Last Updated: February 6, 2026
This Privacy Policy ("Policy") explains how Heirly Inc. ("Heirly," "we," "us," or "our") collects, uses, discloses, and safeguards personal information of users ("you" or "User") of the Heirly platform, website, applications, and related services (collectively, the "Platform"). By accessing or using the Platform, you consent to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree with this Policy, you must not use the Platform.
This Policy is intended to comply with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act ("PIPEDA"), applicable international privacy laws, including the General Data Protection Regulation ("GDPR") where relevant, and industry best practices for SaaS marketplaces. This Policy should be read together with our Terms of Use and Cookies Policy.
1.1 Account Information
- (a) We collect personal information necessary to establish and maintain your account, including your name, email address, telephone number, and password.
- (b) We collect business information, including company name, registration number, and credentials, as applicable to your role.
- (c) Role-specific information may be collected as follows:
- (i) Buyers: preferences and investment parameters;
- (ii) Sellers: business listings, strategic business information;
- (iii) Advisors: professional credentials and areas of expertise.
- (d) Sensitive personal information, including government-issued identification or financial records, is collected only with your explicit consent and is stored securely.
- (e) Other registration information may be collected to the extent necessary to create and maintain your account.
1.2 User Contributions and Platform Interactions
- (a) We collect information you submit to the Platform, including but not limited to listings, messages, documents, survey responses, and onboarding information.
- (b) We collect usage data, including clicks, searches, session duration, and interactions with Platform features.
- (c) We collect activity and notification data, including records of interest expressions, deal stage progressions, disclosure level changes, document access events, advisor invitations, and messaging activity, to operate the Platform, provide relevant notifications, and maintain audit trails.
1.3 Technical Information
- (a) We collect device information, such as type of device, operating system, and browser; IP addresses; connection information; and cookies or similar technologies for authentication, analytics, and personalization of your experience.
1.4 Third-Party Data and Service Providers
- (a) We may collect personal information from third-party service providers in connection with Platform functionality, verification of business credentials, or delivery of Platform features.
- (b) We use the following categories of third-party service providers to operate the Platform:
- (i) Cloud infrastructure and hosting providers;
- (ii) Payment processing providers;
- (iii) Email delivery providers;
- (iv) File storage providers;
- (v) Marketing and analytics providers;
- (vi) Artificial intelligence service providers.
- (c) These service providers process data on our behalf pursuant to data processing agreements and are contractually bound to protect personal information in accordance with applicable privacy laws.
- (d) A current list of specific service providers may be requested by contacting concierge@heirly.co.
2.1 Purposes of Use
We may use personal information only as necessary to:
- (a) Provide, operate, maintain, and improve the Platform and its features;
- (b) Verify identities, credentials, and business information. Verification may involve contacting third parties, consulting public or private databases, and using Cookies and other tracking mechanisms in accordance with the Cookies Policy;
- (c) Enable communication and transactions between Buyers, Sellers, and Advisors;
- (d) Prevent, detect, and respond to fraud, abuse, security incidents, or violations of the Terms of Use;
- (e) Analyze Platform usage and generate insights, summaries, or rankings in anonymized or aggregated form. "Anonymized" means that personal identifiers are irreversibly removed to prevent identification;
- (f) Comply with legal obligations, enforce agreements, and resolve disputes;
- (g) Provide AI-generated outputs for informational purposes only, which do not constitute legal, financial, valuation, tax, or investment advice.
2.2 Artificial Intelligence and Automated Processing
- (a) Certain Platform features use artificial intelligence technologies to enhance your experience, including generating match recommendations, improving listing quality, and providing personalized insights.
- (b) When you use AI-powered features:
- (i) Relevant data you provide may be processed by third-party AI service providers on our behalf;
- (ii) Our AI service providers are contractually prohibited from using your data to train their models;
- (iii) AI service providers may retain data for limited periods for safety monitoring purposes before automatic deletion;
- (iv) We implement data minimization practices to limit transmission of sensitive personal information where practicable.
- (c) AI-generated outputs are provided for informational purposes only and do not constitute recommendations, valuations, or professional advice.
2.3 Automated Decision-Making Rights
For decisions assisted by automated processing, you have the right to:
- (a) Request general information about the categories of data used in automated recommendations;
- (b) Request human review of significant automated decisions that materially affect your use of the Platform;
- (c) Contest automated decisions and request correction of inaccurate personal information.
Requests may be submitted to concierge@heirly.co. Heirly reserves the right to protect proprietary algorithms and methodologies as trade secrets, and is not obligated to disclose specific logic, weighting, or technical implementation details.
3.1 Sharing with Other Users
Personal information may be shared with other Users only to the extent necessary for marketplace interactions, including business names, listing information, and professional contact details. Sensitive personal information will not be disclosed.
3.2 Service Providers and Partners
Personal information may be disclosed to third-party service providers and partners who process data on our behalf. These third parties are bound by contractual obligations to protect personal information in accordance with Canadian privacy law.
3.3 Legal Obligations
We may disclose personal information to comply with applicable laws, regulations, or legal processes, or to respond to lawful requests from authorities.
3.4 Corporate Transactions
In the event of a corporate transaction, including but not limited to a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity. Users will be notified of such transfers where feasible.
3.5 Aggregated or Anonymized Information
We may disclose information in aggregated or anonymized form that does not identify any individual personally.
3.6 Non-Sale of Personal Information
Heirly does not sell personal information to third parties.
4.1 Access and Correction
You may request access to and correction of your personal information. We will respond within a reasonable timeframe, typically thirty (30) days.
4.2 Communication Preferences
You may opt out of non-essential marketing communications by following unsubscribe instructions.
4.3 Account Deletion
You may request deletion of your account. Certain information may be retained where necessary to comply with legal obligations, resolve disputes, or protect legitimate business interests. Retained information will be minimized and stored securely.
4.4 Withdrawal of Consent
You may withdraw consent for specific uses of your personal information, including AI processing, without affecting the lawfulness of prior processing.
Requests to exercise any rights under this Section may be submitted to concierge@heirly.co.
5.1 General Retention Principles
Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and protect legitimate interests.
5.2 Specific Retention Periods
- (a) Account Information: Retained for the duration of your account plus two (2) years following account closure, unless earlier deletion is requested.
- (b) Transaction Records: Deal room communications, documents, activity logs, and related transaction records are retained for seven (7) years following transaction completion or termination for legal, regulatory, tax, and dispute resolution purposes.
- (c) Failed Transaction Records: Records relating to transactions that do not proceed to completion are retained for three (3) years following termination.
- (d) Notifications: Read notifications are automatically deleted after ninety (90) days. Unread notifications are retained until read or account closure.
- (e) Inactive Accounts: Accounts with no activity for two (2) years will receive ninety (90) days notice before deletion.
5.3 Survival of Retention Obligations
Transaction record retention periods survive account deletion. Upon account closure, personal profile information will be deleted within thirty (30) days, but transaction records required for compliance purposes will be retained for the applicable retention period.
5.4 Secure Deletion
Information that is no longer required will be securely deleted or anonymized in accordance with industry standards.
6.1 Heirly implements technical, administrative, and organizational safeguards appropriate to the sensitivity of personal information, including encryption, multi-factor authentication for administrative access, and regular security audits.
6.2 Breach Notification. In the event of a breach of personal information that poses a real risk of significant harm, Heirly will promptly notify affected Users and applicable authorities in accordance with PIPEDA.
7.1 Personal information of Users accessing the Platform outside Canada may be processed in Canada or other countries where Heirly or its service providers operate.
7.2 Heirly ensures that international transfers are protected by safeguards equivalent to Canadian privacy standards.
8.1 Heirly uses Cookies and similar technologies as described in the Cookies Policy for authentication, Platform performance, personalization, analytics, and verification purposes.
8.2 Consent is obtained for non-essential Cookies where required by law. Users may manage Cookie preferences via browser settings or platform-provided tools, without affecting essential functionality.
9.1 The Platform is intended for users eighteen (18) years of age or older.
9.2 If we discover that we have inadvertently collected personal information from a person under eighteen (18), such information will be deleted immediately.
10.1 The Platform may include links or integrations with third-party services. Heirly is not responsible for the privacy practices or content of such services. Users' interactions with third-party services are governed by the privacy policies of those services.
11.1 If you are located in the European Economic Area, you have the right to:
- (a) Access, correct, erase, restrict, or object to the processing of your personal data;
- (b) Data portability; and
- (c) Withdraw consent at any time without affecting prior lawful processing.
11.2 Requests will be processed within thirty (30) days, following verification of identity. Users may contact their local supervisory authority for complaints.
12.1 Heirly may update this Policy from time to time. Material changes will be communicated via email where appropriate and posted on the Platform. Continued use of the Platform after such updates constitutes acceptance of the revised Policy.
13.1 For questions or concerns regarding this Policy or your personal information, please contact: