Legal
Privacy Policy
Last updated: May 17, 2026
Who We Are
Fervor Studio is operated by Fervor Group Inc., based in Cochrane, Alberta, Canada. When this policy says "we," "us," or "Fervor," it means Fervor Group Inc.
Website: fervorstudio.ca
Contact: nenyi@fervorstudio.ca
Person in Charge of the Protection of Personal Information
Under Quebec's Act respecting the protection of personal information in the private sector (Law 25), every enterprise that collects personal information must designate a person in charge of protecting that information. For Fervor Group Inc., the designated person is:
- Name: Nenyi Keborku
- Title: Founder, Fervor Group Inc.
- Email: nenyi@fervorstudio.ca
If you have any question about how we handle personal information, or if you want to exercise any of the rights described below, this is the person to contact directly. We answer privacy correspondence within 30 days.
What We Collect
We collect information you provide directly and information collected automatically when you visit our website.
Information You Provide
When you fill out a form on our site — including requesting a Site Inspection, using the contact form, subscribing to The Crew newsletter, or booking a discovery call — we may collect:
- Name and email address
- Phone number (if provided)
- Website URL and trade category
- Service interest and message content
- Company name and referral source (for discovery calls)
When you use our Revenue Loss Calculator, we collect the trade you select and the values you enter (monthly visitors, conversion rate, close rate). These inputs are processed in your browser and are not sent to our servers unless you submit a lead capture form.
If you complete our optional post-submission survey, we collect years in business, team size, and how you found us.
Information Collected Automatically
When you submit a form, our server automatically collects:
- IP address — used for spam prevention, rate limiting, and fraud detection
- Geolocation data — city, region, country, and timezone (derived from your IP address via Cloudflare)
- Device and browser information — device type (mobile, tablet, desktop), browser name, and user agent string
- Referrer and UTM parameters — how you arrived at our site (e.g., search engine, social media, campaign links)
Analytics and Session Recording
With your consent, we use analytics tools to understand how visitors interact with our site. These tools are only activated when you accept cookies through our consent banner. In Quebec, the Commission d'accès à l'information has interpreted Law 25 to require express opt-in consent before any tracking cookie is set, and our banner operates accordingly.
- Google Analytics 4 (via Google Tag Manager) — collects page views, scroll depth, navigation patterns, form submissions, and calculator usage. Operates under Google Consent Mode V2: when consent is denied, only anonymous cookieless signals are collected for statistical modeling.
- Microsoft Clarity — records anonymized session replays including mouse movements, clicks, scrolling, and page interactions. Session recordings help us identify usability issues and improve the website experience. Clarity does not record text you type into form fields. Clarity only loads when you accept analytics cookies.
You can opt out of analytics and session recording at any time by clearing your cookies and selecting "Reject" on the consent banner when it reappears.
Aggregate Data and Industry Reports
We may use anonymized, aggregate data derived from calculator inputs and form submissions to produce proprietary industry reports, including trade-specific conversion rate benchmarks and market insights. These reports contain only aggregate statistics and do not identify any individual or business.
How We Use Your Information
We use your information to:
- Deliver the services you requested (Site Inspections, consultations, newsletters)
- Communicate with you about your inquiry or project
- Send you The Crew newsletter if you subscribed (you can unsubscribe at any time)
- Prevent spam, abuse, and fraudulent submissions (rate limiting by IP address)
- Improve our website and services based on aggregate usage patterns
- Produce anonymized industry benchmark reports
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
Third-Party Services and Sub-Processors
We use the following third-party services that may process your data on our behalf. Each service operates under its own privacy policy, and we describe below what data flows to each one and why.
- Cloudflare — website hosting, CDN, serverless computing (Workers), and database storage (D1). Cloudflare processes all requests and may set security cookies. Data flow: every page view and form submission passes through Cloudflare's edge network; form data is stored in Cloudflare D1 in their global infrastructure. Cloudflare Privacy Policy
- Stripe — payment processing for paid services (The Site Inspection paid tier and report unlocks). Data flow: when you purchase a service, your name, email, billing address, and payment card information are sent directly to Stripe for processing. We do not store full card numbers on our infrastructure. Stripe Privacy Policy
- Google Analytics 4 / Google Tag Manager — website analytics (only with your consent). Data flow: page view and event data anonymized via Consent Mode V2 when consent is denied; full identifier data when consent is granted. Google Privacy Policy
- Google PageSpeed Insights API — performance measurement for the Contractor CRO Index. Data flow: when we score a publicly available business website for our research, we query Google PageSpeed Insights to obtain Core Web Vitals data about that URL. No personal information from our visitors is sent in this query — only the public URL being analyzed. PageSpeed Insights documentation
- Microsoft Clarity — session recording and heatmaps (only with your consent). Data flow: anonymized mouse and scroll behavior; no form field content. Microsoft Privacy Statement
- Brevo (formerly Sendinblue) — email marketing and contact management. Data flow: when you submit a form or subscribe, your contact information is stored in Brevo to manage communications. Brevo Privacy Policy
- Cal.com — appointment scheduling. Data flow: when you book a discovery call, Cal.com processes your name, email, and booking details. Cal.com Privacy Policy
- Storyblok — content management system. Data flow: Storyblok manages our published content and does not process your personal data.
We select services that respect user privacy and comply with applicable data protection laws.
Legal Basis for Processing (EU Residents)
If you are an EU or UK resident, the GDPR requires us to identify a legal basis for each category of processing. Ours are:
- Consent — analytics cookies, session recording, newsletter signup, and any other processing where we ask you to opt in.
- Performance of a contract — when you purchase a service or request a Site Inspection, we process your information to deliver the work you asked for.
- Legitimate interests — spam prevention, fraud detection, security logging (90-day IP retention), and the research dataset that powers the Contractor CRO Index. For the research dataset, we have run a legitimate-interests assessment under the UK ICO three-part test (purpose, necessity, balancing) and concluded that publishing aggregated research findings about publicly observable conversion-optimization signals serves a legitimate business and educational interest that is not overridden by the rights of the businesses whose public pages we analyze. If you disagree, the opt-out process described in our Terms of Service is available with no questions asked.
- Legal obligation — retention of breach records (24 months minimum) and tax or accounting records as required by Canadian law.
Cookies
Our website uses a limited number of cookies. Non-essential cookies (analytics and session recording) are only set after you consent through our cookie banner. We do not use advertising cookies or cross-site tracking cookies.
For a complete list of cookies used on this site, their purposes, and durations, please see our Cookie Policy.
International Data Transfers
Fervor Group Inc. is based in Canada. Some of the third-party services we use process data in other countries:
- Cloudflare — global network (data processed at nearest edge location)
- Google / Stripe / Microsoft / Cal.com — United States
- Brevo — European Union (France)
For EU and UK residents, the European Commission has issued an adequacy decision for Canadian commercial organizations, which means transfers of personal information from the EEA or UK to Fervor Group Inc. do not require additional safeguards under Article 45 GDPR. For onward transfers to our US-based sub-processors, those sub-processors maintain their own Standard Contractual Clauses (Article 46 GDPR) or rely on the EU–US Data Privacy Framework. Where data is transferred outside of Canada to other regions, we rely on the contractual protections provided by each service provider to ensure your information receives a comparable level of protection.
Your Rights (PIPEDA + Alberta PIPA)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA), you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Withdraw consent for future collection or use of your information
- File a complaint with the Office of the Privacy Commissioner of Canada or with the Office of the Information and Privacy Commissioner of Alberta
To exercise any of these rights, email us at nenyi@fervorstudio.ca. We will respond within 30 days.
Quebec Residents (Law 25)
If you are a Quebec resident, the Act respecting the protection of personal information in the private sector grants you specific rights in addition to those above. These took effect in three phases between September 2022 and September 2024.
- Right to data portability. As of September 22, 2024, you have the right to ask us to provide the personal information we have collected from you in a structured, commonly used technological format (for example, a JSON or CSV file). You may also ask us to transmit that information directly to a third party of your choice where it is technologically feasible to do so.
- Right to know about automated decision-making. If we make a decision about you based exclusively on automated processing, we will tell you so at the time of the decision and on request will explain the personal information used, the principal factors and parameters that led to the decision, your right to have that information corrected, and your right to submit observations to a person within Fervor who can review the decision. See the Automated Decision-Making section below for the specific case of Fervor Grade scoring.
- Designated person in charge. Nenyi Keborku is the designated person in charge of the protection of personal information for Fervor Group Inc. — see the section above for contact details.
- French-language version. Our website is currently published in English only, and our marketing does not actively solicit Quebec residents in French. If you are a Quebec resident and would like a French translation of this policy or any of our other consumer-facing documents, email nenyi@fervorstudio.ca and we will provide one on request.
European Union and United Kingdom Residents (GDPR / UK GDPR)
If you are in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under the General Data Protection Regulation and the UK GDPR:
- Right of access — to know what personal data we hold about you
- Right to rectification — to correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — to have your data deleted in defined circumstances
- Right to restriction of processing — to limit how we use your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to processing based on legitimate interests, including profiling
- Right not to be subject to a decision based solely on automated processing — see the Automated Decision-Making section below
- Right to lodge a complaint with your national data protection authority
To exercise any of these rights, email nenyi@fervorstudio.ca. We respond within 30 days. If we need an extension, we will tell you why and when to expect our final response.
California Residents (CCPA / CPRA)
Fervor Group Inc.'s annual gross revenue is below $25 million, we do not process the personal information of 100,000 or more California residents or households, and we do not derive 50% or more of our annual revenue from selling personal information. The California Consumer Privacy Act, as amended by the California Privacy Rights Act, therefore does not legally apply to Fervor at this time.
However, we extend the following commitments to California residents as a matter of policy:
- We do not sell personal information. We never have, and we have no plans to. There is therefore no "Do Not Sell or Share My Personal Information" link to provide.
- We do not share personal information for cross-context behavioral advertising. Our analytics setup is single-site only.
- If you are a California resident and would like to exercise any of the rights enumerated under CCPA/CPRA — right to know, right to delete, right to correct, right to opt out, right to limit use of sensitive personal information, right to non-discrimination — email nenyi@fervorstudio.ca and we will honor the request on the same 30-day timeline that applies to PIPEDA requests.
Automated Decision-Making (Fervor Grade Scoring)
The Contractor CRO Index assigns a Fervor Grade to publicly available contractor websites based on a published scoring framework across six categories (first impression, trust and credibility, lead capture, mobile, content and SEO, accessibility). The score is generated through a combination of automated signal capture (page rendering, structured-data extraction, PageSpeed Insights, accessibility scanning) and human editorial review of the captured evidence.
The Fervor Grade is therefore not based solely on automated processing — a person at Fervor reviews the captured signals before a score is finalized for publication. Even so, we describe the methodology here in the interest of transparency, and we extend the following commitments to every business whose website receives a Fervor Grade:
- Right to know the methodology. The full Fervor Grade Framework is published on our website. You can see exactly how each category is weighted and what evidence drives the score.
- Right to human review of the score. If you disagree with a published Fervor Grade for your business, email nenyi@fervorstudio.ca with the specific category and the evidence you would like reviewed. A person at Fervor will re-examine the captured evidence against the framework and either re-score (where the methodology was applied incorrectly), update the published page (where the live site has since changed), or explain why the original score stands (where the methodology was applied correctly).
- Right to no-questions-asked removal from the public Index. See the Brand Correction Requests and the Contractor CRO Index Research Methodology sections of our Terms of Service for the opt-out process.
This commitment satisfies the disclosure requirements of GDPR Article 22, Quebec Law 25 Section 12.1, and analogous provisions of CCPA/CPRA on automated decision-making.
Data Retention
We retain personal information only as long as needed for the purposes described above. The retention periods for each data category are:
After these periods, data is deleted or anonymized. Anonymized aggregate data used for industry reports may be retained indefinitely as it cannot identify individuals.
Breach Notification Protocol
If we discover a breach of security safeguards that affects personal information we hold, we will respond on the following timeline:
- Within 24 hours of discovery — internal incident response begins; the scope of the breach is assessed against PIPEDA's "real risk of significant harm" (RROSH) test, which considers bodily harm, humiliation, damage to reputation or relationships, loss of employment, financial loss, identity theft, negative effects on credit, and damage to or loss of property.
- Within 72 hours of discovery — if the breach affects personal information of EU, EEA, or UK residents and creates a risk to their rights and freedoms, we notify the relevant supervisory authority in accordance with GDPR Article 33. The notification includes the nature of the breach, the categories and approximate numbers of data subjects and records affected, the likely consequences, and remedial actions.
- As soon as feasible after RROSH determination — if the breach creates a real risk of significant harm under PIPEDA, we notify the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner of Alberta where applicable, and the affected individuals directly. We notify third parties where doing so would help reduce the risk or mitigate the harm.
- Record-keeping — we keep a record of every breach of security safeguards, whether or not it crosses the RROSH threshold, for a minimum of 24 months in accordance with PIPEDA's mandatory breach-record retention rule.
Security
We use reasonable technical and organizational measures to protect your information, including HTTPS encryption across the entire site, secure hosting through Cloudflare Workers, access controls on our database, and rate limiting on form submissions.
Children's Privacy
Our website and services are directed at businesses and business professionals. We do not knowingly collect personal information from anyone under the age of 18 for our own marketing and sales purposes. Within that general policy, we apply the following jurisdiction-specific thresholds where stricter:
- United States (COPPA): We do not knowingly collect personal information from anyone under 13.
- Quebec (Law 25): We apply heightened protection to any information about a person under 14 in line with Quebec's enhanced minors-protection provisions.
- European Union and United Kingdom (GDPR Article 8): Where consent is our legal basis for processing and the data subject is under 16, we require parental or guardian consent.
If you believe we have inadvertently collected information from a minor under any of these thresholds, please contact us so we can promptly delete it.
Client Services Data Processing
When Fervor delivers paid services to a client (a "controller" under GDPR terminology — typically a contractor company), we may handle limited personal information about that client's own end-customers in the course of the work. Examples include lead data submitted through forms we build, contact lists supplied for email setup, or analytics data we are tasked to interpret. In those engagements, Fervor acts as a "processor" (or "service provider" under CCPA) on the client's behalf.
A standard Data Processing Agreement governing those engagements is available at /dpa/ and is incorporated into client work orders on request. The DPA is based on the mandatory elements of GDPR Article 28 and the equivalent provisions of PIPEDA and Quebec Law 25.
Changes to This Policy
We may update this policy from time to time. Significant changes will be posted on this page with an updated date. Continued use of our website after changes constitutes acceptance of the updated policy.
Contact
Questions about this policy or your personal information? Email Nenyi Keborku, our designated person in charge of the protection of personal information, at nenyi@fervorstudio.ca.