Privacy Policy

Last updated: October 15, 2026

1. Overview

SCU Advisor Inc. ("we," "us," "our") operates the website scuadvsr.com and provides banking advisory services to personal and business clients across Manitoba. This policy explains how we collect, use, store, and protect your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Manitoba privacy legislation.

We believe privacy should be as transparent as our fee schedule. This document covers every category of data we touch — and just as importantly, the categories we don't.

2. Information We Collect Through Forms

When you submit a form on our website or communicate with us directly, we may collect the following information:

• Name — Used to identify you in correspondence and, if you become a client, in our engagement records.
• Email address — Used to respond to your inquiry and, with your consent, to send our quarterly Fee Leak Report.
• Phone number — Used to schedule and conduct advisory calls. Providing a phone number is optional.
• Service preferences — Your selections from the contact form dropdown (e.g., Personal Banking Audit, Business Banking Audit) help us route your inquiry to the right advisor.
• Message content — Any details you provide in the free-text field of our contact form.
• Financial information — During active advisory engagements, you may voluntarily provide bank statements, fee schedules, loan agreements, and other financial documents. This information is collected only with your explicit authorization and is used solely to deliver the advisory service you've engaged us for.

3. Information We Collect Through Cookies

Our website uses a limited number of cookies:

• Session cookies — Essential for basic site functionality such as form submissions and navigation. These expire when you close your browser.
• Cookie consent preference — A small cookie that records whether you've accepted or declined our cookie banner, so we don't ask you again on every page visit.
• Analytics cookies — Used to collect aggregate, anonymized usage data (see Section 4 below). These cookies do not contain personally identifiable information.

We do not use advertising cookies, retargeting pixels, or third-party tracking cookies of any kind.

How to manage cookies: You can disable cookies in your browser settings at any time. Most browsers allow you to block all cookies, block only third-party cookies, or clear cookies when you close the browser. Disabling session cookies may affect your ability to submit forms on our site.

4. Information We Collect Through Analytics

We use anonymized web analytics to understand how visitors use our site. The data we collect includes:

• Aggregate page views and time-on-page metrics
• Referral sources (e.g., search engine, direct visit, link from another site)
• General device and browser type
• Geographic region (province-level only — we do not collect specific IP addresses)

No personally identifiable information is stored in our analytics system. We do not share analytics data with any third party. Our analytics configuration is designed to comply with PIPEDA requirements and Gramm-Leach-Bliley Act-grade privacy standards that we apply across all client data handling.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to inquiries — When you fill out our contact form or email us, we use your contact details to reply and address your questions.
• Delivering advisory services — Financial documents and personal information provided during an engagement are used to conduct audits, build recommendations, and prepare written reports.
• Sending our quarterly Fee Leak Report — Only with your explicit consent. You can subscribe through our newsletter form and unsubscribe at any time via the link in every email.
• Improving our website — Anonymized analytics help us understand which pages are useful, which need improvement, and how visitors navigate our site.

We do not use your personal information for any purpose beyond what is described above. We do not build marketing profiles, sell data to third parties, or use your information to target advertisements.

6. How We Protect Your Information

We take the security of your data seriously. Here's exactly how we protect it:

• 256-bit encryption — All documents shared between SCU Advisor and our clients are transmitted through a secure, encrypted document portal. We never send financial documents via unencrypted email.
• No financial data on website servers — Our website servers do not store client financial information. Advisory documents and client records are maintained in a separate, encrypted, access-controlled system.
• Access controls — Only team members directly involved in your engagement have access to your files. Access is role-based and logged.
• Annual security review — Our Operations & Compliance Coordinator, Sandra Fife, conducts an annual review of all data handling practices, storage systems, and access logs.
• Privacy-grade standards — We apply Gramm-Leach-Bliley Act-grade privacy compliance standards to all client data handling, even though as a Canadian advisory firm we are not technically subject to that regulation. We chose this standard because it's more rigorous than the minimum required under PIPEDA.

7. Third-Party Sharing

Our position on this is straightforward: we do not sell, trade, rent, or share your personal information with any third party.

There are two narrow exceptions:

• Legal requirement — If compelled by a valid court order, subpoena, or regulatory authority with jurisdiction in Manitoba or Canada, we may be required to disclose certain information. We will notify you of any such request unless legally prohibited from doing so.
• With your written authorization — During advisory engagements, you may authorize us to communicate with your financial institution(s) on your behalf. We do so only with a signed authorization letter, and only to the extent necessary to carry out the specific advisory work you've engaged us for.

We maintain no referral agreements, affiliate commissions, or revenue-sharing arrangements with any financial institution. This is verified quarterly and published in our conflict-of-interest register.

8. Data Retention

We retain different categories of data for different periods:

• Contact form submissions — Retained for 12 months after last communication, then deleted.
• Active client records — Retained for the duration of the advisory engagement plus 7 years, in compliance with Canadian tax and business record requirements.
• Newsletter subscribers — Email addresses are retained until you unsubscribe. Upon unsubscription, your email is removed from our mailing list within 5 business days.
• Analytics data — Aggregated and anonymized. No personally identifiable data is retained.

9. Your Rights

Under PIPEDA, you have the right to:

• Access your information — Request a copy of the personal information we hold about you. We'll respond within 30 calendar days.
• Correct your information — If any of your personal information is inaccurate or incomplete, let us know and we'll correct it promptly.
• Delete your information — Request that we delete your personal information. We'll comply unless we're legally required to retain it (for example, engagement records within the 7-year retention period).
• Withdraw consent — You can withdraw consent for communications (such as our newsletter) at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• File a complaint — If you believe we've mishandled your personal information, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. For significant changes, we'll notify active clients directly via email. We encourage you to review this page periodically.

12. Contact for Privacy Inquiries

If you have questions about this privacy policy, want to exercise any of your rights, or have concerns about how your data is handled, contact:

Sandra Fife
Operations & Compliance Coordinator
SCU Advisor Inc.
363 Broadway Avenue, Winnipeg, Manitoba R3C 3N9
Email: contact@scuadvsr.com
Phone: (431) 348-5867

We aim to respond to all privacy-related inquiries within 5 business days.