Privacy Policy

This Privacy Policy describes how we collect, use, and protect your personal information. We are committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64).

1. Who We Are

We are a software-as-a-service company incorporated in Canada. References to "we", "us", or "our" in this policy refer to the company operating this service. You can reach us at the contact address listed at the end of this document.

2. What Information We Collect

We collect only the information necessary to provide and operate the service.

Information you provide directly:

• Account credentials (username and hashed password — we never store your password in plain text)
• Any profile or contact information you choose to add

Information collected automatically:

• Authentication events (login timestamps, token issuance) for security purposes
• Basic server logs (IP address, request path, timestamp) retained for a maximum of 90 days

Information from third parties:

• If you authenticate via an OAuth provider (e.g. GitHub, Google), we receive the information that provider shares with us under their own privacy policy — typically a stable user identifier and, optionally, an email address. We do not receive your password from those providers.
• We do not collect payment information directly. If the service involves payments, they are handled by a third-party processor subject to their own privacy policy.

3. Why We Collect It (Purposes)

• Creating and managing your account — Performance of contract
• Authenticating your identity on each session — Performance of contract
• Security monitoring and fraud prevention — Legitimate interest
• Complying with legal obligations — Legal obligation
• Improving the service (aggregated, non-identifying analytics only) — Legitimate interest

We do not use your personal information for advertising, and we do not sell or rent your data to third parties.

4. How We Store and Protect Your Information

Your data is stored on servers located in Canada or the United States. Where data is transferred outside Canada, we ensure equivalent protections are in place.

We protect your information using:

• Encrypted connections (TLS) for all data in transit
• Hashed and salted password storage (we cannot recover your password)
• Access controls limiting who within our team can access personal data
• Short-lived session tokens with rotation on each use

No security system is perfect. In the event of a breach that poses a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.

5. How Long We Keep It

We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or necessary to resolve outstanding disputes.

Server logs are retained for a maximum of 90 days and then purged.

6. Sharing Your Information

We do not sell your personal information. We share it only in the following limited circumstances:

• Service providers: We may share data with sub-processors (e.g. cloud hosting providers) strictly for the purpose of operating the service, under contractual obligations requiring equivalent privacy protections.
• Legal requirements: We will disclose information if required by a valid court order, warrant, or applicable Canadian law.
• Business transfers: In the event of a merger or acquisition, your information may be transferred to a successor entity, subject to the same protections described in this policy. We will notify you before any such transfer.

7. Cookies and Tracking

We use only essential cookies required to operate the service (session management and authentication). We do not use advertising cookies or third-party tracking scripts.

8. Your Rights

Under PIPEDA and applicable provincial law, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Withdraw consent for non-essential processing
• Request deletion of your account and associated personal data
• File a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca if you believe your privacy rights have been violated

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

9. Children's Privacy

This service is not directed at persons under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We will notify you of material changes to this policy by updating the version in the application and providing at least 14 days' notice before the changes take effect. Your continued use of the service after that date constitutes acceptance of the revised policy.

11. Contact