Last updated April 30, 2026
Buckler Compliance Inc. ("Buckler", "we", "us", "our") is committed to protecting personal information. This Privacy Policy describes the personal information we collect through our website at www.buckler.ai (the "Website") and our investment due diligence platform (together with the Website, the "Services"), how we use, disclose, retain, and protect that information, and the rights you have with respect to it.
This Privacy Policy should be read together with our Terms of Service. If you do not agree with this Privacy Policy, please do not use the Website or the Services.
Please read this Privacy Policy carefully. If you have questions, contact our Privacy Officer using the details in Section 18.
Table of Contents
In Short: Buckler Compliance Inc. is a Canadian company. Our Privacy Officer can be reached at info@buckler.ai.
Buckler Compliance Inc. is a Canadian company headquartered at 184 Donlea Drive, East York, Ontario M4G 2M9, Canada. We are the controller responsible for the personal information described in this Privacy Policy. Our Privacy Officer can be reached at info@buckler.ai or at the postal address in Section 18.
In Short: A short list of terms used in this Privacy Policy.
"Personal Information" has the meaning given to it under Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), Quebec's Act respecting the protection of personal information in the private sector (the "Quebec Privacy Act"), the EU and UK General Data Protection Regulation ("GDPR"), and other applicable privacy laws. It generally means information about an identifiable individual.
"Non-Public Information" or "NPI" means non-public business information, including firm information, security identifiers, performance data, and review methodologies, that we receive from or generate for our customers in the course of providing the Services.
"Customer Data" means data, files, records, and other content that our customers and their authorized users submit to or generate through the Services.
In Short: We collect information you provide, information we generate about your use of the Services, and limited information from third parties.
Account information. When you register an account, we collect your name, business email address, phone number, firm name, role, and login credentials.
Customer Data. Information you submit to or generate through the Services, including investment research inputs, methodology documentation, supervisory determinations, and report outputs. This may include personal information about your clients or other individuals where you choose to include it.
Communications. Information you provide when you contact us through the Website, by email, by phone, or through our support channels, including any content you choose to share.
Website and platform usage information. When you visit the Website or use the Services, we automatically collect technical information including IP address, browser type and version, device identifiers, operating system, referring URL, pages visited, time spent, error logs, and similar usage data.
Cookies and similar technologies. See Section 11.
Information from third parties. We may receive information about you from your firm's administrator, identity providers, payment processors, and other authorized sources where you have a relationship that involves us.
In Short: We use information to provide and improve the Services, to communicate with you, to comply with law, and to operate our business.
We use the information we collect for the following purposes:
We will not process personal information for purposes that are incompatible with the purposes for which it was originally collected, except as permitted or required by applicable law.
In Short: Where applicable law requires us to identify a legal basis for processing, we rely on consent, contract, legal obligation, legitimate interests, or vital interests.
Where applicable privacy law requires us to identify a legal basis for processing personal information, we rely on:
If you would like more information about the legal basis on which we rely for a specific processing activity, contact our Privacy Officer.
In Short: We share information with service providers, with your firm's administrators, with legal and regulatory authorities where required, with professional advisors, and in connection with corporate transactions. We do not sell personal information.
Service providers and sub-processors. We engage trusted service providers to host the Services, process payments, deliver email and other communications, provide analytics and customer support, and perform other functions on our behalf. These providers process information only on our instructions and are bound by confidentiality and security obligations. Information about our material sub-processors is available on request.
Your firm. Information you provide as part of your firm's account may be visible to your firm's administrators and to other authorized users within your firm, in accordance with your firm's internal access controls.
Legal and regulatory authorities. We may disclose information when we are required to do so by law, by a court order, by a regulator with jurisdiction over us, by a self-regulatory organization, or by other binding legal process. Where legally permitted, we will provide notice to affected customers before responding to a legal demand for Customer Data.
Professional advisors. Lawyers, accountants, auditors, insurers, and other advisors who are subject to confidentiality obligations.
Business transfers. In connection with a financing, merger, acquisition, reorganization, or sale of all or substantially all of our assets, information may be transferred to the relevant counterparty, subject to confidentiality protections and applicable law.
With your consent. Where you give us specific consent to share information for a particular purpose, we will share it as agreed.
We do not sell personal information for monetary or other valuable consideration.
In Short: Information may be processed in Canada, the United States, and other jurisdictions where our service providers operate.
Buckler is headquartered in Canada. The Services are hosted by service providers in Canada and the United States, and we may engage other service providers in additional jurisdictions. As a result, your personal information may be processed, stored, accessed, or transferred in Canada, the United States, and other jurisdictions where Buckler, its affiliates, or its service providers operate.
Privacy, data-protection, law-enforcement access, and government-access rules differ from jurisdiction to jurisdiction. Where required by applicable law, we put in place appropriate safeguards (such as standard contractual clauses or comparable mechanisms) before transferring personal information across borders, and we contractually require our service providers to apply protections substantially similar to those required by Canadian privacy law.
In Short: We keep information only as long as we need it for the purposes described in this Policy, unless a longer retention period is required by law or by our regulatory or contractual obligations.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law or by our regulatory and contractual obligations. We may retain information in archival or backup systems for limited additional periods, and in aggregated or de-identified form indefinitely.
When we no longer have a legitimate need to retain personal information, we will securely delete, destroy, or anonymize it.
In Short: We maintain administrative, technical, and physical safeguards consistent with SOC 2-aligned control practices.
We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, alteration, and destruction. These safeguards are intended to be consistent with the nature of the Services, the sensitivity of the information processed, and SOC 2-aligned control practices.
No method of electronic transmission or storage is completely secure. While we work to protect your personal information, we cannot guarantee its absolute security. You are responsible for the security of the systems, devices, networks, and credentials you use to access the Services.
In Short: Depending on your jurisdiction, you may have rights of access, correction, deletion, portability, and objection. Contact our Privacy Officer to exercise them.
Depending on your jurisdiction and the nature of our processing, you may have the following rights with respect to personal information about you that we hold:
To exercise any of these rights, please contact our Privacy Officer at info@buckler.ai. We will respond within the time frames required by applicable law. We may need to verify your identity before responding.
Some rights apply only to the personal information we control. If you are a user of a customer's account, requests to access, correct, or delete information may need to be directed to your firm in the first instance.
In Short: The Website uses cookies to operate, remember your preferences, and measure performance. You can manage cookies through your browser.
The Website uses cookies and similar technologies (including local storage, pixels, and tags) to operate the site, remember your preferences, measure performance, and provide analytics. Some cookies are strictly necessary for the operation of the Website. Others are used for analytics or marketing only with your consent, where required by applicable law.
You can manage cookie preferences through your browser settings or, where available, through cookie controls we provide on the Website. Disabling cookies may affect the functionality of the Website.
We do not currently respond to "Do Not Track" browser signals. If a uniform standard for online tracking is adopted that we are required to follow, we will update this Privacy Policy accordingly.
In Short: The Services are not directed to children. We do not knowingly collect personal information from children.
The Services are intended for use by regulated financial-services firms and their authorized personnel, and are not directed to children. We do not knowingly collect personal information from individuals under the age of majority in their jurisdiction. If you believe we have collected such information, please contact our Privacy Officer and we will take steps to delete it.
In Short: If you are a Quebec resident, the Quebec Privacy Act gives you additional rights. Contact our Privacy Officer to exercise them.
If you are a resident of Quebec, you have additional rights under the Quebec Act respecting the protection of personal information in the private sector, including:
To exercise these rights, contact our Privacy Officer at info@buckler.ai.
In Short: If you are in the EU, UK, or EEA, the GDPR may apply. Contact our Privacy Officer for a Data Processing Addendum.
If you are a resident of the European Union, the United Kingdom, or the European Economic Area, the GDPR may apply to our processing of your personal information. Where it applies, we will identify a lawful basis for processing under Article 6 of the GDPR, and you have the rights of access, rectification, erasure, restriction, portability, and objection described in Section 10. You also have the right to lodge a complaint with the data-protection authority in your country.
Where we transfer personal information outside the EEA or the UK to a country that has not been recognized as providing an adequate level of protection, we put in place appropriate safeguards, including standard contractual clauses and other mechanisms permitted by applicable law.
If you require a Data Processing Addendum (DPA), please contact our Privacy Officer.
In Short: If you are a resident of California or another US state with a comprehensive privacy law, you have rights to access, correct, delete, and opt out. We do not sell personal information.
If you are a resident of California or another US state with a comprehensive privacy law (including California's CCPA and CPRA, Virginia's VCDPA, Colorado's CPA, Connecticut's CTDPA, Utah's UCPA, and analogous statutes), you may have rights including the right to know, the right to access, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information, the right to limit use and disclosure of sensitive personal information, and the right to non-discrimination for exercising these rights.
We do not sell personal information for monetary or other valuable consideration. We do not "share" personal information for cross-context behavioural advertising as those terms are defined under the CPRA.
To exercise these rights, contact our Privacy Officer at info@buckler.ai. You may also designate an authorized agent to act on your behalf, subject to verification.
In Short: If a security incident creates a real risk of significant harm, we will notify affected individuals and regulators without undue delay.
If we become aware of a security incident resulting in unauthorized access to, loss of, or disclosure of personal information that creates a real risk of significant harm to an individual, we will notify the affected individuals and the applicable privacy regulators in accordance with the requirements of PIPEDA, the Quebec Privacy Act, and other applicable laws. We will provide such notice without undue delay and, in any event, no later than 72 hours after confirmation of the incident.
We will also notify our customers of security incidents affecting their Customer Data, in accordance with our Terms of Service and any applicable data processing addendum.
In Short: We may update this Privacy Policy. We will give notice of material changes.
We may update this Privacy Policy from time to time. The updated version will be posted at this page with a revised "Last updated" date and will take effect on posting unless stated otherwise. If we make material changes, we will provide reasonable prior notice — for example, by email to the address associated with your account or through the Services. Your continued use of the Website or the Services after the effective date of the updated Privacy Policy constitutes your acceptance of it.
If you have questions, concerns, or complaints about this Privacy Policy or about our handling of personal information, please contact our Privacy Officer:
Buckler Compliance Inc.
Privacy Officer
184 Donlea Drive
East York, Ontario M4G 2M9
Canada
Email: info@buckler.ai
Phone: +1 646 693 7264
You may also file a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca), the Commission d'accès à l'information du Québec (www.cai.gouv.qc.ca), or the privacy regulator in your jurisdiction.