Privacy Policy

Privacy Policy

Last Updated: March 23, 2026

7869584 Canada Inc, operating as Nerdy Joe (“Nerdy Joe,” “Company,” “we,” “us,” or “our”), is a Canadian corporation with its address at:

Nerdy Joe
703 – 40 Eglinton Avenue West
Toronto, ON, Canada

We operate the website nerdyjoe.com (the “Site”) and related products and services that link to or reference this Privacy Policy (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and safeguard information about individuals (“you”) in connection with the Site and Services. This Privacy Policy is incorporated by reference into, and forms part of, our Terms and Conditions (“Legal Terms”).

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, or subsequently withdraw your agreement to it, you must not use, or immediately cease existing use of, the Services.

Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our Site;
  • Individuals who create or use accounts on the Services;
  • Representatives and employees of our customers and business partners;
  • Individuals who interact with our sales, marketing, or support teams (e.g., via email, phone, or in-person); and
  • Individuals whose personal data we process in connection with our Services in our capacity as a controller (as described below).

This Privacy Policy does not apply to personal data that our customers upload into the Services or otherwise provide to us for processing on their behalf (“Customer Data”) where we act as a processor or service provider. In those cases, our customers (or their own clients) are responsible for their own privacy notices, and our processing of Customer Data is governed by our agreements and any applicable Data Processing Addendum (“DPA”) between Nerdy Joe and the customer, not this Privacy Policy.

Who We Are and How to Contact Us

Controller

For purposes of applicable data protection laws, Nerdy Joe is the controller of personal data that we collect and process about you in connection with:

  • Your use of our Site;
  • Your interactions with our sales, marketing, and support functions; and
  • Your Nerdy Joe account as a user of the Services (to the extent we determine the purposes and means of processing).

Contact Details

If you have questions or concerns about this Privacy Policy or our privacy practices, you can contact us at:

Email: jimmy@nerdyjoe.com
Mail: 703 – 40 Eglinton Avenue West, Toronto, ON, Canada

Roles: Nerdy Joe as Controller and Processor

Nerdy Joe as a Data Controller

We act as a data controller when we determine the purposes and means of processing personal data, including when we:

  • Operate and secure the Site and Services;
  • Manage Nerdy Joe accounts and billing;
  • Conduct sales and marketing activities;
  • Provide customer support; and
  • Analyze usage of the Services for product improvement, security, and compliance.

Nerdy Joe as a Data Processor / Service Provider

We act as a processor or service provider when our customers use the Services to upload, store, or process personal data about their own leads, contacts, or customers (for example, names, email addresses, phone numbers, notes, campaign performance data, etc.) (“Customer Data”). In those cases:

  • The customer is the controller (or business) for Customer Data.
  • We process Customer Data only on the customer’s instructions as set out in our agreement and any applicable DPA.
  • Requests from individuals about Customer Data (e.g., access, deletion) should generally be directed to the relevant Nerdy Joe customer.

Personal Data We Collect

The categories of personal data we collect depend on how you interact with us and the Services.

Information You Provide Directly

We may collect personal data that you provide directly to us, including:

Account and Profile Data

  • Name, job title, company name, industry
  • Business email address, phone number, address
  • Login credentials (username, hashed password)

Billing and Payment Data

  • Billing contact information (name, email, address)
  • Limited payment card details (e.g., last four digits, expiration date) as relayed by our payment processor; we do not store full card numbers

Communications and Support

  • Messages, emails, tickets, and other communications with our sales, support, or customer success teams
  • Feedback, surveys, and responses to forms

Comments and User-Generated Content

  • When visitors leave comments on the Site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.
  • An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media Uploads

  • If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contractual and Business Relationship Data

  • Copies of contracts or order forms signed with Nerdy Joe
  • Information relating to renewals, upgrades, or service changes

Information Collected Automatically

When you access or use the Site or Services, we automatically collect certain information, including:

Device and Usage Data

  • IP address, browser type and version, device identifiers, operating system
  • Dates and times of access, pages viewed, referring/exit pages
  • Feature usage, clicks, and other interaction data within the Services

Log and Security Data

  • System logs, authentication logs, error logs
  • Information related to suspected security incidents or abnormal behavior

Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar technologies to:

  • Remember your preferences and settings;
  • Authenticate users and maintain sessions;
  • Understand how the Site and Services are used; and
  • Provide certain features (e.g., time zone handling, language preferences, or A/B testing).

WordPress-Specific Cookies

If you leave a comment on our Site, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

You can control cookies through your browser settings and, where required by law, through cookie consent tools. Some features of the Services may not function properly if you disable certain cookies.

Embedded Content from Other Websites

Articles and pages on this Site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Information from Third Parties

We may receive personal data about you from third parties, such as:

  • Our customers, partners, resellers, or contractors;
  • Publicly available sources (e.g., professional networking or business contact data);
  • Identity verification or anti-fraud providers; and
  • Marketing and lead-generation partners, where permitted by law.

We treat this information in accordance with this Privacy Policy and any additional restrictions imposed by the source.

How We Use Personal Data

We use personal data for the following purposes (and, where required by law, on the legal bases indicated):

To provide and operate the Services
Creating and managing accounts, providing access to features, enabling integrations, running outbound email campaigns, and providing customer support.
Legal bases (where applicable): performance of a contract, legitimate interests, or your consent.

To process transactions and manage billing
Handling payments, renewals, subscriptions, refunds, and accounting.
Legal bases: performance of a contract, legal obligations (e.g., tax), legitimate interests.

To communicate with you
Sending service-related notices, security alerts, support messages, and administrative communications. Providing updates about new features, products, or offers (where permitted).
Legal bases: performance of a contract, legitimate interests, your consent where required.

To support sales and marketing
Contacting prospects and customers about Nerdy Joe products and related content; managing demos, webinars, events, and communications.
Legal bases: legitimate interests, consent (e.g., email marketing where required).

To personalize the Services and improve user experience
Tailoring content and experiences, including recommendations and interface adjustments.
Legal bases: legitimate interests, consent (for certain cookies/trackers).

To maintain security and prevent misuse
Detecting, investigating, and preventing fraud, abuse, security incidents, and other harmful activity; enforcing our Legal Terms.
Legal bases: legitimate interests, legal obligations.

To analyze and improve the Services
Conducting analytics, usage trends, quality assurance, and product development.
Legal bases: legitimate interests.

To comply with laws and legal processes
Responding to lawful requests, court orders, subpoenas; maintaining appropriate records.
Legal bases: legal obligations, legitimate interests.

We may aggregate or de-identify personal data so that it is no longer reasonably capable of identifying an individual. We may use and disclose such aggregated or de-identified data for any lawful purpose.

How We Share Personal Data

We do not sell personal data.

We share personal data only as described below:

Within Nerdy Joe
With our employees, contractors, and affiliates who need access to the information to perform their roles, subject to confidentiality obligations.

With Service Providers and Vendors
With third-party providers that perform services for us, such as hosting, data storage, analytics, billing and payment processing, email delivery, identity verification, and customer support tools. These providers are contractually required to use personal data only as necessary to provide the services to us and to maintain appropriate security.

With Our Customers (for Customer Data)
When we act as a processor, we may access or disclose Customer Data in accordance with our agreement with the customer (for example, to provide support, investigate issues, or as instructed by the customer).

Business Transfers
In connection with a merger, sale of assets, financing, acquisition, reorganization, or similar transaction involving Nerdy Joe, personal data may be disclosed or transferred as part of that transaction, subject to appropriate protections.

Legal and Safety Obligations
When required by law, regulation, or legal process (e.g., subpoena, court order, or government request); when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Nerdy Joe, our customers, or others; detect, prevent, or respond to fraud, security incidents, or illegal activity; or enforce our agreements or policies.

With Your Consent
In any other circumstance where you have consented to such sharing.

Spam Detection Services
Visitor comments may be checked through an automated spam detection service. If you request a password reset, your IP address will be included in the reset email.

International Data Transfers

Nerdy Joe is based in Canada, and personal data we collect may be stored and processed in Canada, the United States, or other jurisdictions where we or our service providers operate.

If you are located outside of Canada, your personal data may be transferred to a country that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we will implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect your personal data and ensure that it is processed in accordance with applicable data protection laws.

Data Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include:

  • Access controls and authentication requirements;
  • Encryption of data in transit (and, where appropriate, at rest);
  • Network and application-level security controls;
  • Logging and monitoring; and
  • Policies, training, and contractual confidentiality obligations for personnel and service providers.

However, no security measure is perfect, and we cannot guarantee absolute security of information transmitted or stored using the Services.

You are responsible for maintaining the confidentiality of your account credentials and promptly notifying us of any unauthorized access or suspected breach involving your account.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law (e.g., tax, accounting, or regulatory requirements), our contractual obligations with customers, and our legitimate business needs (e.g., record-keeping, dispute resolution, and security).

Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Registered Users: For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

When personal data is no longer required, we will delete, anonymize, or otherwise handle it in accordance with our data retention and deletion policies.

Your Privacy Rights and Choices

Your rights may vary depending on your jurisdiction, but typically include some or all of the rights below.

General Rights

Subject to applicable law, you may have the right to:

  • Access your personal data we hold;
  • Correct inaccurate or incomplete personal data;
  • Delete or request deletion of personal data, in certain circumstances;
  • Restrict or object to certain processing;
  • Port your personal data in a structured, commonly used, and machine-readable format; and
  • Withdraw consent where processing is based on your consent.

To exercise these rights, please contact us at jimmy@nerdyjoe.com. We may need to verify your identity before processing your request and may deny or limit requests where allowed or required by law.

If your data has been submitted to Nerdy Joe by one of our customers and we process it as a processor, we may redirect your request to that customer.

Marketing Communications

You may opt out of receiving marketing emails by using the “unsubscribe” link in those emails or by contacting us directly. Even after you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., account notices, security alerts).

Cookies and Tracking Technologies

You can manage cookies through your browser settings and, where available, through cookie preference tools on our Site. Please note that certain cookies are essential to the functioning of the Services, and disabling them may limit functionality.

Canadian Privacy Rights (PIPEDA)

If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation grant you certain rights, including the right to access your personal information held by us, the right to challenge the accuracy and completeness of your information, the right to withdraw consent (subject to legal or contractual restrictions), and the right to file a complaint with the Office of the Privacy Commissioner of Canada.

We encourage you to contact us first so we can try to resolve your concerns.

Rights of EEA/UK/Swiss and Other Jurisdictions

If you are located in the European Economic Area (EEA), the United Kingdom, Switzerland, Brazil, or other jurisdictions with comprehensive data protection laws, additional rights may apply, including the right to lodge a complaint with a supervisory or data protection authority in your country of residence, place of work, or where an alleged violation has occurred.

California Privacy Rights

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including:

  • The right to know what categories of personal information we collect, the purposes for which we use them, and the categories of third parties to whom we disclose them;
  • The right to request access to and deletion of your personal information (subject to certain limitations);
  • The right to correct inaccurate personal information;
  • The right to limit use and disclosure of certain sensitive personal information (if applicable); and
  • The right to be free from discrimination for exercising your privacy rights.

We do not “sell” your personal information for monetary consideration, nor do we “share” your personal information for cross-context behavioral advertising as those terms are defined by California law, based on our current data practices.

You or your authorized agent may submit requests under California law by contacting us at jimmy@nerdyjoe.com.

Third-Party Links and Integrations

The Site and Services may contain links to, or integrations with, third-party websites, services, or applications (for example, CRM integrations, email infrastructure providers, analytics tools, or payment processors).

We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use in connection with our Services.

Children’s Privacy

The Services are intended for business use and are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16.

If we learn that we have collected personal data from a child under 16 without appropriate consent, we will take reasonable steps to delete that information and terminate the associated account.

If you believe a child has provided personal data to us, please contact us at jimmy@nerdyjoe.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice (such as via email or in-product notification), especially if the changes are material.

Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the changes, you must stop using the Services.

Data Processing Addendum (DPA)

Last Updated: March 23, 2026

This Data Processing Addendum (“DPA”) forms part of the Agreement by and between Customer (“Customer”), and 7869584 Canada Inc, operating as Nerdy Joe (“Nerdy Joe,” “Processor,” “Service Provider,” or “we”). This DPA applies to Nerdy Joe’s processing of Customer Personal Data in connection with the Services provided to Customer under the Agreement.

Definitions

Unless otherwise defined herein, capitalized terms have the meaning set forth in the Agreement.

  • “Agreement” means the main services agreement, subscription agreement, order form, master services agreement, or other contract between Customer and Nerdy Joe governing Customer’s use of the Services.
  • “Customer Personal Data” means any Personal Data submitted to the Services by or on behalf of Customer, including data relating to Customer’s own clients, leads, contacts, personnel, or other individuals.
  • “Data Protection Laws” means all laws and regulations relating to privacy, data protection, or personal data, including where applicable: the EU General Data Protection Regulation (“GDPR”), the UK GDPR and UK Data Protection Act 2018, the Swiss Federal Act on Data Protection, the California Consumer Privacy Act as amended by the CPRA (“CCPA”), the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), Brazilian LGPD, and any other applicable national, provincial, or state law governing personal information.
  • “Personal Data,” “Personal Information,” “Processing,” etc. have the meanings given under the applicable Data Protection Laws.
  • “Subprocessor” means any third party engaged by Nerdy Joe to process Customer Personal Data on Nerdy Joe’s behalf.
  • “Controller,” “Processor,” “Business,” “Service Provider” are interpreted according to the relevant law (GDPR, PIPEDA, or CCPA).

Role of the Parties

Customer as Controller/Business: For Customer Personal Data, Customer is the Controller (under GDPR) or Business (under CCPA).

Nerdy Joe as Processor/Service Provider: For Customer Personal Data, Nerdy Joe is the Processor (under GDPR) or Service Provider (under CCPA).

Instructions: Nerdy Joe will process Customer Personal Data only as needed to provide the Services, in accordance with Customer’s documented instructions, or as otherwise required by law. Nerdy Joe shall promptly notify Customer if, in its opinion, an instruction violates Data Protection Laws.

Customer Responsibilities

Customer is responsible for ensuring it has the necessary legal basis to process Customer Personal Data, ensuring its instructions to Nerdy Joe comply with Data Protection Laws, providing all necessary notices to and obtaining any required consents from data subjects, and the accuracy, quality, and legality of Customer Personal Data.

Nerdy Joe has no obligation to evaluate the accuracy or legality of Customer Personal Data.

Nerdy Joe Processing Obligations

Nerdy Joe will:

  • Process Only As Instructed: Process Customer Personal Data only for providing, supporting, securing, or improving the Services.
  • Confidentiality: Ensure all personnel with access to Customer Personal Data are bound by confidentiality obligations.
  • Security Measures: Implement and maintain industry-standard technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.
  • Assistance: Assist Customer in responding to data subject requests, conducting data protection impact assessments, demonstrating compliance, and responding to regulatory inquiries.
  • Data Breach Notification: If Nerdy Joe becomes aware of a confirmed Personal Data Breach affecting Customer Personal Data, Nerdy Joe will notify Customer without undue delay and provide information reasonably necessary for Customer to comply with its legal obligations.

Subprocessors

Authorization: Customer authorizes Nerdy Joe to engage Subprocessors to support delivery of the Services.

Requirements: Nerdy Joe will enter into written agreements with Subprocessors requiring comparable data protection obligations and remain responsible for the Subprocessor’s performance.

List of Subprocessors: Nerdy Joe will maintain a list of current Subprocessors upon request.

Changes: Nerdy Joe will notify Customer of new Subprocessors and provide an opportunity to object on reasonable grounds relating to data protection.

International Transfers

To the extent Customer Personal Data is transferred outside of its jurisdiction, Nerdy Joe will ensure that such transfers comply with Data Protection Laws through Standard Contractual Clauses (SCCs), UK Addendum or UK International Data Transfer Agreement, Swiss-specific transfer provisions, adequacy decisions, or other lawful transfer mechanisms.

Data Subject Requests

If Nerdy Joe receives a request directly from a data subject regarding Customer Personal Data, Nerdy Joe will promptly forward the request to Customer and not respond directly unless instructed or legally required. Customer is responsible for responding to data subject requests.

CCPA Provisions

Where the CCPA applies, Nerdy Joe shall process Personal Information solely for the business purpose of providing the Services, not “sell” or “share” Personal Information, not combine Customer Personal Information with information received from other sources except as permitted by law, and not retain, use, or disclose Personal Information outside the direct business relationship.

Return or Deletion of Data

Upon termination or expiration of the Agreement, Nerdy Joe will return Customer Personal Data upon request or delete or anonymize Customer Personal Data within a reasonable period unless retention is required by law. Customer is responsible for exporting its data prior to termination if desired.

Audits

Third-Party Reports: Upon request, Nerdy Joe may make available third-party audit reports or certifications if available.

Customer Audits: Customer may request an audit of Nerdy Joe’s data protection controls. Audits must be limited to the processing of Customer Personal Data, must not unreasonably interfere with Nerdy Joe’s business, must be conducted during business hours, and may occur no more than once annually unless required by law. Customer will bear all audit costs.

Liability, Term, and Amendments

The Parties’ liability under this DPA is governed by the liability limitations in the Agreement. This DPA becomes effective on the Effective Date of the Agreement and continues until Nerdy Joe no longer processes Customer Personal Data.

Nerdy Joe may update this DPA to reflect changes in Data Protection Laws or Services. Material changes will be communicated to Customer. Continued use of the Services after an updated DPA becomes effective constitutes acceptance.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Nerdy Joe (7869584 Canada Inc)
703 – 40 Eglinton Avenue West
Toronto, ON, Canada
Email: jimmy@nerdyjoe.com