providers at https://stripe.com/fr-ca/privacy.
In addition to the specific disclosures of Personal Information set out in this section, we may disclose your Personal Information where such disclosure is necessary to comply with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Information where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in the context of judicial proceedings or administrative or out-of-court proceedings.
In other cases, Amélio must obtain your consent in order to disclose or transmit your Personal Information to a third party that is not covered by this Policy, except where we are justified in doing so under an exception provided for in the Act.
Amélio undertakes to inform the client concerned as soon as such a request is received, unless a legal prohibition prevents us from doing so. We apply a strict process for analyzing these requests in order to ensure their legitimacy and their compliance with applicable regulations and our contractual commitments. If a request is deemed abusive or non-compliant with legal requirements, we reserve the right to contest it.
When a disclosure of personal information is required to a jurisdiction outside that of the client organization, Amélio carries out a risk assessment in order to ensure that the data benefits from an adequate level of protection. This analysis makes it possible to adapt the protection measures and ensure compliance with applicable legal requirements.
This section is intended for the users of client organizations who access the Amélio platform through the secure interface (app.amelio.co). As a workplace engagement, recognition and survey platform, Amélio processes personal information in connection with the provision of its services. This processing is carried out in accordance with Law 25 (Quebec), the General Data Protection Regulation (GDPR), and the Personal Information Protection and Electronic Documents Act (PIPEDA).
The Recognition and Colab modules allow users to share content that may include personal information. You can choose to make your messages public to your team or to your entire organization, or to keep them private. Participants' names and titles may be visible depending on the settings chosen. You can also post anonymously in Colab. These settings are customizable in your profile or by the administrator of your organization.
Automated announcements may be sent to your manager and/or your colleagues to mark your birthday or your years of service in the organization. You can configure your preference for these announcements in your user profile.
If you have provided your mobile phone number in your user profile, it may be used to send you a link to a survey by text message (SMS). This service is provided by our messaging provider Twilio Sendgrid, located outside Quebec. Twilio complies with international information security standards (GDPR, SOC2, ISO 27001 certifications) and is subject to a privacy impact assessment.
Amélio offers certain features based on artificial intelligence technologies in order to help its clients analyze information on an aggregated basis and support human decision-making.
In connection with these features:
The data provided in connection with these features is not used to train or improve the artificial intelligence models operated by Amélio, unless otherwise indicated and explicitly documented and governed in accordance with applicable legal obligations.
Additional information about these features is available in the dedicated documentation, including the AI fact sheets and the applicable impact assessments.
Your user profile contains attributes such as name, role, team, or other information provided by your organization. The administrator may choose to hide certain attributes in the recognition and suggestion modules. If an attribute is hidden, it will not be visible in your profile to other employees.
Your personal information is retained for as long as your organization maintains an active account with Amélio. You may request at any time:
These requests may be made:
When Amélio acts as a processor, requests relating to the rights of the persons concerned are handled in accordance with the instructions of the client organization, which remains the controller.
Your Personal Information may be disclosed outside Quebec. Where applicable, Amélio undertakes to carry out a privacy impact assessment and to make the disclosure only if the assessment demonstrates that the Personal Information disclosed benefits from adequate protection. In that case, the disclosure of the Personal Information is the subject of a written agreement that takes into account the results of the said assessment and any terms agreed upon in order to mitigate the risks identified in the course of that assessment.
Your Personal Information contained in the database of our website will be stored on the servers of our hosting service providers. The hosting facilities of our website are located in Canada or the United States. Transfers to each of these countries will be protected by appropriate safeguards. However, in accordance with our security policy, all Personal Information processed on behalf of our clients is hosted in secure environments located in Canada, primarily in Quebec, with encrypted backup copies kept in other Canadian regions in order to ensure the availability and resilience of the services.
You acknowledge that the Personal Information that you submit for publication (such as blog comments) through our website may be available, via the Internet, worldwide. We cannot prevent the use (or misuse) of such Personal Information by others.
In connection with certain communications by email or SMS, limited information (email addresses and/or telephone numbers) may be transferred to Twilio Sendgrid, our messaging provider located in the United States, or to any other provider doing business with Amélio from time to time. This transfer is strictly limited to the information necessary to facilitate these communications, and appropriate protective measures, including technical safeguards, are put in place to ensure the security and confidentiality of the data during its processing.
Amélio's client organization is responsible for informing its employees or end users that their information (email address and/or telephone number) may be transmitted to Twilio Sendgrid, or to any other provider doing business with Amélio from time to time, in connection with communications. Since the preferred method of communication is left to the discretion of the client organization, the latter assumes responsibility for informing its employees or end users, in accordance with regulatory requirements and the principles of transparency.
In this section, we set out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations regarding the retention and deletion of Personal Information.
The Personal Information that we process for any purpose will not be retained for longer than necessary. When the purposes for which your Personal Information was collected are fulfilled, it will be destroyed or anonymized by Amélio, subject to any retention period provided for by the Act.
We will retain your Personal Information as follows:
If you hold an account with Amélio, we do not delete the data in your account – you are responsible for and control the periods during which you retain that data. An email may be sent to [email protected] to delete data at the account level (all data in your account) and at the user level. If you respond to a survey, you will need to ask your employer how long your responses will be retained in Amélio's services.
We may retain some of the information recorded in your account for analytical and accounting purposes, as well as for the purposes of the integrity of record-keeping and fraud prevention, the collection of fees due, the enforcement of the terms of use, the taking of any measure that Amélio deems necessary to protect the integrity of the website or its users, or any other measure permitted by the Act.
Notwithstanding the other provisions of this section, we may retain your Personal Information where such retention is necessary to comply with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
If some of your information has been provided, with your consent, to third parties, the use and retention of your information will be subject to the policy of those third parties and the Company cannot in any way be held responsible.
We will take appropriate technical and organizational precautions to secure your Personal Information and prevent the access, disclosure, loss, misuse or alteration of it.
We will store all of your Personal Information on secure servers and in secure manual record-keeping systems.
The following Personal Information will be in encrypted form in the database: password(s). We will not store cardholder data. All Personal Information is stored on servers using encryption at rest.
The data relating to your requests and financial transactions that is sent from your web browser to our web server, or from our web server to your browser, will be protected using encryption technology.
Although Amélio takes the security measures required by the Act, no security device is infallible. You therefore understand and accept:
Amélio applies a strict procedure to handle any request for access to or disclosure of personal information, whether it comes from:
Our handling process includes the following steps:
Clients with questions about this process may contact our Personal Information Protection Officer at the following address: [email protected].
In this section, we have summarized the rights that you have under the Act. Some rights are complex and not all details have been included in our summaries. Consequently, you should read the relevant laws and the guidance of the regulatory authorities for a full explanation of these rights.
Your main rights under the Act are:
You have the right to confirm whether or not we process your Personal Information and, where applicable, to access the Personal Information, as well as certain additional information. When you hold an account with an Amélio service, you are entitled to a copy of all the Personal Information that we hold about you. You also have the right to request that we restrict the way we use your data or that we object to certain aspects of our processing of your data. You can access much of your data in your own account when you log in. However, if you wish to obtain a full copy of all your data or request a restriction/limitation in the way we use your data, please contact us at [email protected].
You have the right to have any inaccurate Personal Information about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Information about you completed.
In certain circumstances, you have the right to erase your Personal Information without undue delay. These circumstances include: the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw your consent to consent-based processing; you object to the processing under certain rules of the applicable data protection legislation; the processing is for direct marketing purposes; and the Personal Information has been processed unlawfully. However, there are exclusions from the right to erasure. The general exclusions include, where the processing is necessary: to exercise the right to freedom of expression and information; to comply with a legal obligation; or for the establishment, exercise or defence of legal claims.
In certain circumstances, you have the right to restrict the processing of your Personal Information. These circumstances are: you contest the accuracy of the Personal Information; the processing is unlawful, but you object to erasure; we no longer need the Personal Information for the purposes of our processing, but you need the Personal Information for the establishment, exercise or defence of legal claims; and you have objected to the processing, pending verification of that objection. Where the processing has been restricted on this basis, we may continue to store your Personal Information. However, we will only process it otherwise with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your Personal Information on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any public authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the Personal Information, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to the processing of your Personal Information for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your Personal Information for this purpose.
You have the right to object to our processing of your Personal Information for scientific or historical research purposes or for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest or your Personal Information is removed and redacted.
To the extent that the legal basis for our processing of your Personal Information is:
To the extent that the legal basis for the processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of the processing before the withdrawal.
Our website includes hyperlinks that provide access to the websites of other companies that are not subject to the terms of this Policy. We have no control over, and are not responsible for, the privacy policies and practices of other companies.
Third-party websites may request and collect information about you, including Personal Information, and in certain cases inform us of your activities on those websites. We recommend that you consult the privacy policy of each third-party website that you visit by clicking on the "Privacy Policy" link generally located at the bottom of the web page that you are viewing.
Our website and our services are intended for persons over the age of 16. If we have reason to believe that we hold the Personal Information of a person under this age in our databases, we will delete that Personal Information.
Please let us know if the Personal Information that we hold about you needs to be corrected or updated.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless it is deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user's session, when the web browser is closed.
Cookies generally do not contain any information that personally identifies a user, but the Personal Information that we store about you may be linked to the information stored in and obtained from cookies.
We use cookies for the following purposes:
We use Google Analytics. Google Analytics collects information about the use of our website by means of cookies. The information collected is used to create reports about the use of our website. You can learn more about Google's use of information by visiting https://www.google.com/policies/privacy/partners/ and you can consult Google's privacy policy at https://policies.google.com/privacy.
We use Microsoft Clarity. Microsoft Clarity collects information about the use of our website by means of cookies and similar technologies. The information collected is used to analyze the use of the website, improve its performance and the user experience, in particular by means of behavioural analytics such as clicks, scrolling and interactions with pages. You can learn more about Microsoft Clarity's use of information by consulting its applicable terms and policies at the following address: https://clarity.microsoft.com/terms.
We use a Facebook pixel on our website. Using the pixel, Facebook collects information about users and the use of our website. The information is used to personalize Facebook advertisements and to analyze the use of our website. To learn more about the Facebook pixel and Facebook's use of Personal Information in general, consult Facebook's cookie policy at https://www.facebook.com/policies/cookies/ and Facebook's privacy policy at https://www.facebook.com/about/privacy. Facebook's cookie policy includes information about controlling Facebook's use of cookies to show you advertisements. If you are a registered Facebook user, you can adjust ad targeting by following the instructions at https://www.facebook.com/help/568137493302217.
Our service providers use cookies and these cookies may be stored on your computer when you visit our website.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from one browser to another and from one version to another. You can, however, obtain up-to-date information about blocking and deleting cookies through these links:
Blocking all cookies will have a negative impact on the usability of many websites.
If you block cookies, you will not be able to use all the features of our website.
Amélio may, at its discretion, amend the Policy from time to time by publishing a new version on our website. If a significant change is made to the Policy, you will be informed of it, where applicable.
Once you have been informed, continued use of the services provided by Amélio, after the amended Policy takes effect, constitutes your consent to this Policy as amended.
If you consider that the processing of your Personal Information infringes the Act, you have a legal right to lodge a complaint with a supervisory authority responsible for the protection of information.
For any complaint relating to the protection of your Personal Information or its use by Amélio, please contact our Officer at the following address: [email protected]. The Officer will respond to your complaint by email as soon as possible.
If you reside in the European Union and you are not satisfied with the way we have handled a complaint that you submitted to us, you have the right to contact your local data protection supervisory authority.
Only employees authorized by the Company have access to your Personal Information. Authorized employees means the employees of the Company who need to know or access your Personal Information to enable the Company to provide its services.
The Officer ensures compliance with and the implementation of this Policy. The Officer also ensures that all authorized employees of the Company have read the Policy and that they use Personal Information in accordance with the provisions hereof.
In the event of any inconsistency between this Policy and the Act, the provisions of the latter shall prevail.