Privacy Policy

Privacy Policy (Personal Information & Data Protection)

Vanguard Creative Platforms Inc.
in relation to the Vanguard digital platform
(including the Pathfinder navigation module)

Last updated: April 30, 2026

1. General Provisions

1.1. Purpose of the Policy

This Privacy Policy (the “Policy”) explains how Vanguard Creative Platforms Inc. (the “Company,” “we,” “us”) collects, uses, stores, discloses, and protects personal information in connection with:

  • the Vanguard web platform (the “Platform”), and
  • the Pathfinder navigation module, including messenger-based interaction where enabled (collectively, the “Services”)

This Policy applies to personal information collected from individuals who interact with our Services, including users, visitors, event attendees, partners, and event organizers.

This Policy describes:

  • what Personal Information we collect and why;
  • how we use and share that information;
  • how and when personal information may be shared with third parties, including Event Organizers and service providers;
  • how long personal information is retained;
  • how personal information may be transferred, stored, or processed across jurisdictions; and
  • the rights available to individuals regarding their personal information and how to contact us.

Vanguard is headquartered in Canada and operates internationally. As a result, personal information may be processed or stored in jurisdictions outside an individual’s place of residence. Where applicable, we process personal information in accordance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.

This Policy should be read together with our Terms of Service (the “Terms”). In the event of a conflict between the Terms and this Policy, the Terms govern platform access and contractual use of the Services, while this Policy governs the collection, use, and protection of Personal Information. Each applies within its respective scope.

1.2. About Vanguard (Data Controller)

Vanguard Creative Platforms Inc. operates the Vanguard Platform and Pathfinder module. When you use these services, Vanguard is responsible for how certain personal information is collected and used to run and maintain the Platform. In these cases, Vanguard acts as the data controller, meaning we determine how and why this information is processed to operate the Vanguard ecosystem.

  • Primary domain: vanguardnetwork.org
  • Contact email: connect@vanguardnetwork.org
  • Head office / governing jurisdiction: Ontario, Canada

To help provide and maintain our services, we may use trusted third-party providers (such as hosting, email delivery, security, and analytics services). These providers may process data on our behalf, but only under contractual agreements that require them to protect your information and follow appropriate security and privacy safeguards.

1.3. Event Organizers as Independent Data Controllers

Vanguard provides the infrastructure that powers events on the Platform. However, the organizations or individuals running those events (“Event Organizers”) may define their own event rules, participation requirements, and any additional consent checkboxes required to enter or participate.

Vanguard acts as the data controller for platform-level services, including:

  • - user accounts;
  • - core identity information;
  • - platform security logs; and
  • - general navigation across the Vanguard ecosystem, including Pathfinder master-profile features.

Event Organizers act as independent data controllers for participant information they receive in connection with their events.

Where Vanguard Creative Platforms Inc. is itself identified as the Organizer of a specific event, Vanguard handles event-specific Personal Information in its Organizer capacity as well as its platform-operator capacity. In that case, references to disclosure or access by an Event Organizer mean role-based use by Vanguard for the event purposes described in the applicable Event Terms, Event Materials, this Policy, and any Event-specific privacy notice.

When do Organizers receive participant data?

An Event Organizer typically receives participant information when a participant submits an entry to an event, uploads a work, enters a competition round, or otherwise participates and accepts the event rules and required consent checkboxes. The Platform provides the Organizer with access to the minimum information necessary to run the event, such as:

  • - reviewing submissions;
  • - judging entries;
  • - communicating with participants;
  • - issuing confirmations; and
  • - carrying out other activities described in the event’s rules.

Once an Organizer receives participant data, they are responsible for how that data is used, including:

  • - maintaining their own privacy notices;
  • - establishing an appropriate legal basis for processing;
  • - determining data retention periods; and
  • - complying with applicable privacy and data protection laws.

While Organizers manage the operational use of this event data, Vanguard remains accountable under applicable privacy laws for ensuring that appropriate safeguards are in place. This includes:

- providing guidance and documentation to Organizers regarding privacy responsibilities;

- establishing contractual agreements or other enforceable mechanisms to require Organizers to protect personal information; and

- facilitating Users’ ability to exercise rights related to their Personal Information wherever feasible.

Participants should understand that while Organizers control the day-to-day use of event-specific data, Vanguard retains oversight responsibilities to ensure that personal information is processed lawfully and securely.

1.4. Scope and Applicability

This Policy applies to individuals whose personal information is processed by Vanguard in connection with the Services, including:

  • platform users and account holders;
  • event participants (including team participation where enabled);
  • Event Organizers and their representatives;
  • judges, reviewers, or experts granted access within an event; and
  • individuals who contact us or interact with Platform communications.

This Policy applies only to personal information processed by Vanguard as part of operating the Platform and Pathfinder.

Pathfinder features may, in some cases, operate through or integrate with third-party messaging or communication platforms. Where this occurs, those third-party providers process certain information under their own terms, privacy policies, and legal jurisdictions. Vanguard is responsible only for the personal information it receives and processes for Platform-related purposes, as described in this Policy.

2. Key Definitions

To keep this Policy readable (and still enterprise-grade), we use the terms below:

  • Personal Information / Personal Data: Information about an identifiable individual (directly or indirectly), including identifiers, contact details, account data, and activity related to Platform use. (“Personal Information” is the common PIPEDA term; “Personal Data” is commonly used under GDPR/UK GDPR.)
  • Sensitive Personal Information: Information that is inherently more sensitive and requires higher protection (e.g., government IDs, certain financial data, precise location, private communications, special category data under GDPR). Collection is minimized unless required for a specific purpose (e.g., organizer verification).
  • Processing: Any action taken with Personal Information, such as collecting, storing, using, sharing, or deleting it.
  • Controller: The entity that determines the purposes and means of processing. For Platform-level processing, Vanguard Creative Platforms Inc. is the Controller.
  • Processor / Service Provider: A party that processes Personal Information on behalf of the Controller under instructions and contractual safeguards (e.g., hosting, email delivery, security tools).
  • Organizer / Event Organizer: A person or organization that creates and runs an event on Vanguard. When an Organizer receives participant data, they act as an independent Controller for that event data.
  • User: Any individual using Vanguard and/or Pathfinder.
  • Participant: A User who applies, registers, enters an event, submits a work, or participates in a round/duel/team format.
  • Judge / Expert: A User granted access by an Organizer to evaluate works or participate in event decisions within the event’s rules and permissions.
  • Platform Data: Personal Information processed to operate Vanguard/Pathfinder as an ecosystem (e.g., account identity, platform security logs, platform settings, master-profile navigation features, system notifications, integrity and anti-abuse controls).
  • Event Data: Personal Information processed in the context of a specific event (e.g., application forms, submissions, scores, rankings, judge comments, event communications, event-specific consents). Event Data may be disclosed to the Organizer under the event’s rules and participant acknowledgements.
  • Master Profile (Pathfinder): A cross-event profile layer that may include identity signals, onboarding/profiling answers, participation history, achievements/statuses, and navigation preferences.
  • Consent / Checkboxes / Acknowledgements: User actions that confirm agreement to Terms, event rules, and event-specific documents. Logged with time/date and technical metadata for audit purposes.
  • Disclosure: Making Personal Information available to a specific recipient (e.g., providing the Organizer with participant contact data for an event).
  • De-identification / Anonymization: Techniques that remove or reduce the ability to link data to a specific person. “Anonymized” data is intended to be non-identifiable; “de-identified” data may still carry residual risk.
  • Cross-Border Transfer: Transferring or enabling access to Personal Information across national borders (including when service providers or communication channels operate in other jurisdictions).
  • Cookies and Similar Technologies: Small files or identifiers stored on a device/browser to support login sessions, security, preferences, and analytics (where enabled).
  • Security Logs / Audit Trails: Technical records used to protect the Platform (e.g., timestamps, IP address, device/browser signals, session tokens, account actions).
  • Automated Processing / AI Tools: Algorithmic tools used for navigation, structuring, recommendations, and platform integrity signals. We do not use solely automated decision-making that produces legal or similarly significant effects on a User without meaningful human involvement, unless explicitly stated and legally permitted.

3. Compliance and Governance

3.1. Compliance Positioning (Canada-First, Globally Usable)

Vanguard’s privacy framework is built on a Canada-first foundation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. This means our core data practices are designed to meet Canadian legal requirements as a baseline.

As a global entertainment and media company, Vanguard’s platforms, productions, and digital experiences may be accessed by individuals in other regions, including the European Union and the United Kingdom. To support this, we structure this Privacy Policy in line with internationally recognized privacy principles and, where applicable, align with key rights and safeguards established under the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018 (United Kingdom).

Privacy laws vary by region, and not all requirements apply in the same way to every user or activity on the Platform. Legal requirements vary by jurisdiction and context. Vanguard applies applicable legal requirements based on factors such as user location, event scope, service configuration, user role (for example, as a creator, event organizer, or participant), or the nature and audience of a particular production, event, or service (for example, an EU-targeted event).

Where such requirements apply, Vanguard may implement additional measures to address them. These may include supplemental terms, localized disclosures, configurable privacy settings, or operational and technical controls designed to meet jurisdiction-specific obligations.

We also take into account other major privacy frameworks that may apply depending on where our services are offered or accessed, including United States laws such as the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), as well as other applicable U.S. state privacy laws, and comparable data protection laws in other jurisdictions.

Across all regions, our approach is guided by common privacy principles shared across these frameworks, including transparency (being clear about how we use data), accountability, data minimization (collecting only what is necessary), and providing individuals with meaningful access to and control over their personal information. Where required, Vanguard supplements these principles with additional safeguards, such as enhanced consent mechanisms, data subject rights processes, contractual protections, and region-specific data handling practices.

3.2. Publication and Updates

This Policy is published on our website and may be updated as the Platform evolves, legal requirements change, or we adjust operational or security measures. When changes are material, we aim to provide notice via the Platform interface and/or email and may require re-acknowledgement where appropriate.

The “Last updated” date at the top of this Policy indicates the current version and serves as the reference point for determining which provisions are in effect.

3.3. Contact and Privacy Officer

If you have questions about this Privacy Policy or Vanguard’s data practices, or if you would like to make a request or complaint regarding your personal information, you may contact Vanguard’s designated Privacy Officer:

Privacy Officer
Kirill Kasatskiy
Vanguard Creative Platforms Inc.
Email: connect@vanguardnetwork.org

The Privacy Officer is responsible for overseeing Vanguard’s compliance with applicable privacy laws, including PIPEDA, and for responding to inquiries, access requests, and complaints.

This role also serves as the primary contact for data protection matters, including inquiries related to international data protection frameworks where applicable.

Additional corporate details and notice addresses are provided in the Terms of Service and apply here by reference

3.4. Accountability for Personal Information

Vanguard remains responsible for Personal Information under its control, including Personal Information that is transferred to third-party service providers for processing.

We require such providers to process Personal Information only on our behalf and in accordance with contractual obligations that include appropriate confidentiality, security, and data protection safeguards, consistent with applicable law.

4. Purposes and Legal Grounds for Processing

Vanguard processes Personal Information only for clear, legitimate purposes and in accordance with applicable legal requirements.

We do not process Personal Information in a manner incompatible with the purposes described below. Where we rely on legitimate interests as a legal basis, we ensure that such interests are not overridden by the fundamental rights and freedoms of the individual.

4.1 Core Platform Operation (Vanguard + Pathfinder)

Purpose:
To create and maintain User accounts, operate the Platform, enable Pathfinder (Master Profile), and provide secure access to events and ecosystem features.

Examples include:

  • account registration and authentication
  • account management and profile updates
  • maintaining participation history
  • enabling cross-event navigation (Pathfinder)
  • sending system notifications
  • platform security and integrity controls
  • processing and storing submitted content (e.g., videos, scores, works) in accordance with the applicable content license

Legal grounds may include:

  • Performance of a contract: Includes obligations under the Terms of Service and any applicable content license (including where acceptance of a Content and Media License is required for participation in submissions, events, or promotional activities) governing submissions, uploads, or other user-generated works. This ensures lawful processing of content that users submit to the Platform.
  • Legitimate interests: Platform integrity, security, fraud prevention, and ensuring continuity of service.
  • Consent (where required): For optional features, marketing communications, or processing outside the scope of the Terms of Service or license.

Notes for clarity:

  • Retention and use of submitted content (including past videos and scores) is justified under the content license even if the user withdraws consent for optional features going forward.
  • This approach ensures that user-generated content is legally covered while maintaining transparency about which processing relies on contract, legitimate interests, or consent.

4.2 Event Participation and Round-Based Submissions

Purpose:

To allow Users to apply to events, participate in rounds, submit works, and interact within structured event formats.

This includes:

  • Collecting application data;
  • Receiving submissions, including text, media, files, links, and related materials;
  • Managing scores, rankings, and statuses;
  • Facilitating communication related to the event; and
  • Logging participant acknowledgements, checkboxes, timestamps, and related acceptance records.

When a Participant:

  • Accepts event rules;
  • confirms required disclosures; and
  • Submits a work or enters a round, the Platform may disclose relevant Event Data to the Organizer for the purposes defined in the event documentation.

Where Vanguard Creative Platforms Inc. is itself the Organizer of the event, this may involve Vanguard using Event Data internally across authorized platform and event-operation roles, rather than disclosing the data to a separate third-party Organizer.

Legal grounds may include:

  • Performance of a contract – where processing is necessary to allow participation in an event and to administer submissions, rounds, scoring, and event outcomes.
  • Consent – where participants provide specific agreement to disclosures or processing defined in event documentation, for example, public display of submissions or optional communications.
  • Legitimate interests – including maintaining event integrity, preventing abuse or fraud, administering fair competition, and ensuring the proper operation of event mechanics.

4.3 Disclosure to Organizers (Independent Controllers)

Purpose:
To provide Organizers with the Personal Information necessary to operate their specific event, such as evaluation, communication, awarding, recruitment, certification, or other event purposes described in the applicable event documentation.

Disclosure occurs:

  • Only within the scope of a specific event;
  • Only in the volume necessary for that event’s operation; and
  • Only after the Participant has accepted the event’s rules and related documents, as configured by the Organizer.

From the moment an Organizer receives Personal Information for event purposes, the Organizer acts as an independent Controller for that data.

Where Vanguard Creative Platforms Inc. is itself identified as the Organizer of a specific event, references in this Section to disclosure to an Organizer mean access to and use of Event Data by Vanguard in its Organizer capacity for that specific event, subject to the purposes, limits, safeguards, and notices described in the applicable Event Terms, Event Materials, this Policy, and any Event-specific privacy notice.

Legal grounds may include:

  • Contract, including event participation;
  • Consent, including event-specific checkboxes; and
  • Legitimate interests, where applicable and lawful.

Organizers do not receive rights to use Participant Content for promotional or commercial purposes beyond the scope defined in event documentation and applicable licenses.

4.4 Organizer Verification (KYC / Integrity Controls)

Purpose:
To verify Organizer identity, authority, and compliance before allowing event publication and participant access.

This may include:

  • reviewing corporate or representative information
  • validating authority to host an event
  • fraud prevention measures
  • internal integrity checks

Legal grounds may include:

  • legitimate interests (risk management, anti-fraud, ecosystem integrity)
  • legal compliance (where required)

4.5 Platform Security and Abuse Prevention

Purpose:
To protect the Platform, Users, and events from misuse, fraud, unauthorized access, and malicious activity.

This may involve:

  • monitoring technical logs
  • detecting abnormal behavior
  • restricting or suspending accounts
  • investigating reported violations

Legal grounds:

  • legitimate interests (security and fraud prevention)
  • legal compliance (where applicable)

4.6 Communications

Purpose:
To send Users communications related to the operation, administration, security, and use of the Services, and, where enabled and permitted by law, marketing or promotional communications.

Service, Account, Security, Transactional, Event-Related, and Platform-Related Communications:
Vanguard may send communications that are reasonably necessary to operate the Services, administer User accounts, provide Event functionality, process acceptances, deliver notices, maintain security, provide support, or support participation in the Vanguard ecosystem.

These communications may include:
· registration and sign-in verification messages;
· account, security, and service notices;
· Event application, round, submission, judging, result, prize, or deadline updates;
· Platform and Pathfinder status alerts;
· support responses and administrative notices; and
· legal, policy, or document-update notices.

Legal grounds may include:
· performance of a contract;
· legitimate interests, including service operation, security, fraud prevention, support, and Event administration; and
· legal compliance, where applicable.

Marketing, Promotional, Newsletter, Partner, Showcase, or Opportunity-Related Communications:
Where enabled, Vanguard may send marketing, promotional, newsletter, partner, showcase, or opportunity-related electronic messages only where permitted by applicable law, including where any required consent has been obtained.

Such messages will identify the sender and include a functioning unsubscribe mechanism where required by applicable law.

Users may unsubscribe from marketing or promotional electronic messages at any time. Unsubscribing from marketing communications does not prevent Vanguard from sending non-marketing service, account, security, legal, transactional, Event-related, or Platform-operation messages that are reasonably necessary for the use of the Services.

Legal grounds may include:
· consent, where required by law;
· legitimate interests, where permitted by law; and
· compliance with applicable anti-spam, privacy, and communications laws.

4.7 Pathfinder Navigation and Algorithmic Structuring

Purpose:
To structure participation history, suggest navigation paths, track achievements, and improve ecosystem usability.

This may involve algorithmic tools for:

  • content structuring
  • participation analytics
  • recommendations
  • event discovery

We do not rely solely on automated decision-making that produces legal or similarly significant effects without human involvement. Use of AI tools for formatting or presentation of content is governed by applicable content licenses and does not involve independent decision-making about individuals.

Legal grounds:

  • contract (platform functionality)
  • legitimate interests (usability and service improvement)

4.8 Legal Compliance and Dispute Management

Purpose:
To comply with legal obligations and to establish, exercise, or defend legal claims.

Legal grounds:

  • legal obligation
  • legitimate interests

4.9 No Sale of Personal Information

Vanguard does not sell Personal Information and does not use it for unrelated third-party advertising marketplaces. While we implement appropriate safeguards, no system can be completely secure.

4.10 Meaningful Consent

Vanguard obtains meaningful consent for the collection, use, and disclosure of Personal Information in accordance with applicable law, including Canadian privacy requirements.

Consent may be obtained through clear user actions, including account registration, acceptance of Terms, event participation confirmations, and explicit checkboxes where appropriate.

Depending on the sensitivity of the information and reasonable expectations of the user, consent may be expressed or implied.

Users are provided with clear, understandable information about the purposes for which their Personal Information is processed at or before the time of collection.

5. Categories of Personal Information We Collect

We collect and use Personal Information only as needed to operate the Platform and provide our Services. The exact categories may vary depending on how you use Vanguard and Pathfinder (e.g., Participant, Organizer, Judge). We collect only the Personal Information necessary for the purposes described in this Policy.

For clarity, we distinguish between Platform Data and Event Data.

5.1 Identity and Account Information (Platform Data)

Collected when you create or maintain an account:

  • email address
  • username / display name / alias
  • password (stored in encrypted form)
  • country / region / time zone (if provided)
  • linked account identifiers (e.g., messenger ID if Pathfinder is connected)
  • account status and authentication records

We rely on information provided by you and expect it to be accurate.

5.2 Profile and Master Profile Information (Pathfinder)

If you complete onboarding, profile questions, or Pathfinder navigation flows, we may process:

  • professional or creative background
  • skills and areas of interest
  • participation history
  • achievements, statuses, progression data
  • responses to structured questionnaires

This forms part of your Master Profile, which connects your cross-event trajectory.

5.3 Event Application and Participation Data (Event Data)

When you apply to or participate in an event, we may process:

  • event application forms
  • answers to Organizer-defined questions
  • uploaded documents or portfolios
  • team membership information (if applicable)
  • round participation status
  • timestamps of submissions
  • acceptance of event rules and acknowledgements

We log acceptance of event documents (including checkboxes) with date/time and technical metadata.

5.4 User-Generated Content and Submissions

When you submit work to an event, you may upload:

  • text
  • images
  • audio
  • video
  • code
  • presentations
  • other digital files

We also process related metadata (e.g., upload time, file type, file size, submission status).

You should ensure that you have the right to upload content and avoid including third-party Personal Information unless you are permitted to do so.

User-generated content may include images, audio, video, or other materials that contain Personal Information relating to other individuals (for example, collaborators, performers, or audience members).

By uploading such content, Users represent that they have the necessary rights, permissions, and legal authority to include such information and to submit the content to the Platform. Vanguard does not independently verify the legality of user submissions and relies on Users to ensure that any included Personal Information is lawfully obtained and shared.

5.5 Organizer and Representative Information

If you act as an Organizer (or representative of one), we may process:

  • full name
  • role / title
  • contact details
  • company or entity name
  • corporate registration details (if applicable)
  • verification documents (if required for integrity checks)

This data is used for verification, compliance, and event administration.

5.6 Judge / Expert Information

If you serve as a Judge or Expert, we may process:

  • identity and contact details
  • professional credentials (if provided)
  • evaluation activity records
  • scoring and commentary logs

Access to participant data is limited to event scope and permissions.

5.7 Technical and Usage Data (Security & Integrity)

When you use Vanguard, we may automatically collect:

  • IP address
  • device type and browser information
  • operating system
  • session identifiers
  • timestamps of activity
  • security logs and audit records

This data supports authentication, fraud prevention, system integrity, and troubleshooting.

5.8 Communications Data

If you communicate through Pathfinder or contact support, we may process:

  • messages sent through platform channels
  • system notification logs
  • support requests and related correspondence

5.9 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • maintain login sessions
  • enhance security
  • store preferences
  • support analytics (where enabled)

Additional details may be provided in a separate Cookie Notice (if implemented). Some web browsers may transmit “Do Not Track” signals. At this time, Vanguard does not respond to such signals due to the lack of a consistent industry standard.

5.10 Sensitive Personal Information

We do not intentionally collect special category data (e.g., racial origin, political opinions, religious beliefs, health data) unless:

  • you voluntarily include it in submissions or free-text fields; or
  • it is required for a specific lawful purpose (e.g., Organizer verification).

If such data is processed, it will be handled with heightened protection and only under an appropriate legal basis.

5.11 Information We Do Not Collect

We do not intentionally collect:

  • - children’s data without appropriate consent — the Services are intended primarily for individuals who are at least 14 years of age. We do not knowingly collect Personal Information from individuals under 14 years of age unless participation is explicitly permitted for a specific event or feature and all legally required parental or guardian consent has been obtained in accordance with applicable law. Where minors are permitted to participate, collection and processing of their Personal Information is limited to what is necessary to provide the Services and is subject to enhanced safeguards;
  • - financial card details (processed directly by payment providers, where applicable); and
  • - data for resale to data brokers.

6. How We Share and Disclose Personal Information

We share Personal Information only when necessary to operate the Platform and for the purposes described in this Policy.

We do not sell Personal Information.

6.1 Disclosure to Event Organizers (Independent Controllers)

When you participate in an event, submit a work, or enter a round:

  • you accept the event rules and required disclosures configured by the Organizer;
  • you confirm participation via the Platform interface (including required checkboxes);
  • the Platform logs your acceptance (date/time and technical metadata).

Following this, Vanguard may disclose relevant Event Data to the Organizer strictly for the purposes of conducting that specific event.

This may include:

  • contact details
  • application responses
  • submissions and related metadata
  • participation status
  • scoring history (where relevant)

From the moment the Organizer receives Personal Information for event purposes, the Organizer acts as an Independent Controller for that data.

The Organizer is responsible for:

  • its own privacy documentation;
  • its own legal basis for further processing;
  • compliance with applicable data protection laws.

Vanguard is not responsible for processing carried out by the Organizer after disclosure. As stated in section 4.3 (Disclosure to Organizers), Organizers do not receive rights to use Participant Content for promotional or commercial purposes beyond the scope defined in event documentation and applicable licenses.

6.2 Service Providers (Processors)

We may share Personal Information with trusted service providers who process data on our behalf under contractual safeguards, including:

  • hosting providers
  • cloud infrastructure services
  • email delivery services
  • security and monitoring tools
  • analytics providers (where enabled)
  • customer support tools

These providers:

  • act only on our documented instructions;
  • are bound by confidentiality and data protection obligations;
  • are required to implement appropriate technical and organizational safeguards.

6.3 Cross-Border Data Transfers

Vanguard is based in Canada, and Personal Information under Vanguard’s control is primarily stored and processed in Canada.

At the same time, the Services may involve limited cross-border processing or access in certain circumstances, including where:

- a User or Organizer connects Pathfinder to a third-party messaging or communication platform;

- a User interacts with the Services from outside Canada;

- Vanguard uses trusted service providers that may access or process Personal Information from outside Canada; or

- cross-border access is otherwise necessary to operate, secure, support, or improve the Services.

Where Pathfinder or other communication features operate through third-party messaging or communication platforms, certain communications, identifiers, and related metadata may pass through or be processed by those third-party platforms in accordance with their own terms, privacy policies, infrastructure, and legal jurisdictions.

Personal Information processed outside Canada may be subject to the laws of the jurisdiction where it is processed, including lawful access by courts, law enforcement, national security authorities, or regulatory authorities.

Where Vanguard uses third-party service providers that may access or process Personal Information, Vanguard takes reasonable steps to ensure that such providers are subject to contractual, technical, and organizational safeguards appropriate to the sensitivity of the information and consistent with applicable law.

Vanguard remains responsible for Personal Information under its control, including Personal Information processed by service providers on Vanguard’s behalf, but Vanguard does not control and is not responsible for the independent data practices, legal obligations, or actions of third-party messaging platforms, communication services, or other third-party services selected or used by Users, Organizers, or other third parties.

6.4 Messenger and Third-Party Communication Platforms (Pathfinder)

If you connect Pathfinder to a third-party messenger or communication platform:

  • your interaction with that service is governed by that service’s own privacy policy;
  • that provider processes your information independently;
  • Vanguard processes only the data made available to us through the integration.

Choosing to connect such services is voluntary and considered an intentional selection of that communication channel.

6.5 Legal and Regulatory Disclosures

We may disclose Personal Information where required to:

  • comply with legal obligations;
  • respond to lawful requests from courts or authorities;
  • protect rights, safety, and property of Vanguard, Users, or third parties;
  • investigate fraud, abuse, or violations of Terms.

6.6 Business Transactions

If Vanguard undergoes a merger, acquisition, restructuring, or asset transfer, Personal Information may be transferred as part of that transaction, subject to applicable legal safeguards.

Users will be informed where required by law.

6.7 Public Display (Publication)

Certain event-related information may be displayed publicly when:

  • the event configuration enables public visibility;
  • such display is consistent with event rules;
  • a valid legal basis exists (e.g., contract, consent, legitimate interest).

Examples may include:

  • public rankings;
  • winner announcements;
  • user-chosen public profile elements;
  • publicly submitted works.

Such display may include use of content as permitted under the Terms of Service and applicable content licenses.

Users should be aware that content made public on the Platform may be visible to other users and the general public and may be indexed, copied, or shared outside the Platform. Vanguard does not control third-party use of publicly available information.

6.8 No Sale of Personal Information

We do not sell Personal Information and do not participate in third-party advertising data marketplaces.

We do not disclose Personal Information for unrelated third-party commercial exploitation.

7. Data Retention and Deletion

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

How long we keep Personal Information depends on what it is, why we collected it, and any legal requirements that apply.

Where appropriate, we apply defined retention periods or criteria, such as security log retention windows, inactivity thresholds, and legal limitation periods, to ensure Personal Information is not retained longer than necessary.

7.1 Account Data

Personal Information associated with your account (e.g., identity, profile, participation history) is retained:

  • for as long as your account remains active;
  • and for a reasonable period thereafter if required for security, fraud prevention, dispute resolution, or legal compliance.

If you delete your account, we will delete or de-identify your Personal Information, subject to the limitations described below.

7.2 Event Data and Archives

Event-related information (applications, submissions, results, rankings, participation history) may remain part of the Platform’s structured event archive while:

  • your account remains active;
  • the event remains part of the ecosystem history;
  • there is no valid request requiring deletion;
  • retention serves legitimate ecosystem integrity purposes.

If you delete your account:

  • identifiable Personal Information may be removed or de-identified;
  • content retained under a license (e.g., videos, scores, submissions) may continue to be stored or used as permitted by that license;
  • certain structural event records (e.g., anonymized ranking positions, aggregate statistics) may be retained in non-identifiable form.

Where Event Data has already been disclosed to an Organizer, the Organizer is independently responsible for its retention and deletion policies.

For clarity, User Content submitted as part of events (including audio, video, and other creative works) may be retained and displayed as part of the Platform’s event archives and historical records, where such retention is necessary to preserve the integrity of competitions, results, and ecosystem history. Such retention is based on contractual rights and licenses granted under the Terms of Service and applicable Content and Media License.

Where deletion is requested, Vanguard may remove or de-identify associated Personal Information (such as account identifiers), while retaining the underlying content in a manner consistent with its legitimate interests and contractual rights.

7.3 Security Logs and Audit Trails

Security logs and technical audit records may be retained for a limited period necessary to:

  • maintain platform security;
  • detect and prevent abuse;
  • investigate incidents;
  • comply with legal obligations.

Retention periods for such logs are limited and proportionate to security needs.

7.4 Legal and Regulatory Retention

We may retain Personal Information longer where required to:

  • comply with legal or tax obligations;
  • respond to lawful authority requests;
  • establish, exercise, or defend legal claims;
  • enforce our Terms.

Such data is retained only for the duration required under applicable law or for legitimate legal purposes.

7.5 Deletion Requests

You may request deletion of your Personal Information, subject to:

  • identity verification;
  • applicable legal exceptions;
  • technical feasibility;
  • legitimate interests such as fraud prevention, dispute resolution, or contractual obligations (including valid licenses for previously submitted content).

If deletion is approved:

  • Personal Information will be removed from active systems within a reasonable timeframe;
  • residual copies in secure backups may persist temporarily until routine backup rotation cycles complete;
  • content retained under a valid license (e.g., past videos, scores, submissions) may continue to be used or displayed as permitted by that license, even if you withdraw consent for future processing;
  • de-identified or aggregated data may be retained for ecosystem integrity, analytics, or reporting purposes.

Key point: Even where Users withdraw consent, Vanguard ensures retention is limited to lawful, contractual, or operationally necessary purposes, and all retained data is safeguarded per PIPEDA accountability principles.

7.6 De-Identification and Anonymization

Where possible, instead of full deletion, we may:

  • de-identify data;
  • aggregate data;
  • remove direct identifiers while preserving ecosystem structure.

De-identified data is not used to re-identify individuals.

7.7 Account Inactivity

We may implement inactivity policies (e.g., after extended periods without login) and may notify Users prior to deactivation or deletion.

8. Your Rights Under Applicable Law

Depending on where you live, you may have certain rights regarding your Personal Information.

Vanguard respects these rights and provides mechanisms to exercise them.

8.1 Right of Access

You may request confirmation of whether we process your Personal Information and request access to:

  • the categories of data processed;
  • the purposes of processing;
  • the sources (where applicable);
  • the categories of recipients;
  • retention logic.

We may verify your identity before responding.

8.2 Right to Rectification

You may request correction of inaccurate or incomplete Personal Information.

Where possible, you may update your profile directly within your account.

8.3 Right to Deletion (Erasure)

You may request deletion of your Personal Information, subject to:

  • legal retention obligations;
  • legitimate security or fraud prevention needs;
  • defense of legal claims;
  • data already disclosed to Organizers (who act as independent Controllers).

Where deletion is not possible, we may restrict processing or de-identify data instead.

8.4 Right to Restrict Processing

You may request restriction of processing in circumstances permitted by law, including:

  • contesting accuracy;
  • alleging unlawful processing;
  • pending objection review.

During restriction, data may be stored but not actively processed (except where legally required).

8.5 Right to Data Portability (GDPR/UK GDPR, where applicable)

Where processing is based on contract or consent and carried out by automated means, you may request:

  • a structured, commonly used, machine-readable copy of your Personal Information;
  • direct transmission to another controller, where technically feasible.

This right applies only to data you have provided and that is processed on the relevant legal basis.

8.6 Right to Object

You may object to processing based on legitimate interests, including profiling.

We will assess the objection and cease processing unless:

  • compelling legitimate grounds override your interests; or
  • processing is required for legal claims.

You may object at any time to marketing communications.

8.7 Rights Related to Automated Processing

We do not use solely automated decision-making that produces legal or similarly significant effects without human involvement.

If you believe automated processing affects you significantly, you may request:

  • clarification;
  • human review (where applicable).

8.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

Withdrawal does not affect the lawfulness of processing prior to withdrawal.

If consent is required for certain Platform features, withdrawal may limit access to those features.

Withdrawal of consent does not affect processing based on contractual necessity or rights granted under applicable content licenses.

8.9 Complaints

If you believe your rights have been violated, you may:

  • contact us directly (preferred);
  • file a complaint with the appropriate supervisory authority.

For Canada:
Office of the Privacy Commissioner of Canada (OPC)

For the EU/UK (where applicable):
Your local Data Protection Authority.

8.10 Requests Involving Organizers

If your request relates to Personal Information processed by an Organizer after disclosure:

  • you may need to contact the Organizer directly;
  • we may assist by identifying the relevant Organizer, where feasible.

Organizers act as independent Controllers for event-level data they receive.

8.11 How to Submit a Request

You may submit privacy-related requests by contacting the Privacy Officer as described in Section 3.3. For convenience, the contact information is provided again below:

Privacy Officer
Kirill Kasatskiy
Vanguard Creative Platforms Inc.
Email: connect@vanguardnetwork.org

We may ask for additional information to confirm your identity before processing your request.

We respond within legally required timeframes (generally up to 30 days, subject to lawful extensions where permitted).

9. Security Measures

Vanguard implements appropriate technical and organizational measures to protect Personal Information against unauthorized access, disclosure, alteration, destruction, or loss.

Security measures are designed in proportion to:

  • the nature of the data;
  • the risks involved;
  • the scale of processing;
  • applicable legal requirements.

9.1 Organizational Measures

We implement internal controls to ensure that Personal Information is accessed and handled appropriately within Vanguard. These include:

  • limiting access to Personal Information based on job roles and responsibilities;
  • ensuring individuals only access the data necessary to perform their duties;
  • requiring personnel and contractors to follow confidentiality obligations;
  • monitoring and logging access to systems where appropriate;
  • carefully managing onboarding and access permissions for team members and contractors;
  • maintaining internal procedures for handling and protecting Personal Information.

Access to Personal Information is restricted to individuals who require it to perform their duties.

9.2 Technical Safeguards

We use technical protections that may include:

  • encryption (in transit and/or at rest, where appropriate);
  • secure authentication mechanisms;
  • firewall and network protection systems;
  • intrusion detection and monitoring;
  • security logging and audit trails;
  • backup and recovery procedures.

Specific configurations and internal security architecture details are not publicly disclosed.

We implement security measures appropriate to the nature of the data processed and the scale of our operations. As the Platform evolves, we continue to evaluate and improve our technical and organizational safeguards to address emerging security risks and industry best practices.

9.3 Processor and Vendor Security

Service providers who process Personal Information on our behalf are required to:

  • maintain appropriate safeguards;
  • process data only under contractual instructions;
  • implement confidentiality and security measures.

We assess vendors based on risk and relevance to Personal Information processing.

9.4 Incident Response

In the event of a confirmed data breach involving Personal Information:

  • we assess the scope and impact;
  • we take containment and mitigation measures;
  • we notify affected individuals and/or authorities where required by law.

In the event of a confirmed data breach involving Personal Information, we assess the scope and risk of harm.

Where required under applicable law, including where a breach poses a real risk of significant harm, we will notify affected individuals and the appropriate regulatory authorities within the timeframes required by law.

9.5 User Responsibility

Users are responsible for:

  • maintaining the confidentiality of their account credentials;
  • using secure devices and updated software;
  • not sharing authentication tokens or passwords;
  • logging out from shared devices.

9.6 Limitations

While we implement appropriate safeguards, no system can be completely secure.

We continuously evaluate and improve our security practices in light of evolving risks and technologies.

9.7 Continuous Security Review

Vanguard periodically reviews and updates its security practices to address evolving threats, technological changes, and regulatory expectations.

10. International Users and Cross-Border Compliance

Vanguard is operated from Canada and serves a global audience, including users from the United States, the European Union, the United Kingdom, Australia, and other jurisdictions.

By using the Platform, you understand that your Personal Information may be processed in Canada and other countries as described in this Policy.

10.1 Canada (PIPEDA Framework)

As a Canadian federal corporation, Vanguard processes Personal Information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Under PIPEDA:

  • we are accountable for Personal Information under our control;
  • we implement appropriate safeguards;
  • we provide access and correction rights;
  • we limit collection and use to identified purposes.

10.2 European Union and United Kingdom (GDPR / UK GDPR)

If you are located in the EU or UK:

  • Vanguard acts as a Data Controller for Platform-level processing;
  • you may exercise GDPR rights as described in Section 7;
  • cross-border transfers are subject to appropriate safeguards where required;
  • we do not engage in solely automated decision-making producing legal or similarly significant effects without human involvement.

Where necessary, we rely on:

  • contractual safeguards;
  • standard data protection clauses;
  • adequacy decisions;
  • additional technical and organizational protections.

10.3 United States (Including California)

Vanguard does not sell Personal Information and does not share it for cross-context behavioral advertising.

For users located in the United States:

  • we process Personal Information primarily under contractual necessity and legitimate business purposes;
  • we apply security safeguards consistent with industry standards;
  • we do not discriminate against users for exercising privacy rights.

For residents of California (including under the California Consumer Privacy Act, as amended by CPRA):

  • you have the right to request access to categories and specific pieces of Personal Information collected;
  • you have the right to request deletion (subject to statutory exceptions);
  • you have the right to correct inaccurate Personal Information;
  • you have the right to know whether data is sold or shared (Vanguard does not sell Personal Information);
  • you have the right to non-discrimination for exercising privacy rights.

Requests may be submitted as described in Section 7.

10.4 Voluntary Global Participation

Vanguard allows international participation in events.

Where an Organizer operates in a different jurisdiction:

  • the Organizer is independently responsible for compliance with applicable local privacy laws;
  • Participants may be subject to additional disclosures defined by the Organizer within event-specific documentation.

10.5 Conflict of Laws

Where local law provides stronger protections than this Policy, we will comply with applicable mandatory legal requirements.

11. Updates to This Privacy Policy and Contact Information

11.1 Policy Updates

This Privacy Policy may be updated from time to time to reflect:

  • changes in legal requirements;
  • changes in Platform functionality;
  • security improvements;
  • operational or structural updates within the Vanguard ecosystem.

The updated version becomes effective upon publication on the official Vanguard website, unless otherwise stated.

Where required by applicable law, we will provide appropriate notice of material changes.

The “Last Updated” date at the top of this document reflects the most recent revision.

11.2 Relationship with Terms of Service

This Privacy Policy supplements and forms part of the broader legal framework governing use of the Platform, including the Terms of Service.

In the event of inconsistency between this Privacy Policy and event-specific documentation configured by an Organizer, the event documentation governs only to the extent it does not conflict with this Policy or applicable data protection law.

11.3 Contact Information

If you have questions about this Privacy Policy or Vanguard’s data practices, or if you wish to exercise your privacy rights, you may contact Vanguard’s Privacy Officer as described in Section 3.3 and Section 8.11 of this Policy.

We respond to privacy inquiries and requests within the timeframes required by applicable law.