Privacy Policy

Susan McVea Consulting Inc.
Effective Date: March 2026  |  Last Updated: March 2026
Applies to: susanmcvea.com and all associated brands and offers 

PLEASE READ THIS POLICY CAREFULLY. This Privacy Policy explains how Susan McVea Consulting Inc. ("we," "us," or "our") collects, uses, stores, and protects your personal information when you visit our websites, purchase our products, or subscribe to our services. By using our websites or services, you acknowledge that you have read and understood this policy.

1. About Us and This Policy

Susan McVea Consulting Inc. operates the following brands and digital properties:

  • susanmcvea.com — Personal brand, thought leadership 
  • When She Conquers (WSC) — Monthly physical subscription 
  • The Template Toolkit (TTT) — Digital product brand 
  • Sales Mastery Society (SMS) — Course and program library 
This policy applies to all personal information collected across these properties. We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64), and applicable Canadian consumer protection laws.

Privacy Officer: As required by Quebec Law 25, Susan McVea Consulting Inc. has designated a Privacy Officer. The Privacy Officer is Susan McVea, CEO. Contact: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

  • Name and email address (when subscribing to our email list, waitlists, or newsletters) 
  • Shipping address and phone number (when purchasing physical products, including the WSC Monthly subscription) 
  • Billing information (processed securely by Stripe or Paypal — we do not store your full payment card details) 
  • Any information you voluntarily share when completing forms, worksheets, or PDF products 
  • Communications you send us via email or contact forms 

2.2 Information Collected Automatically

  • IP address, browser type, device type, and operating system 
  • Pages visited, time spent on pages, and referring URLs 
  • Cookie identifiers and similar tracking technologies (see Section 7) 
  • Geographic location data at the country/region level 

2.3 Information from Third Parties

We may receive limited data from third-party platforms when you interact with our content on those platforms (e.g., clicking a link from Substack or social media). This information is non-identifiable unless you subsequently provide your personal information directly.

3. How We Use Your Information

We use your personal information only for the purposes for which it was collected, including:

  • Fulfilling orders, including shipping physical products (WSC Monthly Subscription mailer) 
  • Delivering digital products you have purchased 
  • Sending email newsletters, updates, and marketing communications to which you have consented (CASL-compliant) 
  • Processing payments through our third-party payment processor (Stripe or Paypal) 
  • Managing your subscription, including billing, renewal, and cancellation 
  • Responding to your inquiries and providing customer support 
  • Improving our website, products, and services based on usage data Complying with legal obligations 

We do not use your personal information for automated decision-making that produces legal or similarly significant effects without your knowledge.

4. Legal Basis for Processing

We collect and process your personal information on the following legal bases:

Consent: For email marketing and newsletter subscriptions. You may withdraw consent at any time (see Section 9).

Contract performance: To fulfil orders, process payments, and deliver products and services you have purchased.

Legitimate interests: For website analytics and fraud prevention, where these interests are not overridden by your privacy rights.

Legal obligation: Where processing is required by applicable law.

5. CASL Compliance — Email Marketing

We comply with Canada's Anti-Spam Legislation (CASL). Specifically:

  • We only send commercial electronic messages (CEMs) to individuals who have provided express or implied consent as defined by CASL 
  • Every commercial email we send includes a clear and functional unsubscribe mechanism 
  • Unsubscribe requests are processed within 10 business days 
  • We maintain separate email lists for each brand (Susan McVea, WSC, TTT, SMS) to ensure subscribers receive only the content they opted in for 
  • We do not reactivate dormant or lapsed email lists — subscribers must actively opt in to new communications 

When you join a waitlist (such as the When She Conquers waitlist), you are providing express consent to receive updates related to that specific offer and brand. You may unsubscribe at any time.

6. Third-Party Service Providers

We share your personal information only with trusted third-party providers who assist us in operating our business. Each provider is contractually required to protect your data and use it only for the specified purpose.

Current Service Providers

ThriveCart — Payment processing and checkout. Handles billing information for all purchases and subscriptions. Privacy policy: https://thrivecart.com/legal/thrivecart/#Privacy_Policy

Kit (formerly ConvertKit) — Email marketing platform. Stores your name and email address for newsletter and marketing communications. Privacy policy: https://kit.com/privacy

New Zenler — Course and product delivery platform. Stores purchase and access information for digital products. Privacy policy: https://www.newzenler.com/privacy-policy

Substack — Newsletter and content platform. Governed by Substack's own privacy policy when you subscribe directly via Substack. Privacy policy: https://substack.com/privacy

ConvertBox — On-site opt-in and popup tool. Collects email addresses submitted via site opt-in forms. Privacy policy: https://convertbox.com/privacy-policy/

Integrately — Automation platform connecting our tools. Privacy policy: https://integrately.com/home/privacy

Usermaven / Dashly / Respond.io — Website analytics and engagement tools. Collect anonymised usage data. Privacy policy: https://usermaven.com/privacy  https://www.dashly.io/terms-and-policies/#rec151185949

Airtable — Internal data management. Used for subscriber and order management. Privacy policy: https://www.airtable.com/company/privacy

We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.

7. Cookies and Tracking Technologies

7.1 What We Use

Our websites use cookies and similar technologies including:

  • Essential cookies — required for the website to function (cannot be disabled) 
  • Analytics cookies — help us understand how visitors use our site (Google Analytics or equivalent) 
  • Marketing cookies — track visits from email campaigns and advertisements 
  • Functional cookies — remember your preferences 

7.2 Your Cookie Choices

In accordance with Quebec Law 25 and applicable privacy legislation, we present a cookie consent banner when you first visit our site. You may accept all cookies, reject non-essential cookies, or manage your preferences at any time via the cookie settings link in our website footer.

Please note that disabling certain cookies may affect the functionality of our website. 

8. Quebec Law 25 — Additional Rights for Quebec Residents

If you are a resident of Quebec, you have the following additional rights under Law 25 (Act Respecting the Protection of Personal Information in the Private Sector):

Right to be informed: You have the right to know what personal information we hold about you and how it is used.

Right of access: You may request a copy of the personal information we hold about you. We will respond within 30 days.

Right of rectification: You may request correction of inaccurate or incomplete personal information.

Right to erasure / de-indexation: You may request deletion of your personal information or de-indexation of links associated with your name, where this does not conflict with our legal obligations.

Right to data portability: You may request your personal information in a structured, commonly used, machine-readable format, effective September 2024.

Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact our Privacy Officer at [email protected]. We will acknowledge your request within 5 business days and respond fully within 30 days. 

9. Your Rights Under PIPEDA — All Canadian Residents

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Know what personal information we hold about you 
  • Access your personal information 
  • Challenge the accuracy of your personal information and have it corrected 
  • Withdraw consent for the collection, use, or disclosure of your personal information (subject to legal and contractual restrictions) 
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated 

To exercise these rights, contact us at [email protected].

10. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Email subscribers: Retained for the duration of your subscription. Deleted within 30 days of unsubscribing, unless required for legal purposes.

Customer purchase records: Retained for 7 years in accordance with Canadian tax and accounting requirements.

Physical subscription (WSC): Shipping address and subscriber information retained for the duration of your subscription plus 12 months.

Website analytics data: Aggregated and anonymised; individual identifiers deleted within 26 months. 

When personal information is no longer required, we destroy or anonymise it in a secure manner. 

11. Physical Product Subscriptions (WSC Monthly Subscription)

The When She Conquers Monthly Subscription is a physical subscription service. In addition to standard privacy practices, please note:

  • Your shipping address is shared only with our fulfillment and shipping partners, for the sole purpose of delivering your subscription package 
  • We do not share your address with any other third parties If you update your shipping address, please do so at least 10 business days before your next billing date to ensure correct delivery 
  • For subscription cancellation, refund, and returns policies, please refer to our Subscription Terms 

12. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encrypted payment processing through ThriveCart (PCI-DSS compliant) 
  • HTTPS encryption across all our websites 
  • Access controls limiting who within our organization can access personal information 
  • Regular review of our data practices and service provider agreements 

In the event of a data breach that poses a real risk of significant harm to individuals, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required by PIPEDA, and the Commission d'accès à l'information (CAI) as required by Quebec Law 25.

13. International Data Transfers

Some of our service providers are located outside Canada (including the United States). When your personal information is transferred outside Canada, we take steps to ensure it receives a comparable level of protection, including through contractual agreements with our service providers.

As required by Quebec Law 25, we conduct privacy impact assessments for cross-border transfers involving personal information of Quebec residents where there is a risk that the level of protection does not meet Quebec's standards. 

14. Children's Privacy

Our websites and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately at [email protected] and we will delete the information.

15. AI and Automated Processing

Susan McVea Consulting Inc. uses AI tools to assist with content creation, customer support, and business operations. We do not use automated systems to make decisions about you that produce legal or similarly significant effects without human review. AI tools we use do not receive your personal information in identifiable form unless specifically required to deliver a service you have requested.

16. Links to Third-Party Sites

Our websites contain links to third-party platforms including Substack, ThriveCart checkout pages, and social media profiles. This Privacy Policy applies only to our own properties. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies before providing your personal information.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify subscribers by email.

Your continued use of our websites or services after any changes constitutes your acceptance of the updated policy. 

18. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

Privacy Officer — Susan McVea Consulting Inc.
Email: [email protected]
Website: susanmcvea.com

If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, if you are a Quebec resident, the Commission d'accès à l'information (cai.quebec.ca). 

© 2026 Susan McVea - Sales Mastery Society