Privacy
Privacy Policy
Last updated: 10 July 2026
ImageForge AI Inc. ("ImageForge AI", "we", "us", "our") respects your privacy and is committed to protecting personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. This Privacy Policy explains what we collect, why we collect it, how we use and disclose it, and the choices available to you.
1. Organization identity & Privacy Officer
ImageForge AI Inc. is a Canadian corporation operating an AI image-generation creative studio from 245 Carlaw Avenue, Suite 104, Toronto, ON M4M 2S6, Canada. Business Number: 736 018 452 RC0001.
Our Privacy Officer can be reached at [email protected] or by mail at the address above. For general enquiries, contact [email protected] or +1 (416) 792-3648.
2. Scope
This policy applies to personal information collected through imageforgeai.pro, email and phone communications, client contracts, and in-person visits to our Toronto studio. It does not apply to third-party websites linked from our pages. We encourage you to review the privacy practices of any external site you visit.
3. What personal information we collect
Depending on your relationship with us, we may collect:
- Contact and identity data: name, job title, company name, email address, phone number, billing address.
- Enquiry and project data: messages submitted through our contact form, brief details, timelines, budget ranges, and correspondence related to project scope.
- Client reference and image data: brand assets, product photography, likeness releases, and training reference material you provide for generative imaging work. This may include images of identifiable individuals when you supply them with appropriate consent documentation.
- Technical data: IP address, browser type, device information, pages visited, and cookie identifiers when you use our website (see our Cookie Policy).
- Payment data: invoicing records and transaction references. We do not store full credit card numbers on our servers; payments are processed by third-party payment processors bound by their own privacy terms.
We do not buy or sell personal data or personal images. We do not collect information through deceptive means.
4. Purposes of collection and use
We collect and use personal information for purposes that a reasonable person would consider appropriate in the circumstances, including:
- Responding to enquiries and providing quotes for AI image-generation and art-direction services;
- Performing contracted creative work — art direction, generative imaging, retouching, and delivery;
- Managing client accounts, invoicing, and payment follow-up;
- Documenting licensing, consent, and usage rights associated with reference material and deliverables;
- Complying with legal obligations and defending legal claims;
- Improving our website and understanding aggregate traffic patterns when analytics cookies are consented to;
- Communicating service updates, policy changes, or project milestones relevant to active clients.
We will not use your personal information for purposes materially different from those described here without obtaining additional consent, except where permitted or required by law.
5. Legal bases and consent
Under PIPEDA, we rely primarily on meaningful consent. When you submit our contact form, you must actively check a consent box — it is never pre-selected. Consent may also be implied in limited circumstances where the purpose is obvious and you voluntarily provide information (for example, emailing us directly with a project brief).
You may withdraw consent for non-essential processing at any time, subject to legal or contractual restrictions. Withdrawal may limit our ability to provide services. To withdraw consent, contact the Privacy Officer.
We may process information without consent where required by law — for example, responding to a valid court order or protecting life, health, or security.
6. Client images, references, and likeness data
Creative projects require you to supply reference images, brand assets, and sometimes likeness releases for talent appearing in generated imagery. We treat this material as confidential client data unless you instruct otherwise in writing.
Reference files are stored on access-controlled systems for the duration of the project and any agreed retention period thereafter. Training datasets used for custom style models are documented with source, licence, and consent status. We delete or return project files according to contract terms — typically within ninety days of final delivery unless a longer retention period is agreed for retainer clients.
If you upload or provide images containing personal information about third parties (for example, employee headshots), you represent that you have obtained all necessary consents and licences for us to use that material for the agreed generative purpose.
7. Disclosure to third parties
We do not sell personal information. We may disclose information to:
- Service providers who assist with hosting, email delivery, cloud storage, accounting, and payment processing — under contracts requiring them to protect information and use it only for specified purposes;
- Sub-processors involved in generative imaging infrastructure (cloud GPU providers, model hosting) when client work requires it — with data handling governed by project agreements;
- Professional advisers (lawyers, accountants) bound by confidentiality obligations;
- Law enforcement or regulatory bodies when required by valid legal process.
8. Cross-border processing
Some service providers may process or store data outside Canada, including in the United States. When personal information is transferred cross-border, it may be subject to the laws of the destination country and accessible to foreign authorities under those laws. We assess provider safeguards and use contractual protections where appropriate. Details of sub-processors relevant to your project are available on request.
9. Retention
We retain personal information only as long as necessary for the purposes described in this policy or as required by law:
- Contact form submissions: up to twenty-four months after last contact unless an active client relationship exists;
- Client project files and correspondence: per contract terms, typically three to seven years for business records;
- Cookie consent preferences: up to six months in browser local storage;
- Analytics data: per vendor retention schedules when consented, typically thirteen to twenty-six months aggregated.
When information is no longer required, we securely delete or anonymize it.
10. Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of information we hold — including access controls, encrypted transmission where supported, staff confidentiality training, and secure disposal practices. No method of transmission or storage is completely secure; we cannot guarantee absolute security but we work to reduce risk commensurate with our size and the nature of our services.
11. Your rights under PIPEDA
Subject to limited exceptions, you have the right to:
- Request access to personal information we hold about you;
- Request correction of inaccurate or incomplete information;
- Withdraw consent where processing is consent-based;
- Challenge our compliance with PIPEDA.
Submit access or correction requests to the Privacy Officer. We will respond within thirty days unless an extension is permitted. We may verify your identity before releasing information. There is no fee for reasonable requests; we may charge a minimal fee for excessive or repetitive requests as permitted by law.
12. Office of the Privacy Commissioner of Canada
If you believe we have not addressed your privacy concern satisfactorily, you may contact the Office of the Privacy Commissioner of Canada (OPC):
Website: www.priv.gc.ca
Toll-free: 1-800-282-1376
13. Cookies and similar technologies
Our website uses cookies as described in our Cookie Policy. Non-essential cookies are placed only after you provide consent through our cookie banner. You may change preferences at any time by clearing site data or contacting us.
14. Children
Our services are directed to business clients and creative professionals. We do not knowingly collect personal information from individuals under sixteen without parental or guardian consent. Contact us if you believe we have inadvertently collected such information.
15. Changes to this policy
We may update this Privacy Policy to reflect changes in practice or legal requirements. The "Last updated" date at the top will change accordingly. Material changes affecting active clients will be communicated where appropriate. Continued use of our website after posting constitutes acceptance of the updated policy for non-contractual interactions.
16. Questions about this policy
If anything in this Privacy Policy is unclear, or if you need help exercising your access or correction rights, email the Privacy Officer at [email protected] with the subject line "Privacy request". We aim to acknowledge enquiries within five business days and resolve straightforward requests within thirty days as PIPEDA requires.
17. Change log
- 10 July 2026 — Initial publication.