Privacy Notice & Consent Notice

1. Who collects and uses your information

By submitting any form on this website, you consent to the collection, use, and secure storage of your personal information by Bridget Jemeison, an independent representative of Eau Claire Partners Inc.

For data-protection purposes, Bridget Jemeison is the data controller of personal information collected through this website. Eau Claire Partners is not a controller of website-form data unless and until you become a client of Bridget, at which point the handoff described in Section 3 takes effect.

2. Legal basis

We process your form data on the basis of your express consent under PIPEDA Principle 3 and BC PIPA s. 7. We process technical data (IP address, device, page interactions) for site operation and bot defense as a legitimate operational necessity permitted under PIPEDA.

The legislation that applies depends on where you live: the Personal Information Protection and Electronic Documents Act (PIPEDA) applies federally; the BC Personal Information Protection Act (PIPA) applies to BC residents; Québec Law 25 applies to Québec residents and includes specific opt-in requirements for non-essential cookies, which we honor in Section 6.

3. What we use it for

Your information will be used only to:

1. Understand your insurance and financial needs.
2. Calculate your DIMES coverage estimate (if you used the calculator).
3. Allow Bridget Jemeison (or, if Bridget is unavailable for an extended period, another advisor at Eau Claire Partners with your prior knowledge) to follow up with you, if you have separately consented to be contacted by email or SMS at the form’s optional contact-consent checkbox.

If you have not granted email or SMS consent at the form, your information remains in our records but a licensed advisor will not initiate contact with you. You can grant or withdraw contact consent at any time by contacting us at the email below.

We do not use AI or automated decision-making to evaluate your insurance needs, eligibility, or whether to contact you. A licensed human advisor reviews every form submission. The DIMES calculator generates a coverage estimate from the information you provide using a deterministic formula; it is not an automated decision about you.

If you have previously submitted a form on this site, we may pre-fill subsequent forms (such as the DIMES calculator) with the information you provided. To do this we look up your email address against our existing records and, if a match is found, send a one-time link to your email containing a prefill token (valid 24 hours). The lookup is rate-limited and we have designed it to avoid revealing whether an email is registered. The same confirmation message appears whether or not a match is found, and a magic link is sent only when a match exists. A determined attacker with access to your inbox could still infer registration from the presence or absence of the email.

Your information will not be shared outside our firm, except where required by law.

Once you become a client of Bridget through Eau Claire Partners, the broader advisor-client relationship is governed by the regulatory framework of the Insurance Council of BC. The handoff occurs when you sign your first insurance or investment application through Bridget; we will provide you any privacy notices required by Eau Claire Partners or the underwriting carrier at that point and obtain any additional consents required. This Privacy Notice & Consent Notice covers your interactions with this website and the lead-capture forms it hosts.

4. How to withdraw consent

You may withdraw your consent at any time by contacting us at bridget.jemeison@eauclairepartners.com. You can also unsubscribe from email by clicking the unsubscribe link in any email we send, or stop receiving SMS by replying STOP to any text message.

Withdrawing consent stops future processing and contact, and we will delete personal information that we are not legally required to retain. Records that insurance regulators, FINTRAC, or other statutes require us to keep are pseudonymized and retained for the period required by law (see Section 9).

If you cannot reach Bridget for an extended period, you may escalate privacy requests to the regulators in Section 15.

5. Information we collect

In this Notice, “personal information” means any information that identifies you or that could reasonably be combined with other information to identify you.

We collect only what’s needed to qualify your interest, calculate your coverage estimate, and follow up on the inquiry you’ve made.

5.1 Information you provide through forms

Category

Identity

Examples

First name, full name

Source

Form fields

Category

Contact

Examples

Email address, phone number

Source

Form fields

Category

Demographic

Examples

Age, smoker status, household composition

Source

Form fields

Category

Financial situation

Examples

Annual income, mortgage or rent, debt, RESP, existing coverage

Source

Form fields

Category

Interest signals

Examples

Product interests, optional notes

Source

Form fields

Category

Consent record

Examples

Version-stamped text of the consent you agreed to, captured at the moment of submission, plus the timestamp and a hash of the form fields you submitted

Source

Captured automatically

About information you provide for other people. If you provide information about another person (such as a spouse, partner, or dependent) when filling out the calculator or any form, you confirm that you have their permission to share that information with us for the purposes described in this Notice.

5.2 Information collected automatically

Category

Technical

Examples

IP address, browser, device type

Why

Site loading + bot defense

Category

Page interaction

Examples

Pages visited, form steps, time on page

Why

Aggregate analytics

Category

Browser storage

Examples

DIMES calculator progress (on your device)

Why

Save & resume within 24 hours

We do not collect: government identifiers (SIN, driver’s license number, passport), payment card information, biometric information, or geolocation beyond your general IP-derived region.

5.3 Sensitivity classification

Financial information collected through the DIMES calculator (income, debt, mortgage or rent, RESP contributions, existing coverage) is treated as sensitive personal information under PIPEDA case law and receives the heightened safeguards described in Section 10.

6. Cookies, browser storage, and similar technologies

We use a small number of cookies and browser storage features. They fall into three categories:

6.1 Strictly necessary (always on)

Name

__cf_bm, cf_clearance

Provider

Cloudflare Turnstile

Purpose

Bot defense

Retention

30 days / session

Name

bridget-consent-v1

Provider

bridgetjemeison.com

Purpose

Records cookie consent decision

Retention

Until cleared

Name

bridget-dimes-progress

Provider

bridgetjemeison.com (localStorage)

Purpose

Saves DIMES calculator progress

Retention

24 hours

Name

DIMES prefill token

Provider

bridgetjemeison.com (URL param)

Purpose

Verifies identity for prefill flow

Retention

24 hours

Name

Vercel Analytics events

Provider

Vercel (US)

Purpose

Operational telemetry — required to detect site outages and broken pages. Aggregate only; no IP, fingerprint, or PII.

Retention

24 months

6.2 Session recording (only with your explicit consent — opt-in)

Active only if you click “Accept” on the cookie consent banner. (Planned, not yet active.)

Name

_clck, _clsk, MUID

Provider

Microsoft Clarity (US/Azure)

Purpose

Anonymized session recording. All <input>, <textarea>, and <select> elements on this site are configured with Clarity’s PII-masking attribute, which prevents Clarity from recording their values. We test this on every deployment.

Retention

1 year

Withdrawing consent: cookie consent decisions are stored per-device. To withdraw on a specific device, clear that browser’s site data for this website. To withdraw across all devices, contact Bridget directly at the email in Section 4— she will revoke consent in our records and on any session-recording vendor.

Do Not Track: we do not currently respond to Do-Not-Track browser signals because we do not engage in cross-site behavioural advertising.

7. Who we share your information with

Your information is accessed by Bridget, Eau Claire Partners staff supporting Bridget’s practice, and the service providers listed below. It is not shared outside this list except where required by law. The service providers are bound by their own privacy policies and their access is limited to what they need to perform their role:

Provider

DigitalOcean

Role

Database hosting

Where data is stored

Toronto and New York

Provider

MailerSend

Role

Email delivery

Where data is stored

United States

Provider

Twilio

Role

SMS delivery (with consent)

Where data is stored

United States

Provider

Cloudflare

Role

Bot defense + edge delivery

Where data is stored

US and global edge

Provider

Vercel

Role

Website hosting + aggregate analytics

Where data is stored

United States

Provider

Sentry

Role

Runtime error tracking (PII auto-scrubbed)

Where data is stored

United States

Provider

Microsoft Clarity

Role

Session recording (with consent)

Where data is stored

United States / Microsoft Azure

We may also be required to disclose records to: the Insurance Council of BC during a conduct review; FINTRAC under federal anti-money-laundering rules; and courts under valid legal process. These disclosures are statutory obligations and override consent.

We do not sell your personal information in the ordinary course of business, and we do not share it for the direct marketing purposes of any third party. The service providers listed above may use aggregated, anonymized usage data to improve their own products under their respective terms of service; this does not include re-targeting you with ads. In the unlikely event of a sale, merger, or acquisition involving Bridget’s practice or Eau Claire Partners, your personal information may transfer to the acquiring entity, who would be bound by the consents you granted under this Notice and applicable law. We would notify you of any such transfer.

8. Cross-border data transfer notice

Because we use service providers based in the United States and elsewhere, your personal information may be stored or processed outside of Canada (and outside of British Columbia and Quebec). While outside Canada, your information is subject to the laws of the country where it is processed, which may include lawful access requests by foreign government authorities.

Bridget primarily serves residents of British Columbia. If you are a resident of another province, additional or different cross-border-transfer rules may apply (Alberta PIPA s. 13.1, Québec Law 25’s transfer-impact-assessment requirement, or PIPEDA elsewhere in Canada). You may complain to the privacy regulator in your province of residence in addition to those listed in Section 15.

This notice is provided to comply with the cross-border-transfer transparency obligation under Québec Law 25 (s. 17), the accountability principle under PIPEDA, and the general transparency principle under BC PIPA. If you have questions about cross-border data transfer, please contact Bridget at the email in Section 4.

9. How long we keep it

We keep your personal information only as long as we need it for the purposes described above or as required by law.

Category

Form submissions where you became a client

Retention period

Seven (7) years from the date our advisor relationship ends, in line with insurance industry record-retention requirements

Category

Form submissions where you did not become a client

Retention period

Two (2) years from the date of your last interaction, then pseudonymized (direct identifiers removed) or deleted. The two-year window aligns with insurance policy renewal cycles, so we can follow up if your needs change without holding onto your data indefinitely. You can request deletion at any time per Section 11.

Category

Consent records

Retention period

Same retention period as the underlying form submission

Category

Aggregate analytics

Retention period

24 months at the analytics provider

Category

Session recordings (if consented)

Retention period

1 year at Microsoft Clarity

We do not delete records that we are legally required to retain. In those cases, we may pseudonymize the personal information by removing direct identifiers (name, email, phone, address) while retaining the financial and demographic context required by regulators. Pseudonymization is not the same as full anonymization; in a small dataset, combinations of remaining attributes may still permit re-identification by someone with auxiliary data.

Where Eau Claire Partners or the underwriting carrier has stricter record-retention obligations under insurance-industry rules (FINTRAC, the Insurance Council of BC), those obligations govern in addition to the periods above.

10. How we protect your information

We use safeguards appropriate to the sensitivity of the information we hold:

• Encryption in transit: All data submitted through this website travels over HTTPS (TLS 1.2 or higher).
• Encryption at rest: Form submissions are stored in a database with encryption at rest. We are reviewing whether sensitive personal information (name, email, phone) receives an additional layer of encryption beyond disk-level safeguards, and will update this notice once that review is complete.
• Dashboard access: Access to the lead-management dashboard interface is restricted to Bridget.
• Operators with system-level access: The underlying database, server logs, and supporting service providers (listed in Section 7) are accessed by their respective operators and a contracted developer for maintenance, under the contractual confidentiality terms of each platform.
• Internal service signing: Service-to-service requests inside our infrastructure are cryptographically signed (industry-standard HMAC) and timestamp-verified to prevent forgery and replay attacks.
• Bot defense: Cloudflare Turnstile blocks automated abuse before it reaches our forms.
• Principle of least privilege: Service providers are granted only the access they need to perform their role.

No safeguards eliminate risk completely. If you become aware of a vulnerability, please contact Bridget immediately.

11. Your rights under BC PIPA + PIPEDA

In addition to your right to withdraw consent (Section 4), you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct any personal information that is inaccurate or incomplete
• Deletion: Request deletion (subject to records we are required by law to retain)
• Portability: Request a copy of your information in a structured, commonly used, machine-readable format that you can transfer to another service
• Complaint: Complain to Bridget about how we have handled your personal information; if not resolved, escalate to the BC OIPC or the federal OPC (contact in Section 15)

To exercise any of these rights, contact Bridget at the email in Section 4. We will respond to your request within 30 days as required by BC PIPA.

If we are unable to respond within 30 days, BC PIPA s. 31 permits us to extend by up to 30 additional days with written notice to you explaining why, and PIPEDA s. 8(3) provides an equivalent extension at the federal level.

12. Children

This website is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has submitted personal information through this website, please contact Bridget at the email in Section 4 so we can delete it.

13. Privacy breach notification

If a breach of security safeguards involves your personal information and creates a real risk of significant harm to you, we will:

• Notify you as soon as feasible after we determine that a breach has occurred. Determination may take time depending on the nature of the breach; we commit to investigating any indicator of a breach promptly.
• Notify the Office of the Information and Privacy Commissioner for British Columbia and the Office of the Privacy Commissioner of Canada.
• Where Québec residents are affected, also notify the Commission d’accès à l’information du Québec as required under Québec Law 25.
• Maintain a record of the breach for at least two years.

This commitment reflects our obligations under PIPEDA’s mandatory breach reporting requirements and BC PIPA’s parallel obligations.

14. Changes to this Privacy Notice & Consent Notice

We may update this notice from time to time as our practices change or as the law evolves. Material changes will be communicated by:

• Updating the “Last updated” date at the top of this page
• Re-presenting the cookie consent banner if cookie practices have changed
• Where appropriate, sending email notice to people who have consented to email contact

Material changes to retention periods, legal basis, the categories of personal information we collect, or the list of service providers in Section 7 will be communicated by email to people who have consented to email contact, and a summary will appear at the top of this page for at least 30 days after the change takes effect. We review the service-provider list in Section 7 quarterly.

Previous versions of this Notice are available on request to the email in Section 15.

The current version of this notice is always available at https://bridgetjemeison.com/privacy.

15. Contact us

For privacy questions, access requests, or to withdraw consent:

To complain to a regulator:

Regulator

Office of the Information and Privacy Commissioner for BC (OIPC)

When to contact

Complaints under the BC Personal Information Protection Act

How

oipc.bc.ca / 250-387-5629

Regulator

Office of the Privacy Commissioner of Canada (OPC)

When to contact

Complaints under PIPEDA (federal)

How

priv.gc.ca / 1-800-282-1376