Privacy Policy

Last updated: June 15, 2026

1. Who we are

UmbrellaOwl.com is an informational and educational content portal about insurance for a Canadian audience. The site is operated by UmbrellaOwl. For privacy enquiries, contact us at [email protected]. We handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal private-sector privacy law, and, where they apply, substantially similar provincial privacy laws (for example, Quebec’s Law 25, British Columbia’s PIPA, and Alberta’s PIPA).

2. Data we collect

We collect only non-personal data needed to understand site performance and content relevance:

IP address (kept in server logs for a short retention window)
Browser type, operating system, and language
Page visited; referrer classified by category (search, social, direct, internal, external)
Screen resolution, viewport type, and timezone
Browser-level performance metrics (Core Web Vitals)
Aggregated engagement signals: scroll depth, active reading time, article completion, the section that held the most attention, and clicks on links and buttons (we record only the link type, internal/external/affiliate/CTA, and the destination with no personal data, never cursor position or a heatmap)

While browsing the site, we do not collect name, email, phone, address, device fingerprints, or any personally identifiable information; and we do not use persistent cross-session identifiers, with a single exception: the pseudonymous visitor identifier described in section 6, created only if you consent to analytics cookies. The newsletter is suspended: we currently do not collect name, email, or phone through the site (see the section below).

Newsletter sign-up is temporarily unavailable and is not being offered at this time. While it is suspended, we do not collect name, email, or phone through the site, and there is no active sign-up form. If the newsletter is offered again, this policy will be updated beforehand to describe what data would be collected, the lawful basis, and how to unsubscribe. We do not sell your personal information.

Browser notifications (Web Push)

You can choose to receive notifications about new articles directly in your browser. We first show a notice explaining the option; only if you accept does the browser ask for permission (we never trigger the browser permission prompt without your acceptance). When you accept, your browser generates an anonymous technical subscription (an opaque endpoint from the browser’s push service, plus encryption keys) that we keep solely to deliver the notifications. We do not collect or retain any name, email, phone, IP address, or any personal information for the notifications: this subscription does not identify you. You can opt out at any time in your browser’s notification settings, and the subscription stops being used and is removed once the browser invalidates it. Declining the notice has no effect on reading the site.

3. Tracking pixel and telemetry

We load a transparent 1x1 pixel on every article page view. The server records the page view, IP, browser, and referrer in its access log. The pixel path encodes an opaque identifier for the article and its published version, with no reader-level data.

We also send browser performance metrics (Core Web Vitals, JavaScript errors) and aggregated engagement signals to our telemetry collector. These are anonymous and used to improve loading speed and editorial quality.

By default this telemetry is anonymous and per-session, with no cookie: the session identifier lives only in the tab’s memory (sessionStorage) and is gone when you close the tab. The use of cookies and a cross-session visitor identifier depends on your consent, as described in section 6.

We honour the Do Not Track (DNT) and Global Privacy Control (GPC) browser signals: when enabled, we suppress optional engagement and context signals, keeping only the aggregated page-view count.

Under PIPEDA, we collect, use, and disclose personal information only for purposes a reasonable person would consider appropriate. The anonymous, per-session telemetry (pixel, Core Web Vitals, aggregated engagement, no cookie) is used to continuously improve the service, analyze aggregate audience behaviour, and monitor technical performance, without collecting personal information.

The cross-session visitor identifier (uo_uid, section 6) and analytics cookies are set only with your consent: they are created only after you enable them in the cookie notice, and you can withdraw consent at any time.

5. Your rights

Under PIPEDA and applicable provincial privacy laws, you may:

Ask whether we hold personal information about you and request access to it
Request correction of personal information that is inaccurate or incomplete
Ask about how your personal information is collected, used, and disclosed
Withdraw your consent, subject to legal or contractual restrictions
Make a complaint about how we handle your personal information

To exercise these rights, email [email protected]. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca), or your provincial privacy regulator where one applies.

6. Cookies and visitor identifier

You control cookies in the consent notice shown on your first visit, and at any time via the Cookie preferences link in the footer.

Necessary (always on): the uo_consent cookie records your consent choice. It is essential and does not track browsing.
Analytics (optional, requires consent): if you enable it, we create a pseudonymous visitor identifier, the uo_uid cookie. It stores only a random code (UUID), with no name, email, IP, or any personal information, used to tell new visitors from returning ones and measure retention in aggregate. Lifetime: 90 days. We do not fingerprint your device.
Cloudflare (necessary): our CDN may set strictly necessary security cookies (for example, __cf_bm).

How to withdraw or delete: click Cookie preferences and decline Analytics (this immediately deletes uo_uid), or clear cookies in your browser. Data associated with uo_uid expires automatically within 90 days. For any deletion request, email [email protected].