Rainbow Diversity Institute — Privacy Policy

Effective date: August 20, 2025
Who we are: Rainbow Diversity Institute (“RDI”, “we”, “us”, “our”), based in Ontario, Canada.
How to contact us: Use our contact form: https://rainbowdiversityinstitute.ca/contact/

This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our public website, Partner Portal, programs, and related services. It is written to align with Canadian privacy law (including PIPEDA) and to accommodate international users. This policy does not replace legal advice. Please have counsel review before publication.

1) Scope

This policy covers personal information processed by RDI when you:

  • Visit our website or Partner Portal (WordPress + MemberPress and other plugins);

  • Register a corporate Partner account or are added by your organization’s admin;

  • Access program resources (e.g., Learning Bites, Toolkits) or book coaching;

  • Communicate with us by email/forms, attend events, or receive updates;

  • Receive consulting or training services from RDI.

This policy does not cover third‑party websites or services that we do not control.

2) What we collect

A. Organization & account data

  • Organization name, type, website, operating budget range; primary and billing contacts; mailing address.

  • Member user data: names, emails, roles/job titles; login credentials (hashed); account preferences.

B. Program & service data

  • Resource access logs (e.g., Learning Bites viewed/downloaded), toolkit downloads, course progress.

  • Coaching bookings and session logistics (date, duration, participants).

  • Coaching notes (if any) created to support follow‑up and service quality. We ask that you avoid including highly sensitive personal details unless necessary for service delivery.

C. Transaction & billing data

  • Invoices, payment status, and tax records. We do not store full payment card numbers. Payments are processed by our payment providers.

D. Communications

  • Emails, contact‑form submissions, support requests, survey responses, and event registrations.

E. Device & usage data

  • IP address, device/browser type, pages viewed, time on page, referring URLs, and cookie identifiers for security, performance, and analytics.

Special categories/sensitive information: RDI does not seek to collect sensitive information (e.g., health, race, sexual orientation) through the website. Where sensitive information is voluntarily shared during coaching or consulting, we treat it as confidential and restrict access.

3) Why we use personal information

We process personal information to:

  1. Provide and administer the Partner Program (create accounts, authenticate users, deliver resources, enable team invites, and support admins);

  2. Deliver services (coaching, consulting, training, events) and maintain service quality;

  3. Operate the website and portal (security, fraud prevention, performance, troubleshooting);

  4. Billing and finance (invoicing, payment processing, accounting, tax compliance);

  5. Communications (respond to inquiries, send service notices, program updates, and operational emails);

  6. Improve content and services (usage analytics, feedback, surveys);

  7. Legal, compliance, and risk management (record‑keeping, contractual obligations, enforcement of terms, responding to lawful requests).

Legal bases/authority:

  • Under Canadian law (PIPEDA), we rely on your consent (including implied consent) and other permitted purposes that a reasonable person would consider appropriate in the circumstances (e.g., security, fraud prevention, debt collection).

  • For individuals in the EU/UK, we rely on contract, legitimate interests (e.g., service delivery, security, improvement), and consent where required (e.g., certain cookies/marketing).

4) Cookies and analytics

We use cookies and similar technologies to:

  • Keep you signed in and secure the portal (essential);

  • Remember preferences (functional);

  • Measure usage and improve content (analytics);

  • We do not use cookies for interest‑based advertising.

You can manage cookies through your browser settings. If required by your jurisdiction, a cookie banner will let you consent to or reject non‑essential cookies. Disabling certain cookies may impact portal functionality.

5) How we share information

We do not sell personal information. We may share personal information with:

  • Service providers/Processors who support our website, portal, scheduling, payments, communications, analytics, file storage, and security;

  • Your organization’s administrators (for corporate accounts, admins can see member names/emails and certain usage relevant to program delivery);

  • Professional advisors (legal, accounting, insurance) under duty of confidentiality;

  • Authorities where required by law, legal process, or to protect rights, safety, or security;

  • Successors in the event of a reorganization, merger, or similar transaction, subject to safeguards.

We require processors to use personal information only as instructed, to implement security measures, and to delete/return data upon termination, subject to legal retention.

6) International transfers

Our service providers may store or access personal information outside Canada (e.g., the United States or EU). Where applicable, we implement contractual and technical safeguards (such as Standard Contractual Clauses and access controls) to protect personal information during cross‑border transfers.

7) Retention

We keep personal information only as long as necessary for the purposes above or as required by law. Typical periods include:

  • Account & organization records: for the life of the account and up to 24 months after closure;

  • Coaching notes (if maintained): 24 months after the last session, unless otherwise requested by the client or required by law;

  • Invoices and tax records: 7 years (or longer if required by applicable tax law);

  • Security logs and analytics: up to 24 months, unless needed for investigation.

We will delete or de‑identify data when retention is no longer required.

8) Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including:

  • Encryption in transit (TLS), secure configuration, and access controls;

  • Least‑privilege access for staff and contractors with confidentiality obligations;

  • Monitoring, backups, and vendor due diligence.

No method of transmission or storage is 100% secure. If we become aware of a breach involving personal information, we will investigate and notify affected individuals and regulators as required by law.

9) Corporate Partner accounts

  • Corporate accounts are created or approved by RDI or by your organization’s admin.

  • Admins can invite team members, manage roles, and may access basic usage information necessary for service delivery (e.g., resource access, bookings).

  • Organizations are responsible for maintaining accurate user lists and for internal authorization of their users’ access.

  • If you believe an account was created without authorization, contact us immediately.

10) Coaching confidentiality

Coaching sessions are designed to be supportive and professional. RDI coaches maintain confidentiality except where disclosure is required to: (a) prevent or respond to a risk of serious harm; (b) comply with law or a court order; or (c) defend legal claims. Coaching is not medical, psychological, or legal advice.

11) Your rights

Canada (PIPEDA): You may request access to, or correction of, your personal information in our custody, withdraw consent (where consent is the basis), and raise questions about our privacy practices. We will respond within legally required timelines.

EU/UK residents: Subject to exceptions, you may have additional rights (erasure, restriction, portability, objection) and the right to lodge a complaint with your data protection authority.

US state residents (e.g., CA/CO/VA): You may have rights to access, delete, or correct personal information and to opt out of certain uses. RDI does not sell personal information or use it for targeted advertising. We will honor valid rights requests consistent with applicable law.

To exercise rights, contact Use our contact form: https://rainbowdiversityinstitute.ca/contact/. We may need to verify your identity and work with your organization’s admin for corporate accounts.

12) Third‑party processors (illustrative)

RDI uses reputable providers to run our services. The specific vendors used may change over time. Typical categories include:

  • Website & Portal: WordPress, MemberPress, hosting and CDN providers.

  • Payments & Billing: Payment processors and invoicing tools (e.g., Stripe, PayPal, QuickBooks or equivalents).

  • Scheduling: Coaching/session booking tools (e.g., Calendly or equivalents).

  • Communications: Email service providers and support tools (e.g., Microsoft 365/Google Workspace, Mailchimp/SendGrid, helpdesk tools).

  • Analytics & Security: Analytics platforms (e.g., Google Analytics) and security/caching plugins.

  • File storage & collaboration: Cloud storage providers.

We maintain internal records of our current processors and will provide additional information upon request where permitted.

13) Children’s privacy

Our website and Partner Portal are intended for organizational users and are not directed to children under 16. We do not knowingly collect personal information from children under 16.

14) Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy with a new effective date and, where appropriate, provide additional notice.

15) How to contact us or make a complaint

Contact: Use our contact form: https://rainbowdiversityinstitute.ca/contact/
Mailing jurisdiction: Ontario, Canada

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada. EU/UK residents may contact their local data protection authority.