Privacy Policy

1. Who we are

Data Rescue Labs ("DRL", "we", "us") is a Canadian digital forensics, data recovery and incident response firm operating out of Ontario and serving clients across Canada. This policy describes how we handle personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

For questions about this policy or to exercise any of the rights described below, contact our Privacy Officer at info@datarescuelabs.com.

2. What we collect

We collect two distinct categories of information, with different handling rules:

2a. Website-visitor information

• Contact form submissions — name, email, phone, brief description of your matter. Provided by you to start an engagement.
• Server logs — IP address, browser type, pages visited, timestamps. Retained for 90 days for security and operations.
• Cookies — we use only essential cookies required for the site to function. No analytics cookies, no advertising trackers, no third-party scripts.

2b. Forensic case data

When you engage DRL, we may take custody of devices, forensic images, account credentials (for cloud collection) and other client data. This material is handled under the following rules regardless of what this policy otherwise says:

3. How we use information

We use the information described above only to:

• Reply to engagement inquiries and provide quotes
• Deliver the forensic, recovery, or response services you engage us for
• Operate, secure and improve the site
• Comply with legal, regulatory, or court-ordered obligations

We do not sell, rent, or trade personal information. We do not use case data or examiner findings for any purpose other than the engagement.

4. Who we share information with

We do not share personal information with third parties except as follows:

• Your designated counsel or recipients — only as you instruct, in writing, as part of the engagement.
• Service providers — limited subprocessors (hosting, encrypted backup, email) under written confidentiality terms. Current list available on request from the Privacy Officer.
• Legal obligations — if compelled by valid court order, subpoena, or regulator. We will notify you in advance where lawfully possible.

5. Retention & destruction

Retention periods vary by data category:

• Contact form submissions — 24 months from last contact, then deleted.
• Engagement records — 7 years from case close (matching professional standards), then deleted.
• Forensic images and case data — destroyed on your specified timeline (typically 90 days to 7 years). Cryptographic erasure attestation provided on request.
• Server logs — 90 days.

6. Your rights

Under PIPEDA you have the right to:

• Know what personal information we hold about you
• Access that information and request a copy
• Correct any inaccuracies
• Withdraw consent for non-essential processing
• Lodge a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, email info@datarescuelabs.com. We respond within 30 days.

7. Security

We maintain administrative, technical and physical safeguards aligned with and requirements. Forensic infrastructure is air-gapped from the public internet. Examiner workstations use full-disk encryption. Backups are encrypted with client-segregated keys. Access is role-based and audited.

8. Children

This site is not directed to children. We do not knowingly collect information from individuals under 13. Forensic engagements involving minors are conducted only through their legal guardian or designated counsel.

9. Cross-border transfers

Some subprocessors may store data outside Canada (typically the United States). Where this occurs, we ensure contractual safeguards equivalent to PIPEDA protections. You may request the current list of cross-border subprocessors from the Privacy Officer.

10. Changes to this policy

Material changes will be posted here with an updated effective date. Continued use of the site or services after an update constitutes acceptance. We will notify active engagement clients in writing of any material change affecting their case data.

11. Contact

Privacy Officer
Data Rescue Labs
Email: info@datarescuelabs.com
Phone: 1 (416) 238-1232

For PIPEDA complaints unresolved with us, contact the Office of the Privacy Commissioner of Canada.