Privacy Policy

Privacy Policy (Personal Information & Data Protection)

Vanguard Creative Platforms Inc.
in relation to the Vanguard digital platform
(including the Pathfinder navigation module)

Last updated: February 15, 2026

1. General Provisions

1.1. What this Policy is

This Privacy Policy (the “Policy”) explains how Vanguard Creative Platforms Inc. (the “Company”, “we”, “us”) collects, uses, stores, discloses, and protects personal information in connection with:

  • the Vanguard web platform (the “Platform”), and
  • the Pathfinder navigation module (including messenger-based interaction where enabled).

This Policy describes:

  • what personal information we process and why;
  • our legal basis/grounds for processing (where applicable);
  • when and how we share data with others (including Event Organizers);
  • how long we keep data;
  • your rights and how to contact us.

This Policy is intended to be read together with our Terms of Service (the “Terms”). If there is a conflict, the Terms govern platform usage and contractual matters, and this Policy governs privacy/data handling.

1.2. Who we are (Controller)

Vanguard Creative Platforms Inc. is the operator of the Vanguard Platform and Pathfinder module and acts as a data controller for Platform-level processing (i.e., the processing needed to run Vanguard/Pathfinder as an ecosystem).

Primary domain: vanguardnetwork.org
Contact email: connect@vanguardnetwork.org
Head office / governing jurisdiction: Ontario, Canada

We may use vetted service providers (e.g., hosting, email delivery, security, analytics) to process data on our behalf under contractual obligations and appropriate safeguards.

1.3. How Organizers fit in (Independent Controllers)

Vanguard is an infrastructure platform for events. Event Organizers define event-specific rules, entry requirements, and any additional consents/checkboxes required for participation.

  • We are the Controller for Platform-level accounts, security logs, core identity, and ecosystem navigation (Pathfinder master-profile features).
  • Organizers are independent Controllers for event-specific processing once they receive participant data.

When does an Organizer receive data?
Typically, when a participant enters an event / submits to a round / uploads a work and accepts the event rules and required checkboxes (including terms that authorize disclosure to the Organizer). At that point, the Platform provides the Organizer access to participant information in the minimum scope necessary to run that event (e.g., selection, judging, communications, issuing confirmations, and other purposes stated in the event rules).

Organizers are responsible for their own privacy notices, legal bases, retention, and compliance for the data they receive.

1.4. Where this Policy applies

This Policy applies to individuals whose personal information we process through Vanguard/Pathfinder, including:

  • platform users and account holders;
  • event participants (including team participation where enabled);
  • event organizers and their representatives;
  • judges/experts granted access within an event;
  • people contacting support or interacting with Platform communications.

Pathfinder may operate through third-party messenger platforms (where available). In those cases, the messenger provider processes certain data under its own policies and jurisdiction; we process the data we receive for Platform purposes as described here.

1.5. Compliance positioning (Canada-first, globally usable)

Our baseline compliance framework is Canada-first, including PIPEDA (and applicable provincial privacy rules). Because the Platform is globally accessible and may be used by individuals in the EU/UK and other regions, we also structure this Policy to align with internationally recognized privacy principles and, where applicable, support **GDPR/UK GDPR-style rights and safeguards.

We do not claim blanket compliance with every regime in every jurisdiction by default. Where specific legal requirements apply due to your location, role, or the nature of an event (e.g., an EU-based Organizer running an EU-targeted event), additional terms, disclosures, or settings may be used.

1.6. Publication and updates

This Policy is published on our website and may be updated as the Platform evolves, legal requirements change, or we adjust operational/security measures.

When changes are material, we aim to provide notice via the Platform interface and/or email and may require re-acknowledgement where appropriate. The “Last updated” date at the top indicates the current version.

1.7. Contact

For privacy questions, requests, or complaints, contact:

Vanguard Creative Platforms Inc.
Email: connect@vanguardnetwork.org

(Additional corporate details and notice addresses are provided in the Terms of Service and apply here by reference.)

2. Key Definitions (short, but precise)

To keep this Policy readable (and still enterprise-grade), we use the terms below:

“Personal Information” / “Personal Data”
Information about an identifiable individual (directly or indirectly), including identifiers, contact details, account data, and activity related to Platform use. (“Personal Information” is the common PIPEDA term; “Personal Data” is commonly used under GDPR/UK GDPR.)

“Sensitive Personal Information”
Information that is inherently more sensitive and requires higher protection (e.g., government IDs, certain financial data, precise location, private communications, special category data under GDPR). We aim to minimize collection of sensitive information unless required for a specific purpose (e.g., organizer verification).

“Processing”
Any operation performed on Personal Information, including collecting, recording, organizing, storing, using, disclosing, transferring, securing, deleting, or destroying it.

“Controller”
The entity that determines the purposes and means of processing.
For Platform-level processing, Vanguard Creative Platforms Inc. is the Controller.

“Processor” / “Service Provider”
A party that processes Personal Information on behalf of the Controller under instructions and contractual safeguards (e.g., hosting, email delivery, security tools).

“Organizer” / “Event Organizer”
A person or organization that creates and runs an event on Vanguard.
When an Organizer receives participant data for event operations, the Organizer acts as an independent Controller for that event data.

“User”
Any individual using Vanguard and/or Pathfinder.

“Participant”
A User who applies, registers, enters an event, submits a work, or participates in a round/duel/team format.

“Judge / Expert”
A User granted access by an Organizer to evaluate works and/or participate in event decisions within the event’s rules and permissions.

“Platform Data”
Personal Information processed to operate Vanguard/Pathfinder as an ecosystem (e.g., account identity, platform security logs, platform settings, master-profile navigation features, system notifications, integrity and anti-abuse controls).

“Event Data”
Personal Information processed in the context of a specific event (e.g., application forms, submissions, scores, rankings, judge comments, event communications, event-specific consents). Event Data may be disclosed to the Organizer under the event’s rules and participant acknowledgements.

“Master Profile” (Pathfinder)
A cross-event profile layer that may include identity signals, onboarding/profiling answers, participation history, achievements/statuses, and navigation preferences.

“Consent / Checkboxes / Acknowledgements”
User actions that confirm agreement to Terms, event rules, and event-specific documents (including disclosures to Organizers). We log these actions with time/date and technical metadata to preserve an audit trail.

“Disclosure”
Making Personal Information available to a specific recipient (e.g., providing the Organizer with participant contact data for an event).
(Separate from “Publication”: making information available to the public, e.g., public event pages, rankings, or portfolios—only when enabled by event settings and a valid basis.)

“De-identification / Anonymization”
Techniques that remove or reduce the ability to link data to a specific person. “Anonymized” data is intended to be non-identifiable; “de-identified” data may still carry residual risk and is protected accordingly.

“Cross-Border Transfer”
Transferring or enabling access to Personal Information across national borders (including when service providers or communication channels operate in other jurisdictions). This may also occur when Users choose to connect via third-party messengers.

“Cookies and Similar Technologies”
Small files or identifiers stored on a device/browser to support login sessions, security, preferences, and (where enabled) analytics.

“Security Logs / Audit Trails”
Technical records used to protect the Platform (e.g., timestamps, IP address, device/browser signals, session tokens, account actions). These are used for security, fraud prevention, incident response, and integrity.

“Automated Processing / AI Tools”
Algorithmic tools used for navigation, structuring, recommendations, and platform integrity signals. We do not use solely automated decision-making that produces legal or similarly significant effects on a User without meaningful human involvement, unless explicitly stated and supported by a lawful basis and appropriate safeguards.

3. Purposes and Legal Grounds for Processing

Vanguard processes Personal Information only for defined, legitimate purposes and only on valid legal grounds under applicable privacy laws (including PIPEDA and, where applicable, GDPR/UK GDPR).

We do not process Personal Information in a manner incompatible with the purposes described below.

3.1 Core Platform Operation (Vanguard + Pathfinder)

Purpose:
To create and maintain User accounts, operate the Platform, enable Pathfinder (Master Profile), and provide secure access to events and ecosystem features.

Examples include:

  • account registration and authentication
  • account management and profile updates
  • maintaining participation history
  • enabling cross-event navigation (Pathfinder)
  • sending system notifications
  • platform security and integrity controls

Legal grounds may include:

  • performance of a contract (Terms of Service)
  • legitimate interests (platform integrity, security, fraud prevention)
  • consent (where required)

3.2 Event Participation and Round-Based Submissions

Purpose:
To allow Users to apply to events, participate in rounds, submit works, and interact within structured event formats.

This includes:

  • collecting application data
  • receiving submissions (text, media, files)
  • managing scores, rankings, and statuses
  • facilitating communication related to the event
  • logging participant acknowledgements and checkboxes

When a Participant:

  • accepts event rules,
  • confirms required disclosures, and
  • submits a work or enters a round,

the Platform may disclose relevant Event Data to the Organizer for the purposes defined in the event documentation.

Legal grounds may include:

  • performance of a contract (event participation)
  • consent (where event-specific disclosures are required)
  • legitimate interests (event integrity, anti-abuse controls)

3.3 Disclosure to Organizers (Independent Controllers)

Purpose:
To provide Organizers with the Personal Information necessary to operate their specific event (e.g., evaluation, communication, awarding, recruitment, certification).

Disclosure occurs:

  • only within the scope of a specific event,
  • only in the volume necessary for that event’s operation,
  • only after the Participant has accepted the event’s rules and related documents (as configured by the Organizer).

From the moment the Organizer receives Personal Information for event purposes, the Organizer acts as an independent Controller for that data.

Legal grounds may include:

  • contract (event participation)
  • consent (event-specific checkboxes)
  • legitimate interests (where applicable and lawful)

3.4 Organizer Verification (KYC / Integrity Controls)

Purpose:
To verify Organizer identity, authority, and compliance before allowing event publication and participant access.

This may include:

  • reviewing corporate or representative information
  • validating authority to host an event
  • fraud prevention measures
  • internal integrity checks

Legal grounds may include:

  • legitimate interests (risk management, anti-fraud, ecosystem integrity)
  • legal compliance (where required)

3.5 Platform Security and Abuse Prevention

Purpose:
To protect the Platform, Users, and events from misuse, fraud, unauthorized access, and malicious activity.

This may involve:

  • monitoring technical logs
  • detecting abnormal behavior
  • restricting or suspending accounts
  • investigating reported violations

Legal grounds:

  • legitimate interests (security and fraud prevention)
  • legal compliance (where applicable)

3.6 Communications

Service Communications:
System notices, event updates, status alerts, account-related messages.

Legal grounds:

  • contract
  • legitimate interests

Marketing Communications (if enabled):
Newsletters or promotional messages.

Legal grounds:

  • consent (where required by law)
    Users may opt out at any time.

3.7 Pathfinder Navigation and Algorithmic Structuring

Purpose:
To structure participation history, suggest navigation paths, track achievements, and improve ecosystem usability.

This may involve algorithmic tools for:

  • content structuring
  • participation analytics
  • recommendations
  • event discovery

We do not rely solely on automated decision-making that produces legal or similarly significant effects without human involvement.

Legal grounds:

  • contract (platform functionality)
  • legitimate interests (usability and service improvement)

3.8 Legal Compliance and Dispute Management

Purpose:
To comply with legal obligations and to establish, exercise, or defend legal claims.

Legal grounds:

  • legal obligation
  • legitimate interests

3.9 No Sale of Personal Information

Vanguard does not sell Personal Information and does not use it for unrelated third-party advertising marketplaces.

4. Categories of Personal Information We Collect

We collect and process Personal Information only to the extent necessary for the purposes described in Section 3. The exact categories may vary depending on how you use Vanguard and Pathfinder (e.g., Participant, Organizer, Judge).

For clarity, we distinguish between Platform Data and Event Data.

4.1 Identity and Account Information (Platform Data)

Collected when you create or maintain an account:

  • email address
  • username / display name / alias
  • password (stored in encrypted form)
  • country / region / time zone (if provided)
  • linked account identifiers (e.g., messenger ID if Pathfinder is connected)
  • account status and authentication records

We rely on information provided by you and expect it to be accurate.

4.2 Profile and Master Profile Information (Pathfinder)

If you complete onboarding, profile questions, or Pathfinder navigation flows, we may process:

  • professional or creative background
  • skills and areas of interest
  • participation history
  • achievements, statuses, progression data
  • responses to structured questionnaires

This forms part of your Master Profile, which connects your cross-event trajectory.

4.3 Event Application and Participation Data (Event Data)

When you apply to or participate in an event, we may process:

  • event application forms
  • answers to Organizer-defined questions
  • uploaded documents or portfolios
  • team membership information (if applicable)
  • round participation status
  • timestamps of submissions
  • acceptance of event rules and acknowledgements

We log acceptance of event documents (including checkboxes) with date/time and technical metadata.

4.4 User-Generated Content and Submissions

When you submit work to an event, you may upload:

  • text
  • images
  • audio
  • video
  • code
  • presentations
  • other digital files

We also process related metadata (e.g., upload time, file type, file size, submission status).

You are responsible for ensuring that you have the right to upload content and that you do not unlawfully include third-party Personal Information without appropriate legal basis.

4.5 Organizer and Representative Information

If you act as an Organizer (or representative of one), we may process:

  • full name
  • role / title
  • contact details
  • company or entity name
  • corporate registration details (if applicable)
  • verification documents (if required for integrity checks)

This data is used for verification, compliance, and event administration.

4.6 Judge / Expert Information

If you serve as a Judge or Expert, we may process:

  • identity and contact details
  • professional credentials (if provided)
  • evaluation activity records
  • scoring and commentary logs

Access to participant data is limited to event scope and permissions.

4.7 Technical and Usage Data (Security & Integrity)

When you use Vanguard, we may automatically collect:

  • IP address
  • device type and browser information
  • operating system
  • session identifiers
  • timestamps of activity
  • security logs and audit records

This data supports authentication, fraud prevention, system integrity, and troubleshooting.

4.8 Communications Data

If you communicate through Pathfinder or contact support, we may process:

  • messages sent through platform channels
  • system notification logs
  • support requests and related correspondence

4.9 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • maintain login sessions
  • enhance security
  • store preferences
  • support analytics (where enabled)

Additional details may be provided in a separate Cookie Notice (if implemented).

4.10 Sensitive Personal Information

We do not intentionally collect special category data (e.g., racial origin, political opinions, religious beliefs, health data) unless:

  • you voluntarily include it in submissions or free-text fields; or
  • it is required for a specific lawful purpose (e.g., Organizer verification).

If such data is processed, it will be handled with heightened protection and only under an appropriate legal basis.

4.11 Information We Do Not Collect

We do not intentionally collect:

  • children’s data (the Platform is 18+ by default unless explicitly configured otherwise);
  • financial card details (processed directly by payment providers, where applicable);
  • data for resale to data brokers.

5. How We Share and Disclose Personal Information

We disclose Personal Information only when necessary for the purposes described in this Policy and only under appropriate legal safeguards.

We do not sell Personal Information.

5.1 Disclosure to Event Organizers (Independent Controllers)

When you participate in an event, submit a work, or enter a round:

  • you accept the event rules and required disclosures configured by the Organizer;
  • you confirm participation via the Platform interface (including required checkboxes);
  • the Platform logs your acceptance (date/time and technical metadata).

Following this, Vanguard may disclose relevant Event Data to the Organizer strictly for the purposes of conducting that specific event.

This may include:

  • contact details
  • application responses
  • submissions and related metadata
  • participation status
  • scoring history (where relevant)

From the moment the Organizer receives Personal Information for event purposes, the Organizer acts as an independent Controller for that data.

The Organizer is responsible for:

  • its own privacy documentation;
  • its own legal basis for further processing;
  • compliance with applicable data protection laws.

Vanguard is not responsible for processing carried out by the Organizer after disclosure.

5.2 Service Providers (Processors)

We may share Personal Information with trusted service providers who process data on our behalf under contractual safeguards, including:

  • hosting providers
  • cloud infrastructure services
  • email delivery services
  • security and monitoring tools
  • analytics providers (where enabled)
  • customer support tools

These providers:

  • act only on our documented instructions;
  • are bound by confidentiality and data protection obligations;
  • are required to implement appropriate technical and organizational safeguards.

5.3 Cross-Border Data Transfers

Vanguard operates from Canada and serves a global audience.

Personal Information may be processed or accessed in jurisdictions outside your country of residence, including by service providers or through selected communication channels.

Where applicable (e.g., under GDPR/UK GDPR), we rely on appropriate safeguards, which may include:

  • contractual protections;
  • standard data protection clauses;
  • assessment of adequacy decisions;
  • technical and organizational measures.

By using global infrastructure and optional third-party integrations, you acknowledge that cross-border processing may occur.

5.4 Messenger and Third-Party Communication Platforms (Pathfinder)

If you connect Pathfinder to a third-party messenger or communication platform:

  • your interaction with that service is governed by that service’s own privacy policy;
  • that provider processes your information independently;
  • Vanguard processes only the data made available to us through the integration.

Choosing to connect such services is voluntary and considered an intentional selection of that communication channel.

5.5 Legal and Regulatory Disclosures

We may disclose Personal Information where required to:

  • comply with legal obligations;
  • respond to lawful requests from courts or authorities;
  • protect rights, safety, and property of Vanguard, Users, or third parties;
  • investigate fraud, abuse, or violations of Terms.

5.6 Business Transactions

If Vanguard undergoes a merger, acquisition, restructuring, or asset transfer, Personal Information may be transferred as part of that transaction, subject to applicable legal safeguards.

Users will be informed where required by law.

5.7 Public Display (Publication)

Certain event-related information may be displayed publicly when:

  • the event configuration enables public visibility;
  • such display is consistent with event rules;
  • a valid legal basis exists (e.g., contract, consent, legitimate interest).

Examples may include:

  • public rankings;
  • winner announcements;
  • user-chosen public profile elements;
  • publicly submitted works.

5.8 No Sale of Personal Information

We do not sell Personal Information and do not participate in third-party advertising data marketplaces.

We do not disclose Personal Information for unrelated third-party commercial exploitation.

6. Data Retention and Deletion

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Retention depends on the nature of the data, the context in which it was collected, and applicable legal obligations.

6.1 Account Data

Personal Information associated with your account (e.g., identity, profile, participation history) is retained:

  • for as long as your account remains active;
  • and for a reasonable period thereafter if required for security, fraud prevention, dispute resolution, or legal compliance.

If you delete your account, we will delete or de-identify your Personal Information, subject to the limitations described below.

6.2 Event Data and Archives

Event-related information (applications, submissions, results, rankings, participation history) may remain part of the Platform’s structured event archive while:

  • your account remains active;
  • the event remains part of the ecosystem history;
  • there is no valid request requiring deletion;
  • retention serves legitimate ecosystem integrity purposes.

If you delete your account:

  • identifiable Personal Information may be removed or de-identified;
  • certain structural event records (e.g., anonymized ranking positions, aggregate statistics) may be retained in non-identifiable form.

Where Event Data has already been disclosed to an Organizer, the Organizer is independently responsible for its retention and deletion policies.

6.3 Security Logs and Audit Trails

Security logs and technical audit records may be retained for a limited period necessary to:

  • maintain platform security;
  • detect and prevent abuse;
  • investigate incidents;
  • comply with legal obligations.

Retention periods for such logs are limited and proportionate to security needs.

6.4 Legal and Regulatory Retention

We may retain Personal Information longer where required to:

  • comply with legal or tax obligations;
  • respond to lawful authority requests;
  • establish, exercise, or defend legal claims;
  • enforce our Terms.

Such data is retained only for the duration required under applicable law or for legitimate legal purposes.

6.5 Deletion Requests

You may request deletion of your Personal Information, subject to:

  • identity verification;
  • applicable legal exceptions;
  • technical feasibility;
  • legitimate interests such as fraud prevention or dispute defense.

If deletion is approved:

  • Personal Information will be removed from active systems within a reasonable timeframe;
  • residual copies in secure backups may persist temporarily until routine backup rotation cycles complete;
  • de-identified data may be retained.

6.6 De-Identification and Anonymization

Where possible, instead of full deletion, we may:

  • de-identify data;
  • aggregate data;
  • remove direct identifiers while preserving ecosystem structure.

De-identified data is not used to re-identify individuals.

6.7 Account Inactivity

We may implement inactivity policies (e.g., after extended periods without login) and may notify Users prior to deactivation or deletion.

7. Your Rights Under Applicable Law

Depending on your location, you may have certain rights regarding your Personal Information under applicable data protection laws, including Canada’s PIPEDA and, where applicable, GDPR/UK GDPR.

Vanguard respects these rights and provides mechanisms to exercise them.

7.1 Right of Access

You may request confirmation of whether we process your Personal Information and request access to:

  • the categories of data processed;
  • the purposes of processing;
  • the sources (where applicable);
  • the categories of recipients;
  • retention logic.

We may verify your identity before responding.

7.2 Right to Rectification

You may request correction of inaccurate or incomplete Personal Information.

Where possible, you may update your profile directly within your account.

7.3 Right to Deletion (Erasure)

You may request deletion of your Personal Information, subject to:

  • legal retention obligations;
  • legitimate security or fraud prevention needs;
  • defense of legal claims;
  • data already disclosed to Organizers (who act as independent Controllers).

Where deletion is not possible, we may restrict processing or de-identify data instead.

7.4 Right to Restrict Processing

You may request restriction of processing in circumstances permitted by law, including:

  • contesting accuracy;
  • alleging unlawful processing;
  • pending objection review.

During restriction, data may be stored but not actively processed (except where legally required).

7.5 Right to Data Portability (GDPR/UK GDPR, where applicable)

Where processing is based on contract or consent and carried out by automated means, you may request:

  • a structured, commonly used, machine-readable copy of your Personal Information;
  • direct transmission to another controller, where technically feasible.

This right applies only to data you have provided and that is processed on the relevant legal basis.

7.6 Right to Object

You may object to processing based on legitimate interests, including profiling.

We will assess the objection and cease processing unless:

  • compelling legitimate grounds override your interests; or
  • processing is required for legal claims.

You may object at any time to marketing communications.

7.7 Rights Related to Automated Processing

We do not use solely automated decision-making that produces legal or similarly significant effects without human involvement.

If you believe automated processing affects you significantly, you may request:

  • clarification;
  • human review (where applicable).

7.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

Withdrawal does not affect the lawfulness of processing prior to withdrawal.

If consent is required for certain Platform features, withdrawal may limit access to those features.

7.9 Complaints

If you believe your rights have been violated, you may:

  • contact us directly (preferred);
  • file a complaint with the appropriate supervisory authority.

For Canada:
Office of the Privacy Commissioner of Canada (OPC)

For the EU/UK (where applicable):
Your local Data Protection Authority.

7.10 Requests Involving Organizers

If your request relates to Personal Information processed by an Organizer after disclosure:

  • you may need to contact the Organizer directly;
  • we may assist by identifying the relevant Organizer, where feasible.

Organizers act as independent Controllers for event-level data they receive.

7.11 How to Submit a Request

You may submit privacy-related requests via:

  • email: connect@vanguardnetwork.org
  • your account interface (where enabled)

We may request additional information to verify identity before fulfilling a request.

We respond within legally required timeframes (generally up to 30 days, subject to lawful extensions where permitted).

8. Security Measures

Vanguard implements appropriate technical and organizational measures to protect Personal Information against unauthorized access, disclosure, alteration, destruction, or loss.

Security measures are designed in proportion to:

  • the nature of the data;
  • the risks involved;
  • the scale of processing;
  • applicable legal requirements.

8.1 Organizational Measures

We implement internal controls including:

  • role-based access limitations;
  • least-privilege principles;
  • internal confidentiality obligations;
  • access logging and monitoring;
  • controlled onboarding of personnel and contractors;
  • documented internal procedures for handling Personal Information.

Access to Personal Information is limited to individuals who require it to perform their duties.

8.2 Technical Safeguards

We use technical protections that may include:

  • encryption (in transit and/or at rest, where appropriate);
  • secure authentication mechanisms;
  • firewall and network protection systems;
  • intrusion detection and monitoring;
  • security logging and audit trails;
  • backup and recovery procedures.

Specific configurations and internal security architecture details are not publicly disclosed.

8.3 Processor and Vendor Security

Service providers who process Personal Information on our behalf are required to:

  • maintain appropriate safeguards;
  • process data only under contractual instructions;
  • implement confidentiality and security measures.

We assess vendors based on risk and relevance to Personal Information processing.

8.4 Incident Response

In the event of a confirmed data breach involving Personal Information:

  • we assess the scope and impact;
  • we take containment and mitigation measures;
  • we notify affected individuals and/or authorities where required by law.

We maintain internal processes for incident detection, escalation, and documentation.

8.5 User Responsibility

Users are responsible for:

  • maintaining the confidentiality of their account credentials;
  • using secure devices and updated software;
  • not sharing authentication tokens or passwords;
  • logging out from shared devices.

8.6 Limitations

While we apply appropriate safeguards, no digital system can guarantee absolute security.

We continuously evaluate and improve our security practices in light of evolving risks and technologies.

9. International Users and Cross-Border Compliance

Vanguard is operated from Canada and serves a global, English-speaking audience, including users from the United States, the European Union, the United Kingdom, Australia, and other jurisdictions.

By using the Platform, you acknowledge that your Personal Information may be processed in Canada and, where necessary, in other jurisdictions as described in this Policy.

9.1 Canada (PIPEDA Framework)

As a Canadian federal corporation, Vanguard processes Personal Information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Under PIPEDA:

  • we are accountable for Personal Information under our control;
  • we implement appropriate safeguards;
  • we provide access and correction rights;
  • we limit collection and use to identified purposes.

9.2 European Union and United Kingdom (GDPR / UK GDPR)

If you are located in the EU or UK:

  • Vanguard acts as a Data Controller for Platform-level processing;
  • you may exercise GDPR rights as described in Section 7;
  • cross-border transfers are subject to appropriate safeguards where required;
  • we do not engage in solely automated decision-making producing legal or similarly significant effects without human involvement.

Where necessary, we rely on:

  • contractual safeguards;
  • standard data protection clauses;
  • adequacy decisions;
  • additional technical and organizational protections.

9.3 United States (Including California)

Vanguard does not sell Personal Information and does not share it for cross-context behavioral advertising.

For users located in the United States:

  • we process Personal Information primarily under contractual necessity and legitimate business purposes;
  • we apply security safeguards consistent with industry standards;
  • we do not discriminate against users for exercising privacy rights.

For residents of California (including under the California Consumer Privacy Act, as amended by CPRA):

  • you have the right to request access to categories and specific pieces of Personal Information collected;
  • you have the right to request deletion (subject to statutory exceptions);
  • you have the right to correct inaccurate Personal Information;
  • you have the right to know whether data is sold or shared (Vanguard does not sell Personal Information);
  • you have the right to non-discrimination for exercising privacy rights.

Requests may be submitted as described in Section 7.

9.4 Voluntary Global Participation

Vanguard allows international participation in events.

Where an Organizer operates in a different jurisdiction:

  • the Organizer is independently responsible for compliance with applicable local privacy laws;
  • Participants may be subject to additional disclosures defined by the Organizer within event-specific documentation.

9.5 Conflict of Laws

Where local law provides stronger protections than this Policy, we will comply with applicable mandatory legal requirements.

10. Updates to This Privacy Policy and Contact Information

10.1 Policy Updates

This Privacy Policy may be updated from time to time to reflect:

  • changes in legal requirements;
  • changes in Platform functionality;
  • security improvements;
  • operational or structural updates within the Vanguard ecosystem.

The updated version becomes effective upon publication on the official Vanguard website, unless otherwise stated.

Where required by applicable law, we will provide appropriate notice of material changes.

The “Last Updated” date at the top of this document reflects the most recent revision.

10.2 Relationship with Terms of Service

This Privacy Policy supplements and forms part of the broader legal framework governing use of the Platform, including the Terms of Service.

In the event of inconsistency between this Privacy Policy and event-specific documentation configured by an Organizer, the event documentation governs the processing carried out by the Organizer in its role as an independent Controller.

10.3 Contact Information

If you have questions regarding this Privacy Policy or wish to exercise your rights, you may contact:

Vanguard Creative Platforms Inc.
Toronto, Ontario, Canada
Email: connect@vanguardnetwork.org
Website: https://vanguardnetwork.org

We will respond within the timeframes required by applicable law.