Privacy Policy — Nivara
This Privacy Policy explains how Nivara (operating at jcinova.tech) collects, uses, stores, discloses and protects personal information of visitors, course participants and partners. We focus on minimizing data collection, using information only to provide our learning services, support administrative needs, and comply with legal obligations. This document outlines rights available to individuals, retention practices, transfer safeguards, and contact points for privacy-related requests. Our approach reflects applicable Canadian privacy principles and relevant international frameworks where appropriate.
Key definitions
The terms below are used throughout this policy to describe common concepts related to personal information and how we process it.
- Personal data means any information relating to an identified or identifiable individual, such as name, contact details, billing information, course progress and interaction logs.
- Processing refers to any operation performed on personal data, including collection, recording, storage, retrieval, consultation, use, disclosure, alteration and deletion.
- User denotes any individual who visits jcinova.tech, registers for courses offered by Nivara, subscribes to communications, or otherwise interacts with our services.
- Service means the learning platforms, course materials, assessments, email communications, community forums and administrative systems operated by Nivara to deliver personal mastery and self-development programs.
- Cookies are small files placed on a device to help the website remember preferences and interactions. Similar technologies include local storage and tracking pixels used to improve service delivery.
Data collection and categories
We collect only data necessary to deliver courses, manage accounts, ensure platform security and meet legal obligations. Collection methods include direct user input, automated collection from devices and information received from third-party service providers.
Data you provide directly
Information you submit when registering, purchasing, or communicating with Nivara. We limit required fields to those essential for service delivery.
- Contact details: full name, email address, postal address (if needed for billing or certificates).
- Account and authentication data: username, hashed password, and account preferences.
- Billing and transaction information: payment method identifiers, billing address and records necessary for invoicing and compliance.
- Course participation data: enrollments, assessment results, completion status and user-submitted assignments.
- Communications: support requests, feedback, and messages platform with instructors or staff.
- Optional profile information: professional background, learning goals and consented demographic data used to tailor learning recommendations.
Data collected automatically
When you use our services, certain information is collected automatically to maintain, secure and improve the platform. We keep this collection proportionate and focused on operational needs.
- Usage data: pages visited, session timestamps, feature interactions and course navigation patterns.
- Technical data: IP address (for security and geolocation), device type, operating system and browser version.
- Performance metrics: error reports, loading times and resource usage to help optimize platform reliability.
- Analytics identifiers: unique browser or device identifiers used to analyze aggregate usage and improve the learning experience.
- Security logs: authentication attempts and security events to detect and mitigate misuse.
- Cookies and similar identifiers described in the cookies section below.
Information from third parties
We may receive data from service providers and partners necessary to provide and improve our services. Any third-party transfers are governed by contracts that require appropriate protections.
- Payment processors: limited payment identifiers and transaction records to complete purchases and maintain accounting records.
- Analytics and platform providers: aggregated and pseudonymized analytics to understand usage and improve course design.
- Identity verification and fraud prevention services where risk-based checks are needed to protect users and the platform.
Purposes of processing
We process personal data only for specific, explicit and legitimate purposes. Each purpose is supported by a lawful basis and limited to what is necessary.
- Delivering learning services: enrollments, course access, assessments and certification issuance.
- Account administration: onboarding, authentication, profile management and customer support.
- Payment processing and billing reconciliation for course fees and refunds.
- Platform maintenance and security: protecting accounts, detecting abuse and ensuring service continuity.
- Improving educational content and features through aggregated usage analysis and feedback.
- Regulatory compliance and legal obligations such as tax and recordkeeping requirements.
- Communications about courses, updates and optional educational recommendations where consent has been obtained.
- Responding to lawful requests from authorities or defending legal claims when necessary.
Legal bases for processing
We rely on appropriate legal grounds when processing personal data, which vary by activity and jurisdiction. Those grounds include contractual necessity, legitimate interests, consent and compliance with legal obligations.
- Performance of a contract: processing required to provide and manage your course enrollment and related services.
- Legal obligation: processing necessary to comply with laws, such as business records and reporting duties.
- Legitimate interests: processing for security, platform improvement, fraud prevention and maintaining service integrity, balanced against individual rights.
- Consent: where we request opt-in permission for marketing communications or optional profiling, users may withdraw consent at any time.
EU/EEA data subjects (GDPR) considerations
For individuals located in the EU/EEA, Nivara recognizes the rights conferred by the GDPR and seeks to honor those rights consistent with local legal requirements and the nature of our educational services.
- Right of access: you may request confirmation of processing and access to personal data we hold about you.
- Right to rectification: you may request correction of inaccurate or incomplete personal data.
- Right to erasure: where applicable, you may request deletion of personal data, subject to retention obligations and legitimate interests.
- Right to restrict processing: you may ask us to limit processing in certain circumstances while a dispute is resolved.
- Right to data portability: where applicable, you may request a copy of your data in a structured, machine-readable format.
- Right to object: you may object to processing based on legitimate interests or direct marketing; we will assess and respond in accordance with law.
Cookies and similar technologies
Nivara uses cookies and similar technologies to enable core functionality, secure the platform and analyze usage. You can manage cookie preferences via your browser and device settings as described below.
We use session cookies for immediate functionality, persistent cookies for remembered preferences, and third-party cookies for analytics and integrations. Cookies do not generally contain personal information beyond identifiers tied to account records.
Categories include: essential cookies (required for platform operation), performance and analytics cookies (improve services), and functional cookies (remember user preferences). Marketing cookies are used only with explicit consent.
Most browsers allow you to block or delete cookies via settings. Blocking essential cookies may prevent access to some features. To manage consent for non-essential cookies, use the consent tool available on jcinova.tech or adjust your browser preferences.
Read our Cookie Policy for a detailed list of cookies and their purposes.
Data sharing and disclosures
We share personal data only with service providers and partners that perform functions on our behalf, or where disclosure is required by law. Contractual safeguards and data minimization are applied to all disclosures.
- Service providers: cloud hosting, analytics, email delivery and payment processors necessary for core operations.
- Professional advisors: legal, accounting and auditors when required to meet regulatory and business obligations.
- Authorities and law enforcement: where required by law or to respond to valid legal processes.
- Academic and research partners: only with aggregated or anonymized datasets unless explicit consent is obtained.
- Business transfers: in the event of a merger, acquisition or asset sale, personal data may be transferred subject to contractual protections.
- Community features: information you choose to share in public forums or course discussions may be visible to other participants.
International transfers
Nivara is based in Canada but uses service providers in multiple jurisdictions. When personal data is transferred outside Canada, we apply legal safeguards such as standard contractual clauses, careful vendor selection, and measures aligned with applicable data protection standards.
Where transfers occur, we rely on contractual commitments, encryption, access controls and, when available, recognized transfer mechanisms to maintain an appropriate level of protection for personal data.
Data retention
We retain personal data only for as long as necessary to fulfill processing purposes, meet contractual and legal obligations, resolve disputes and enforce agreements. Retention durations are reviewed periodically.
Account records and profile data are retained for the duration of your active relationship with Nivara and for a reasonable period thereafter to meet tax, audit and regulatory requirements.
Support and communication records are retained to ensure service continuity and to address any follow-up inquiries; retention periods are limited and assessed against operational needs.
Security and access logs are retained for a defined period for incident response, fraud prevention and security monitoring, then archived or deleted in accordance with our retention schedule.
When data is no longer required, we securely delete or irreversibly pseudonymize information. Requests to delete data are honored subject to legal or contractual constraints and legitimate business needs.
Security measures
Nivara implements administrative, technical and physical measures proportionate to the sensitivity of data processed. Our security program includes regular risk assessments, staff training, access controls and incident response procedures to protect personal information.
- Data encryption in transit (TLS) and at rest where appropriate.
- Role-based access control, multi-factor authentication for administrative access and least-privilege principles.
- Regular backups, vulnerability scanning and a documented incident response plan to detect and mitigate security events.
Your rights
Individuals have rights to access, correct, restrict or delete their personal data where applicable. Requests will be processed in accordance with applicable law and after verification of identity to protect against unauthorized disclosures.
- Access: request a copy of the personal data we hold about you and information about its processing.
- Rectification: request corrections to inaccurate or incomplete personal data.
- Erasure and restriction: request deletion or limitation of processing subject to legal and contractual constraints.
- Objection and portability: object to certain processing activities and request portability of data when technically feasible.
- Restrict processing: request the limitation of how Nivara processes specific personal data when accuracy or lawful grounds are in question.
- Data portability: request a machine-readable copy of personal data that you provided to Nivara, where technically feasible.
- Withdraw consent: withdraw previously given consent for specific processing activities without affecting processing prior to withdrawal.
- Lodge a complaint: file a complaint with a competent data protection authority if you believe your rights under applicable law have been infringed.
How to Exercise Your Privacy Rights
To exercise any of the rights listed in this policy, contact Nivara by email or post using the contact details below. Provide a clear description of the request and include sufficient information to verify your identity. For requests relating to specific transactions or accounts, include relevant reference numbers or course names to help us locate the data efficiently.
We typically acknowledge receipt of rights requests within five business days and aim to provide a substantive response within 30 calendar days. Complex requests or those requiring verification may take longer; we will keep you informed if an extension is needed.
Marketing Communications
Nivara may use personal contact details to send informational and promotional communications about courses, events, and resources relevant to personal mastery and professional development. Communications are based on consent or legitimate interest where permitted by applicable law. Email campaigns include clear opt-out instructions. We limit marketing to information aligned with the educational and professional focus of Nivara and do not share marketing lists with unrelated third parties without explicit consent.
To stop receiving marketing messages, use the unsubscribe link included in every marketing email or submit a request to our privacy contact. Unsubscribe requests are processed promptly; you may continue to receive transactional emails related to account administration or course delivery after unsubscribing from marketing.
Children's Privacy
Nivara’s courses and services are intended for adults and learners who meet applicable local age requirements. We do not knowingly collect personal information from individuals under 13. If we become aware that we have collected personal information from a child under 13 without appropriate authorization, we will take steps to remove the information in accordance with applicable law.
Links to Third-Party Sites
Our website may contain links to third-party sites, tools, or services that are not operated by Nivara. These third parties have their own privacy policies and practices. When you follow a link to a third-party site, you should review that site’s privacy notice. Nivara is not responsible for the content, practices, or privacy policies of third parties.
Policy Updates
We review and may update this privacy policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be posted on jcinova.tech and, where appropriate, notified through other communication channels. The effective date at the top of the policy indicates when the latest changes took effect.