Privacy Policy

Mythral Expanse Legal ("we," "us," or "our") operates out of Toronto but works with clients worldwide. That means we're subject to Canadian privacy laws - specifically PIPEDA - plus we pay attention to regulations in the jurisdictions where our clients operate.

This policy covers what happens when you interact with us, whether that's through our website, email, phone calls, or in-person meetings. We've structured our practice around international trade and corporate law, which means we're constantly dealing with sensitive business information. We take that responsibility seriously.

By using our services or website, you're agreeing to the terms laid out here. If something doesn't sit right with you, let's talk about it before we move forward.

Personal Information

When you reach out to us or become a client, we'll collect the basics: your name, company name, job title, email address, phone number, and business address. Depending on the nature of your legal matter, we might also need:

• Financial information for M&A transactions
• Corporate structure details and ownership information
• Trade documentation and customs records
• Intellectual property documentation
• Contract histories and commercial relationships
• Compliance records and regulatory filings

Technical Information

Our website collects standard stuff like IP addresses, browser types, device information, and pages you visit. We use this to improve the site and understand how people find us.

Communications

We keep records of our conversations - emails, phone call notes, meeting minutes, and documents you share with us. This isn't just good practice, it's required under our professional obligations as lawyers. These records help us serve you better and maintain the attorney-client privilege that protects our relationship.

Here's what we actually do with your information:

We won't use your information for marketing without your explicit consent. If you've worked with us before and we think there's something you should know about, we might reach out - but you can always tell us to stop.

We're pretty protective of your information, but there are times when we need to share it:

With Your Permission

When you're involved in a transaction or litigation, we'll share relevant information with the other parties, their lawyers, regulators, courts, or anyone else necessary to get the job done. That's usually implicit in hiring us, but we'll always keep you in the loop.

Service Providers

We work with vetted third parties who help us run our practice - cloud storage providers, document management systems, billing software, IT support, and expert witnesses. They're all bound by confidentiality agreements and only get access to what they need.

Legal Obligations

If we're legally required to disclose information - court orders, regulatory investigations, or compliance with anti-money laundering laws - we'll do so. Where possible, we'll notify you first unless we're prohibited from doing so.

International Counsel

Since we handle cross-border matters, we sometimes work with lawyers in other countries. We only partner with firms that maintain similar privacy standards, and we ensure appropriate safeguards are in place for international data transfers.

We've invested in proper security because frankly, we're handling information that could make or break deals worth millions. Here's what we've got in place:

• Encryption: All data in transit uses TLS encryption. Stored data is encrypted at rest.
• Access Controls: Role-based access means staff only see what they need to do their jobs.
• Secure Infrastructure: Our systems are hosted in Canadian data centers with physical security and redundancy.
• Regular Audits: We conduct security assessments and penetration testing annually.
• Staff Training: Everyone on our team goes through privacy and security training. They sign confidentiality agreements before they start.
• Incident Response: We've got a plan for data breaches, and we'll notify you promptly if one affects your information.

No system is 100% secure - anyone who tells you otherwise is lying. But we're doing everything reasonably possible to protect your data, and we stay current with evolving security standards.

Given our focus on international trade, your information might cross borders as part of our work. We're based in Canada, but we might transfer data to:

• Legal counsel in other jurisdictions where your matter requires local expertise
• Service providers with international operations (though we prioritize Canadian and EU-based providers)
• Regulators or courts in countries where you're doing business
• Transaction counterparties and their advisors in cross-border deals

When we transfer data internationally, we use mechanisms like Standard Contractual Clauses, adequacy decisions, or other approved safeguards. We also assess the privacy laws in the destination country to ensure adequate protection.

If you've got concerns about where your data goes - especially if you're in a jurisdiction with strict data localization requirements - let's discuss it upfront so we can work out appropriate arrangements.

Under Canadian privacy law and other applicable regulations, you've got rights regarding your personal information:

To exercise any of these rights, contact us at contact@mythralexpanse.info or call (416) 555-0187. We'll verify your identity before processing requests - standard procedure to make sure we're not giving your information to someone else.

If you're not satisfied with how we've handled a privacy concern, you've got the right to complain to the Office of the Privacy Commissioner of Canada or the relevant supervisory authority in your jurisdiction.

Our website uses cookies - those little files that websites store on your device. Here's what we're using and why:

Essential Cookies

These keep the site functioning - session management, security features, and basic functionality. You can't really opt out of these if you want to use the site properly.

Analytics Cookies

We use these to understand how people use our site - which pages get visited, where people come from, how long they stay. It helps us improve the experience. We use anonymized data where possible.

Preference Cookies

These remember your choices - language preferences, display settings, that sort of thing.

We don't use advertising cookies or sell your data to third parties for marketing purposes. That's not our business model.

As a law firm, we're required to keep client files for specific periods - generally 10 years after a matter closes, though it varies depending on the type of work and applicable regulations. This isn't just us being pack rats; it's required by our professional regulators and insurance carriers.

What We Keep and For How Long:

• Client Files: Minimum 10 years after matter completion, longer for certain matters like M&A transactions
• Financial Records: 7 years as required by tax authorities
• Conflict Checks: Indefinitely (we need to check for conflicts even on old matters)
• Marketing Communications: Until you opt out or we determine they're no longer relevant
• Website Data: Analytics data is typically aggregated after 26 months

Once the retention period expires and there's no ongoing need, we securely destroy the information. For electronic records, that means secure deletion. For paper files, we use certified destruction services.

If you've got specific concerns about how long we're keeping your information, especially for matters in specialized areas like IP protection where longer retention might be valuable, we can discuss appropriate arrangements.

Got questions or concerns about how we handle your personal information? Don't hesitate to reach out. We'd rather address your concerns directly than have you worry about it.