§1Who We Are

Purple Wins™ is the operating brand of JTS Inc., a woman-owned Canadian company focused on execution risk governance. We operate purplewins.io, develop NAVETRA™ and provide related consulting, recruiting and event services.

This Policy applies when you:

• Visit purplewins.io and any related pages or subdomains
• Interact with NAVETRA™ Risk Scans or diagnostics accessible via links on our site
• Use our consulting, recruiting or event services
• Engage with us via email, contact forms, social media or events

If you do not agree with this Policy, please do not use our site or provide personal information.

§2Scope & Relationship With Other Terms

This Policy covers personal information we handle when we operate purplewins.io, manage NAVETRA™ scans and tools, deliver consulting and recruiting engagements, and run events, webinars, roundtables and related programs.

It sits alongside, and does not override, any service agreements, NDAs, data processing addenda or statements of work we sign with clients. Where those documents conflict with this Policy, the signed documents will govern the specific engagement.

If you are located in Québec, additional requirements may apply to certain processing activities (including transparency for automated processing). We will address Québec-specific obligations in applicable engagement documents where relevant.

§3Our Role (Website vs Client Deployments)

In some contexts we decide how and why personal information is processed and act as the controller of that information. In other contexts, particularly where NAVETRA™ or assessments are deployed for a client organization, the client controls the purpose and means of processing, and we act as a service provider under contract.

Where a client organization sponsors a deployment, participants should generally direct privacy requests to the client sponsor, unless we have instructed otherwise.

§4Information We Collect

4.1 Information you provide directly

You may choose to provide personal information, for example when you:

• Fill out contact forms (name, job title, company, email, phone, message content)
• Book or inquire about consulting, recruiting or NAVETRA™ deployments (role, location, experience, organizational context, goals)
• Participate in a NAVETRA™ Risk Scan, Lens session or diagnostic (structured responses and/or free-text inputs)
• Purchase a Risk Scan or other offerings through our online store (name, contact details, billing information and order history)
• Register for events, roundtables or newsletters
• Comment on our blog or respond to communications
• Communicate with us via email, LinkedIn, other social platforms or at events

Depending on context, this may include business contact details, role information and professional background, and any other information you choose to share.

We generally do not intend to collect sensitive personal information (such as health data, political opinions or union membership) through the website. If consulting or recruiting conversations touch on more personal topics, we treat that information with additional care and limit sharing to what is necessary to support you.

4.2 Information collected automatically

When you visit our site, we and our providers automatically collect device and browser information (type, version, operating system, language), IP address and approximate location, pages visited, clicks, time on page, referrers, navigation paths, and cookie identifiers. We use cookies and similar technologies for functionality, security, analytics, and customization, as described in §8 and reflected in our cookie banner.

4.3 Information from third parties

We sometimes receive information about you from sources outside our direct interaction with you. These include payment processors, scheduling tools, and form platforms you choose to use; sales engagement and CRM tools used to manage business communications; social media platforms (such as LinkedIn) when you interact with our content; innovation partners, associations, or co-hosts that invite you to a NAVETRA-related event; and public sources such as company websites, conference programs, and professional profiles. Information received from these sources is used only in line with this Policy and applicable law.

§5How We Use Your Information

We use personal information for the following purposes:

1. To provide and improve our services
   • Responding to inquiries and contact requests
   • Running NAVETRA™ Risk Scans, Lens sessions and diagnostics
   • Delivering consulting and recruiting engagements
   • Providing event access, reminders and follow-up materials
   • Providing subscription access and administering purchases (where applicable)
2. To operate and improve NAVETRA™ and related tools
   • Analysing aggregated and/or de-identified engagement data to refine ranges, archetypes and content
   • Monitoring performance, stability and security of our tools
3. To communicate with you. We send confirmations, administrative notices, and updates; share insights, resources, event invitations, and newsletters where permitted; and ask for feedback to improve our offerings.

   Marketing communications are sent in accordance with applicable anti-spam laws, including Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23, relying on express or implied consent as defined in Section 10. You can unsubscribe at any time using the link in our emails. Non-marketing messages needed to provide services, administer accounts, or respond to your requests may continue regardless of marketing preferences.

4. For analytics, research and business operations
   • Understanding how visitors use our site and content
   • Evaluating the effectiveness of programs and campaigns
   • Planning strategy, budgeting and growth
5. For security, compliance and legal purposes
   • Protecting our systems and intellectual property
   • Detecting, investigating and preventing fraud or misuse
   • Complying with legal obligations and responding to lawful requests
   • Establishing, exercising or defending legal claims

We combine information from different sources where doing so is consistent with the purposes above and applicable law.

§6Automated Analysis (NAVETRA™ Outputs)

NAVETRA™ uses structured responses and engagement signals to generate insight outputs. These outputs — themes, ranges, risk bands, and archetypes — are designed to support organizational decisions and conversations, not to substitute for human judgment.

We do not use NAVETRA™ to make solely automated decisions that produce legal or similarly significant effects about an individual. If you believe personal information used in a diagnostic is inaccurate, you can request access or correction as described in §15.

§6ANAVETRA™ Lens & AI-Assisted Features

Some features, including NAVETRA™ Lens, use AI-assisted processing to help structure your question, identify likely execution-risk patterns, and suggest practical next steps. These outputs are designed for decision support and are reviewed by humans where decisions of consequence are involved.

The current version of NAVETRA™ Lens does not support file uploads. Please avoid entering employee-by-employee data, health data, or other sensitive personal information in free-text prompts unless we have agreed otherwise in writing. We rely on third-party technology providers for hosting, analytics, and model infrastructure under contractual safeguards. We do not use these features to make decisions that produce legal or similarly significant effects about an individual without appropriate human review.

For enterprise deployments, data-processing terms, including retention, access controls, and additional safeguards, are set out in the applicable contract or data-processing addendum.

§7Legal Bases for Processing (Where Applicable)

Where data-protection law in your jurisdiction requires a legal basis for processing — for example, Article 6 of the UK GDPR or the EU GDPR (Regulation (EU) 2016/679) — we rely on the following grounds, depending on context.

• Contract. Processing necessary to perform a contract with you or your organisation, or to take steps at your request before entering into a contract.
• Legitimate interests. Reasonable business purposes that are not overridden by your rights and interests — for example, improving services, securing systems, or communicating with business contacts.
• Consent. For certain marketing communications, the use of non-essential cookies, and some event or diagnostic activities. You can withdraw consent at any time.
• Legal obligation. Where we must process information to comply with applicable law.

§8Cookies & Similar Technologies

We use cookies and similar technologies to:

• Keep the site functioning (for example, navigation, forms and security)
• Understand aggregate usage and performance (analytics)
• Remember preferences and improve your experience
• Enable embedded media (for example, YouTube), where used

Some cookies are strictly necessary; others (like analytics, embedded media, and customization cookies) are optional and may be controlled via your browser settings and, where available, our cookie preference tools.

Where required, our cookie banner provides options to Accept all, Reject non-essential, and Manage cookies. Optional cookies should not run unless enabled through your choices.

You can usually configure your browser to block or delete cookies; doing so may affect some site functionality.

§9How We Share Information

We do not sell or rent your personal information. We share it only in the following circumstances.

1. Service providers and vendors. Website hosting, email, CRM, sales engagement, marketing, payment processing, scheduling, analytics, and security providers process information on our behalf under contracts that bind them to confidentiality and limit their use of the information to the services they perform for us.
2. Partners and co-hosts. Innovation agencies, associations, co-presenters, and sponsors of NAVETRA-related events or programs receive information only as needed to deliver the event or program (for example, registration management). If a partner wishes to market to you independently, they must rely on their own lawful basis and notices, or obtain your consent.
3. Professional advisors. Lawyers, accountants, and insurers receive information under confidentiality obligations.
4. Corporate transactions. In a potential or actual merger, acquisition, asset sale, financing, or similar transaction involving JTS Inc., information may be disclosed to counterparties and their advisors under appropriate safeguards.
5. Legal and safety. We disclose information when required by law or legal process, to protect our rights, privacy, safety, or property (or that of others), and to detect or respond to fraud, security, or technical issues.

We also share aggregated or de-identified information that does not identify any individual, such as general statistics about engagement with NAVETRA™ or our content.

§10Key Service Providers (Summary)

Depending on your interaction with us, we may use the following providers to support website operations, communications, sales workflows, payments, recordings, development workflows, and assessments:

• Squarespace (website hosting and site operations)
• Google (analytics and related tools, where enabled) and YouTube (embedded video playback, where used)
• Stripe (payment processing)
• Apollo.io (sales engagement and lead/contact management workflows, where used)
• GitHub (development collaboration workflows)
• Riverside.fm (podcast recording/production workflows when you participate as a guest)
• Harrison Assessments (assessment delivery when used as part of an engagement)

These providers may process information in other jurisdictions (including the United States). See §11.

§11International Transfers

We are based in Canada and use service providers and partners located in other countries, including the United States. Your information may therefore be transferred to, stored in, or accessed from countries with data-protection laws different from those where you live.

Where required by law, we put appropriate safeguards in place — for example, the European Commission's Standard Contractual Clauses (Decision 2021/914), additional measures informed by guidance issued after Schrems II (CJEU C-311/18), or comparable mechanisms recognised under PIPEDA's accountability principle. Where we rely on a service provider in a foreign jurisdiction, the provider may be subject to that jurisdiction's laws, including lawful access by law enforcement and national security authorities. We remain accountable for personal information transferred to providers acting on our behalf, and we use contractual and organisational measures to protect it.

§12Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, unless a longer or shorter period is required by law or agreed in writing. For example:

• Inquiries and business communications: typically retained for up to 24 months after last interaction.
• Client engagement records: retained for the duration of the engagement and a reasonable period after, subject to contract terms.
• Billing and tax records: retained as required by applicable law (often multiple years).

We may anonymize information so it no longer identifies you and use it for analytics, research and product improvement for longer periods.

§13Security

We use technical, organisational, and administrative measures intended to be reasonable in light of the sensitivity of the information we hold. These include role-based access controls, encryption and secure transfer methods where appropriate, the use of reputable hosting and security partners, and internal policies and training for the people who handle data on our behalf.

No system is perfectly secure, and no provider can guarantee that personal information will never be subject to unauthorized access. If you believe your interaction with us is no longer secure, contact us immediately at the address in §1.

§14Privacy Incidents

If we become aware of a confidentiality incident involving personal information, we take prompt steps to contain it, reduce risk, and prevent recurrence. Where notification is required (for example, under Section 10.1 of PIPEDA, which mandates notice of any breach of security safeguards posing a real risk of significant harm), we notify affected individuals and the Office of the Privacy Commissioner of Canada. We maintain an internal record of incidents as required by law.

§15Your Rights & Choices

Privacy rights vary by jurisdiction. Where applicable law gives them to you, you can request access to the personal information we hold about you, ask us to correct inaccurate or incomplete information, ask us to delete certain information (subject to legal and contractual limits), object to or restrict certain processing, withdraw consent where we rely on it, and receive your information in a portable format. You can also opt out of marketing emails using the unsubscribe link, and adjust your browser to manage cookies.

To exercise any of these rights, contact our Privacy Officer using the details in §1. We respond to access and correction requests within the timelines set by applicable law, including Section 8(3) of the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and the equivalent provisions of Quebec's Act respecting the protection of personal information in the private sector (commonly referred to as Law 25). We may need to verify your identity before completing your request and may be unable to fully comply where legal or contractual obligations require continued processing of certain information.

You also have the right to lodge a complaint with the privacy regulator in your jurisdiction. In Canada, this is the Office of the Privacy Commissioner of Canada; in Quebec, the Commission d'accès à l'information.

§16Children’s Privacy

Our website, NAVETRA™, and our consulting and recruiting services are designed for adult professionals and organizations. They are not directed at children, and we do not knowingly collect personal information from children under the age of 16, or under a higher age where local law requires it.

If you are a parent or guardian and you believe your child has provided us with personal information, please contact us. We will take prompt steps to remove it.

§17Third-Party Sites & Resources

Our site and resources contain links to third-party websites, tools, and content, including assessment platforms, video hosts, and event tools. We are not responsible for the privacy practices or content of those third parties; their use of your information is governed by their own privacy policies and terms. We encourage you to review those policies before interacting with them.

§18No Waiver; Errors & Omissions

We try to keep this Privacy Policy accurate and up to date. However, it may occasionally contain typographical errors, formatting issues, or inadvertent omissions.

This Policy is provided for transparency and does not create contractual rights beyond what is required by applicable law or any written agreement we sign with you or your organisation.

To the extent permitted by law, we are not responsible for any loss arising solely from minor or inadvertent errors in the presentation of this Policy. Nothing in this section limits any rights you may have under applicable privacy laws, or limits any liability that cannot be excluded under law.

§19Changes to This Policy

We update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. When we do, we revise the “Last updated” date at the top of this page. For material changes, we provide additional notice where appropriate — for example, a prominent notice on the site or direct email to key contacts.

§20How to Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us by:

• Using the contact form on purplewins.io, or
• Contacting our Privacy Officer using the details listed in §1.

We will do our best to respond promptly and address your questions.

§21No Investment Advice or Securities Research

NAVETRA™, the Execution Risk Index, the NAVETRA™ Risk Scan, NAVETRA™ Lens, NAVETRA™ Agent, and any related briefs, reports, scores, rankings, or analyses (together, “NAVETRA Materials”) are decision-support tools for organizational governance.

NAVETRA Materials are not investment advice, financial advice, or securities research. They are not recommendations to buy, sell, or hold any security or financial instrument. They are not audited financial statements, accounting opinions, legal advice, tax advice, actuarial analyses, or insurance-underwriting determinations. Readers considering investment, insurance underwriting, M&A, or similar financial decisions should consult their own qualified advisors.

References to publicly listed companies in NAVETRA Materials are derived from those companies' own public regulatory disclosures, including SEC EDGAR 10-K filings and SEDAR+ continuous disclosure. They reflect NAVETRA's framework applied to those public disclosures. Any score, ranking, range, or directional indication is a synthesis of public information, not a financial projection or rating.

Purple Wins™ is not registered as an investment adviser, broker-dealer, rating agency, or research provider in any jurisdiction.

§22Decision-Support Estimates, Not Precision Numbers

Numbers, dollar figures, percentages, ranges, bands, archetypes, and rankings produced by NAVETRA™ are decision-support estimates derived from a structured framework applied to a finite corpus. They are intended to support governance conversations and prioritization, not to substitute for audited measurement.

NAVETRA’s framework, calibration, and benchmark range are continuously refined as the underlying corpus grows; outputs reflect the current state of methodology and may evolve. Any specific figure should be read in context, alongside the qualitative framing in which it appears.

Forward-looking or directional statements (such as “Operating Profit at Risk,” “exposure,” “peer-researched range,” or “cluster at the top of the scored range”) reflect Purple Wins’s analytical view at the time of writing and are not guarantees, warranties, or commitments.

§23Proprietary Methodology & Trade Secrets

The NAVETRA™ framework, the ten-domain architecture, the Operating Profit at Risk (OPaR) calculation logic, the calibration parameters, the lever library, the Index scoring methodology, the cycle-over-cycle delta mechanic, and all underlying models, code, and analytical outputs are proprietary trade secrets of JTS Inc., protected under applicable trade secret, copyright, and unfair competition laws.

Public-facing materials — including this website, the Execution Risk Index, brochures, press content, and engagement summaries — describe outcomes and outputs; they do not disclose underlying methodology, calibration data, or proprietary parameters.

Patent-pending. Reverse engineering, decompilation, or attempts to extract proprietary methodology from public outputs are prohibited and will be enforced.

§24Trademarks & Third-Party References

NAVETRA™ and Purple Wins™ are trademarks of JTS Inc.

References in NAVETRA Materials to public companies, regulatory authorities (such as the U.S. Securities and Exchange Commission and EDGAR, the Canadian Securities Administrators and SEDAR+), industry associations, vendors, partners, or other third parties are descriptive and nominative only. They do not imply affiliation, partnership, sponsorship, endorsement, certification, or any commercial relationship between Purple Wins™ and the named party.

All third-party trademarks, service marks, and trade names are the property of their respective owners. Nothing on this site or in NAVETRA Materials grants any license to use any third-party mark.

§25Confidentiality of Briefs, Decks & Draft Materials

Briefs, decks, draft analyses, internal reports, working papers, scan outputs, and similar materials shared by Purple Wins™ or NAVETRA™ outside the public website are confidential pre-decisional drafts. They are intended for the named recipient's internal review only, unless the materials are explicitly marked otherwise or a separate written agreement specifies different terms.

Recipients are asked to treat these materials as confidential, limit access to those with a legitimate need to review them, and refrain from forwarding, redistributing, publishing, or quoting from them externally without prior written consent. Recipients should not use them to make external statements about NAVETRA™, Purple Wins™, or any third parties named in them, without first confirming the version is current. Where a later version supersedes an earlier one, recipients are asked to rely on the later version and to treat the superseded version as no longer authoritative.

These expectations apply whether or not a separate non-disclosure agreement is in place. They survive the conclusion of any informal review, evaluation, or pilot period.

§26Version Control & Supersession

NAVETRA Materials evolve. Where Purple Wins™ provides a later version of a brief, deck, or analysis, the later version supersedes earlier versions for all purposes, including external reference, attribution, and citation, unless explicitly stated otherwise in writing.

If you are uncertain whether the version you hold is current, please contact Purple Wins™ before relying on or sharing it.

§27Public Regulatory Disclosures

NAVETRA™’s analytical model incorporates information derived from publicly available sources, including regulatory disclosures filed through:

• EDGAR, operated by the U.S. Securities and Exchange Commission
• SEDAR+, operated by the Canadian Securities Administrators

These systems are operated by the respective regulatory authorities. Purple Wins™ is not affiliated with, endorsed by, or sponsored by the SEC, the CSA, any member commission, or any other regulator. References to these systems are descriptive of public data sources only.

Any characterizations of named companies in NAVETRA Materials are derived solely from those companies’ own public regulatory disclosures, applied through NAVETRA™’s framework. Companies should be assumed to be the most authoritative source on their own disclosures.

§28The Execution Risk Index

The Execution Risk Index is a peer index compiled from public regulatory filings of listed companies. It applies NAVETRA™’s framework to those filings and places each company on a peer-researched range. The Index is provided for governance research and decision-support purposes; it is not a credit rating, investment rating, securities recommendation, or audit opinion.

Index entries reflect publicly disclosed information as of the date of compilation. Companies, sectors, methodology, and ranges may evolve. Index entries are not invitations to buy, sell, hold, lend to, insure, underwrite, or transact in any security or instrument related to the named company.

Companies wishing to discuss how their disclosures have been characterized in the Index may contact Purple Wins™ directly via the Contact page. We welcome correction of factual errors and will consider methodology questions in good faith.

§29No Warranties; Limitation of Liability

NAVETRA Materials are provided “as is.” To the fullest extent permitted by applicable law, Purple Wins™ and JTS Inc. disclaim all warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, accuracy, completeness, and non-infringement.

Use of NAVETRA Materials is at the user's own risk. To the fullest extent permitted by applicable law, neither Purple Wins™ nor JTS Inc. shall be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, or business opportunity, arising from or related to the use of, or reliance on, NAVETRA Materials, regardless of the legal theory on which the claim is based.

Nothing in this section limits liability that cannot be excluded under applicable law, or any rights a person may have under consumer-protection or similar legislation. Specific engagements are governed by signed agreements, which may set out different terms.

§30Errors, Updates & Contact

We aim to keep this page and NAVETRA Materials accurate. They may occasionally contain typographical errors, formatting issues, or inadvertent omissions. We update content from time to time without prior notice; the “Last updated” date at the top of this page reflects the most recent revision.

If you believe NAVETRA Materials contain a factual error, a misattribution, a misuse of a third-party mark, or an inappropriate characterization of any organization or individual, please contact Purple Wins™ via the Contact page. We respond to good-faith inquiries promptly and update materials where appropriate.

§31Governing Law

This page is governed by the laws of the Province of Ontario and the federal laws of Canada applicable in Ontario, without regard to conflict-of-law principles. Disputes will be brought before the Superior Court of Justice (Ontario), except where mandatory consumer-protection law in another jurisdiction requires otherwise.