top of page
Maze25-logo
Book a Call

Privacy Policy

1. Who We Are

Maze25 is a GTM strategy consultancy operated in Toronto, Ontario, Canada. We serve Seed–Series A B2B SaaS founders through a fixed-scope 8-week Strategic Foundation Sprint and optional advisory engagements.

This policy applies to our website and all related forms, tools, and email communications.

2. What We Collect 

We collect the following types of personal data:

First name and email address — collected via the lead magnet form (GTM Readiness Scorecard) for the purpose of delivering the tool and sending follow-up content.

First name, email, and message — collected via the contact form for the purpose of responding to inquiries.

Name, email, and calendar slot — collected via the booking form for the purpose of scheduling discovery calls.

IP address, browser type, and pages visited — collected via website analytics for the purpose of understanding site usage and improving content.

Email engagement data (opens and clicks) — collected via our email marketing platform for the purpose of assessing content relevance and segmenting the list.

We do not collect payment information directly. Invoicing is handled via separate tools outside this website.

3. How We Use Your Data

We use your data only for specific, defined purposes with a clear legal basis under PIPEDA.

We deliver the GTM Readiness Scorecard you requested on the basis of your explicit opt-in consent at the form. We send follow-up emails about GTM strategy topics on the basis of CASL-compliant express consent. We schedule and conduct discovery calls on the basis of consent combined with legitimate interest in pre-contractual engagement. We improve the website and content using aggregate analytics on the basis of legitimate interest. We comply with legal obligations if required by law.

We do not use your data for automated decision-making or profiling.

4. Email Marketing (CASL Compliance)

Canada's Anti-Spam Legislation (CASL) requires express consent before sending commercial electronic messages.

You give express consent at the moment you submit your email via the lead magnet form or contact form. Every marketing email includes a one-click unsubscribe link. Unsubscribe requests are processed within 10 business days. We do not add contacts to our list from outreach or other channels without a separate opt-in. Consent records including timestamp, source, and IP are stored in our email marketing platform.

5. Third-Party Services

We work with third-party service providers to operate our website and deliver our services. These providers fall into the following categories:

Website hosting and analytics — receives IP address, browser type, and pages visited.

Email list management and automation — receives name, email, and engagement data.

Booking and scheduling — receives name, email, and calendar slot.

Internal workspace — used for delivery and operations only; no client data is shared with this service.

 

We do not sell, rent, or trade your data with any third party for marketing purposes. Each third-party service we use maintains its own privacy policy and data processing terms. We select services that comply with applicable data protection standards.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected.

Active email subscribers: retained until unsubscribe or withdrawal of consent. Unsubscribed contacts: retained for 2 years to maintain CASL compliance records. Discovery call notes: retained for 2 years from the date of last engagement. Website analytics data: retained on a 26-month rolling basis. Contact form submissions: retained for 1 year from the date received.

After the applicable retention period, data is deleted or anonymized.

7. Your Rights (PIPEDA)

Under PIPEDA, you have the right to access the personal information we hold about you, to correct inaccurate or incomplete information, to withdraw consent at any time subject to legal or contractual restrictions, and to file a complaint with the Office of the Privacy Commissioner of Canada (OPC).

To exercise any of these rights, email privacy@maze25.com. We will respond within 30 days.

8. Cookies

Our website uses cookies for analytics, session management, and site functionality. We do not use advertising cookies or third-party tracking pixels.

You can disable cookies in your browser settings. Core site functionality is not affected.

9. Data Security

We use the following measures to protect your data: all data in transit is encrypted via HTTPS (TLS 1.2+); access to all third-party platforms is protected by strong passwords and two-factor authentication; internal workspaces are private and not publicly accessible; no sensitive financial data is stored on this website.

No transmission method is 100% secure. If a data breach occurs that creates a real risk of significant harm, we will notify affected individuals and the OPC as required by PIPEDA.

10. Changes to This Policy

We may update this policy if our data practices change. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated via email to active subscribers.

11. Contact Us

To reach us with any questions about this policy or your personal data: email privacy@maze25.com. We respond within 30 days.

bottom of page