Privacy Policy

1.1 Information You Provide

• Account Owner Information: Name, email address, company name, company address, password, billing information, and department(s)
• User Information: For Delegated Administrators and Standard Users added to your account: name, email, password, job title, and access level permissions
• Customer Data: Content, files, reports, photos, documents, vehicle records, and other data you create or upload through the Services
• Communications: Support requests, feedback, and survey responses

1.2 Automatically Collected Information

• Usage Data: IP address, browser type, device information, operating system, pages viewed, features used, and time spent
• Location Data: General location from IP address (city/country level) and precise location when using location-based features with your permission
• Log Data: Access times, error logs, and system events
• Cookies: We use strictly necessary cookies required for authentication and service functionality (see Section 6.5 for details)

1.3 Information from Third Parties

• Payment Processors: Your payment card details are collected and stored directly by Stripe, our payment processor. FieldPad receives only payment confirmation, card brand, last four digits, and expiration date for display purposes. We do not store your full card number.

Account Owner Responsibility

The Account Owner is the data controller and bears ultimate legal responsibility for all personal information collected through FieldPad, including data collected by Delegated Administrators and Standard Users. All actions performed by any user under an account are the legal responsibility of the Account Owner.

As the Account Owner, you are responsible for:

• Obtaining appropriate consent from all users and third parties before collecting their personal information
• Complying with applicable privacy laws (including PIPEDA) for all data collected through the Services
• Informing all users and third parties about what data you collect and how you use it
• Ensuring all users under your account comply with applicable privacy laws
• Ensuring you have lawful authority to collect and process all data entered into the system

Our Role as Data Processor

FieldPad Inc. acts as a data processor, storing and processing Customer Data on behalf of the Account Owner according to their instructions and our Terms of Service.

Our Commitment

We process Customer Data solely to provide Services to the Account Owner and will not use it for any other purpose without explicit consent. We do not use your Customer Data to train machine learning models.

Legal Basis: We process information based on your consent, legitimate business purposes, and legal requirements under PIPEDA.

We use your information to:

• Provide, maintain, and improve our Services
• Process transactions and send related notifications
• Send administrative messages, updates, and service notifications
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns and trends to improve features
• Detect, prevent, and address technical issues, fraud, and security threats
• Comply with legal obligations and enforce our Terms of Service
• Send service updates and marketing communications (you may opt out at any time)

We do not sell your personal information. We share information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our Services, including AWS (hosting), payment processors, analytics providers, support platforms, and email services
• Legal Requirements: When required by law, regulation, court order, or governmental request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others
• With Your Consent: For any other purpose you explicitly approve

All service providers are contractually obligated to protect your data and process it only as instructed.

5.1 Data Location

Your data is stored in Canada on AWS infrastructure in the Montreal region. Application servers, databases, and file storage are hosted within AWS Canada (Montreal), ensuring compliance with Canadian data residency requirements.

While we prioritize Canadian data storage, some service providers (payment processors, analytics, support tools) may process data in other jurisdictions.

5.2 Encryption

Data in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS protocols.

Data at Rest: All stored data is encrypted using industry-standard encryption on AWS infrastructure.

5.3 Data Isolation

We implement complete data segregation between organizations. Your data is isolated at the database level with tenant-scoped queries enforced on every operation, ensuring no cross-contamination between customer accounts.

5.4 Authentication and Session Security

We use encrypted, secure authentication cookies with industry-standard protections against unauthorized access and automatic expiration.

5.5 Cookies

We use only strictly necessary cookies required for authentication and security. We do not use cookies for advertising, analytics, tracking, or personalization purposes. Because these cookies are essential, disabling them will prevent you from using the Services. You can delete cookies through your browser settings, which will log you out of your account.

5.6 Backup and Recovery

Your data is protected with encrypted backups and recovery capabilities. We maintain automated backup schedules and secure retention policies to protect against data loss.

5.7 Security Limitations and User Responsibility

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Responsibility: You are responsible for maintaining the confidentiality of your account credentials (including those of all Delegated Administrators and Standard Users under your account) and for all activities that occur under your account. The Account Owner must ensure all users follow security best practices.

We retain your information for as long as your account is active and for a reasonable period after closure to fulfill the purposes outlined in this Privacy Policy and to comply with legal and regulatory obligations.

When you delete your account or terminate your subscription, we will delete or anonymize your personal information in accordance with our data retention policies, except where we are required to retain it for legal, regulatory, or business purposes.

Backup retention follows our secure retention policies to ensure data recovery capabilities while maintaining appropriate data lifecycle management.

Under PIPEDA, you have the right to request access to your personal information held by FieldPad, to request correction of any inaccurate or incomplete personal information, and to withdraw your consent to the collection, use, or disclosure of your personal information. You also have the right to challenge our compliance with PIPEDA.

These rights apply to your personal information, not to Customer Data you create or upload through the Services. Access to Customer Data is governed by our Terms of Service.

To exercise your privacy rights, contact us at privacy@fieldpad.app. We will respond within 30 days. You may opt out of marketing communications at any time by using the unsubscribe link in our emails or updating your account settings.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

International Access

Our Services are provided from Canada. If you access our Services from outside Canada, your information will be processed and stored in Canada under Canadian law, or where applicable, under the governing law of the respective third-party services we use.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. We will also update the "Last Updated" date at the top of this page. Your continued use of the Services after such changes constitutes acceptance of the updated Privacy Policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

FieldPad Inc.
Email: privacy@fieldpad.app