Privacy Policy

Nimble Information Strategies Inc.

Effective Date: March 13, 2026

Last Updated: March 13, 2026

1. Introduction

Nimble Information Strategies Inc. (“Nimble,” “we,” “us,” or “our”) is a Canadian-owned and operated information management company headquartered in Ontario, Canada. We are committed to protecting the privacy and security of personal information entrusted to us by our clients, their end users, website visitors, and employees.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our website (www.nimble.ca), our digital solutions, and our professional services. This policy applies to all individuals whose personal information we process, whether as a data controller or as a data processor on behalf of our clients.

Nimble complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation including the Personal Health Information Protection Act (PHIPA), the Freedom of Information and Protection of Privacy Act (FIPPA), and other relevant Canadian privacy laws.

2. Definitions

“Personal Information” means information about an identifiable individual, as defined under PIPEDA. This includes but is not limited to names, email addresses, phone numbers, mailing addresses, government-issued identifiers, claim identifiers, health information, and financial information.

“Client” means any organization that has entered into a service agreement with Nimble for the provision of our services.

“End User” means any individual who interacts with systems, portals, or services operated or hosted by Nimble on behalf of a Client.

“Services” means all services provided by Nimble, including but not limited to digital mailroom services, document scanning and digitization, data entry, cognitive services (AI-powered document classification and extraction), email hosting and delivery, web and application hosting, active file management, accounts payable processing, e-signature services, microfilm and microfiche conversion, and related information management services.

3. Information We Collect

3.1 Information Collected Directly

When you visit our website, contact us, or engage our services, we may collect:

  • Contact information (name, email address, phone number, mailing address, job title, organization name)
  • Inquiry and correspondence details
  • Information submitted through web forms on nimble.ca

3.2 Information Processed on Behalf of Clients

In the course of delivering our Services, Nimble processes personal information on behalf of our Clients. The types of personal information processed depend on the specific service and may include:

  • Names, addresses, and contact details of Client end users
  • Government-issued identifiers and claim reference numbers
  • Financial information (invoices, payment records, account numbers)
  • Health information (when processing healthcare-related documents)
  • Authentication credentials (multi-factor authentication codes, temporary passwords)
  • Document content (correspondence, applications, forms, legal documents)
  • Email content and metadata (sender, recipient, subject, timestamps)

When Nimble processes personal information on behalf of a Client, the Client remains the controller of that information. Nimble acts as a processor and handles the information solely in accordance with the Client’s instructions and the applicable service agreement.

3.3 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and general geographic location
  • Browser type and version, operating system
  • Pages visited, referring URL, and browsing patterns
  • Cookies and similar tracking technologies (see Section 9)

4. How We Use Personal Information

Nimble uses personal information for the following purposes:

  • To provide, maintain, and improve our Services as contracted by our Clients
  • To process, digitize, classify, index, route, and store documents and data on behalf of Clients
  • To host and deliver email, including transactional email (multi-factor authentication codes, password resets, claim notifications)
  • To host web applications, portals, and related infrastructure on behalf of Clients
  • To operate AI-powered cognitive services for document classification, data extraction, and automated routing
  • To respond to inquiries and provide customer support
  • To communicate with prospective and existing Clients about our services
  • To comply with legal obligations and regulatory requirements
  • To protect the security and integrity of our systems, services, and data
  • To conduct internal analytics and service improvement

5. Disclosure of Personal Information

Nimble does not sell, rent, or trade personal information to third parties. We may disclose personal information in the following circumstances:

  • To Clients: We provide Clients with access to information processed on their behalf through our Services.
  • To Service Providers: We may engage trusted third-party service providers who assist in delivering our Services (such as email relay providers, cloud infrastructure providers, and security services). These providers are bound by contractual obligations to protect personal information and use it solely for the purposes for which it was disclosed. Where third-party service providers are located outside Canada, personal information may transit through or be processed by infrastructure in other jurisdictions solely for the purpose of service delivery (for example, outbound email relay). In such cases, Nimble ensures that appropriate contractual safeguards are in place, including data processing agreements, encryption in transit, and restrictions on data retention.
  • As Required by Law: We may disclose personal information where required by applicable law, regulation, court order, or governmental request.
  • To Protect Rights and Safety: We may disclose personal information where necessary to protect the rights, safety, or property of Nimble, our Clients, or the public.

6. Data Residency and Sovereignty

Nimble is committed to Canadian data sovereignty. All personal information processed and stored by Nimble at rest resides within Canada, in facilities operated or contracted by Nimble within Canadian jurisdiction. Our data processing facilities are located in Aurora, Ottawa, Winnipeg, and Quebec City.

Nimble does not use foreign-owned public cloud infrastructure for the storage of Client data at rest. Our infrastructure is protected from foreign access laws, including the United States CLOUD Act.

In limited circumstances, personal information may transit through infrastructure located outside Canada solely for the purpose of outbound email delivery when using third-party email relay services. In such cases, email content is not stored at rest outside Canada, transmissions are encrypted in transit using TLS 1.2 or higher, and contractual safeguards are in place to prevent data retention by the third-party provider.

7. Data Security

Nimble maintains comprehensive security controls aligned with ITSG-33 and NIST SP 800-53 frameworks. Our security measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication and role-based access controls
  • Real-time threat monitoring, intrusion detection, and incident response
  • Protected B-level security clearances for all personnel handling sensitive information
  • RCMP background checks and federal reliability security clearances for staff
  • Physical security controls including restricted facility access, surveillance, and RFID-tracked document handling
  • SOC II-audited facilities and processes
  • Regular penetration testing and vulnerability assessments
  • Comprehensive audit logging and activity monitoring

8. Data Retention

Nimble retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law or contractual obligation. Specific retention periods are governed by individual Client service agreements.

When personal information is no longer required, it is securely destroyed using methods appropriate to the sensitivity of the information, including secure digital wiping, degaussing, or physical destruction as applicable.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and user experience. These may include:

  • Essential Cookies: Required for website functionality and cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website so we can improve it.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

10. Your Privacy Rights

Under PIPEDA and applicable provincial legislation, you have the right to:

  • Access the personal information Nimble holds about you
  • Correct inaccurate or incomplete personal information
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

If you are an End User of a service operated by Nimble on behalf of a Client, please direct your privacy requests to the Client in the first instance, as the Client is the controller of your personal information. Nimble will cooperate with the Client to fulfill any such requests.

11. Children’s Privacy

Nimble does not knowingly collect personal information from children under the age of 16 through our website. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

Nimble may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The updated policy will be posted on our website with a revised effective date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or Nimble’s privacy practices, please contact us:

Nimble Information Strategies Inc.
Privacy Officer
Email: privacy@nimble.ca
Website: www.nimble.ca
Phone: Contact us through www.nimble.ca/contact-us